Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jasonhong
Staff & Editor
Staff & Editor

Created on ‎09-18-2024 09:34 PM

Article Id 342349

Troubleshooting Tip: Unable to upgrade ADOM due to 'Fail (errno=-2):Distinguished name cannot be empty.' error

Description This article describes how to troubleshoot when the user is unable to upgrade ADOM due to the 'Fail (errno=-2):Distinguished name cannot be empty.' error.
Scope FortiManager.
Solution
  1. The user may come across the following error when attempting to upgrade FortiManager ADOM:

 

"Fail (errno=-2):Distinguished name cannot be empty."

 

  1. Users can run the following debug commands in FortiManager to obtain more details on the exact object that is causing the ADOM upgrade failure.

 

diagnose debug service cdb 255
diagnose debug service dvmdb 255
diagnose debug enable          <----- Upgrade ADOM until the task tails.

diagnose debug disable

diagnose debug reset

 

Below is a snippet from the debug output showing the LDAP server 'test' object causing the ADOM upgrade failure:

 

2024-01-21 12:33:03 copy user test LDAPS(soid=17008) to dparent=101, :fail.

 

  1. To correct the object error, ensure that the 'Server Name/IP' and 'Distinguished Name' fields are populated and save the changes.

 

ldapserip.png

 

  1. Subsequently, upgrade the ADOM again and verify if it is successful.
640
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.