| Description |
This article indicates that FortiManager allows the generation of API keys to be used by API users, but it failed. The error indicates that the remote side of a network connection has abruptly terminated the connection. This is typically signaled by the remote system sending a TCP Reset (RST) packet.
|
| Scope | FortiManager and FortiAnalyzer. |
| Solution |
Use the packet capture from FortiManager to check more details under System Settings -> Network -> Packet Capture. Test with two Client request API (Failed and Success).
Success pull:
In a successful API pull, the packet capture shows that the client properly completes the send flag when issuing the API request to FortiManager. The connection is established using TLS, and the request is transmitted and processed successfully. This confirms that the client and FortiManager are communicating using the expected secure protocol and that the full request lifecycle is completed without interruption.
Failed pull:
During a failed API pull, the client does not complete sending the flag when attempting to communicate with FortiManager. The packet capture reveals that FortiManager is configured to use the TLSv1.3 protocol for API communication, but the client attempts to communicate using plain TCP instead of completing a TLS handshake. As a result, FortiManager terminates the connection by sending a TCP reset, which causes the API request to fail.
The Client failed using TCP rather than TLSv1.3 and needs to change the protocol from TCP to TLSv1.3. If the Client is successful pulling but still getting an error, run the below debug to get more details:
diagnose debug application authentication 8 diagnose debug service rpc-auth 255 diagnose debug enable |
