Description

This article describes how to fix errors in the Global database when running the command 'diag pm2 check-integrity global'. This error will cause failure to run the operational task on the policy package level, for example, clone a policy package or any Global ADOM issues.

FMG # diag pm2 check-integrity global
--- pragma integrity_check global db ---
pragma integrity_check fails: /var/pm2/global.db
>>> total: 2 failed: 1

Scope

FortiManager v7.0.11,v 7.2.5, v7.4.3 and above.

Solution

In the previous version, the Global database issue may need to be reset  device by the command below:

execute reset {adom-settings | all-except ip | all-settings | all-shutdown}

But in the later versions, specifically on v7.0.11, v7.2.5, and v7.4.3, it shows in detail which parts of the database are corrupted:

The command introduced to fix the corrupted database:

diag pm2 db-recover global

Note: 

Running this command will reboot the device.

After the device comes back online, proceed to run the 'diag pm2 check-integrity all' again to confirm it fixed the database. 

If the database is still not fixed, contact the TAC support and share the backup config.

Related articles:
Technical Tip: How to check FortiManager database integrity prior to upgrade 
Technical Tip: FortiManager hang after run CDB Check