Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎03-02-2022 11:23 AM Edited on ‎07-26-2023 07:42 AM By Moderator

Article Id 205928

Troubleshooting Tip: Unable to add servers to the FortiNAC Manager

Description

This article describes troubleshooting steps to take when an issue prevents the user from adding a server to the Server List in the Control Manager (NCM), presenting the following error:

 

'Error adding the server. Server cannot be added to the list. Please confirm that:

The IP address is reachable.
The server is not already on the list.
The server is running the same version as this management server.
The credentials used to access this Admin UI are also in the database on the server.'
Scope Version: 8.x & 9.x.
Solution
  1. Verify the IP address is reachable from the Manager.
    Ensure ports TCP 22 (SSH) & 8443 (HTTPS) are not blocked between the manager and the servers.

 

Double-check that all necessary TCP ports are open between the manager and servers (22,80,1050,5555,8443).

 

Note: FortiNAC uses port 1050 for CORBA (Common Object Request Broker Architecture) Management, for accessing server objects, and for interprocess communication between FortiNAC subsystems and servers. When a requestor connects to this port, the appliance dynamically reassigns it to a port in the 30000-64000 range.
 
  1. Perform an SSH connectivity test:
    From the Manager CLI, enter:

     

    ssh root@<server ip address>

  2. Login using the root password.

  3. Once access is confirmed, enter:
    logout

  4. If the attempt appears to hang (not prompted for a password), type Ctrl-C.

     

  1. Verify the server is not already in the Server List in the Manager Dashboard.

     

     

  2. Verify the server is running the same version as the management server. This can be confirmed in the UI.

    Version 8.x: Help -> About.
    Version 9.x: Select the dropdown under the user icon in the upper right corner.

  3. Verify the credentials used to access this Admin UI are also in the database on the server.

    Login to the server by using the same credentials as the Manager.  

    If the server is missing the Admin user record, add it to the Server UI. For instructions see section Administrators of the 8.x version or 9.x version of the Administration Guide.

  4.  Versions F7.2.2, 9.4.3, 9.2.8, 9.1.10, and greater:

    • Ensure the allowedserialnumbers list is configured on all FortiNAC servers including Manager.  
    • Keys contain certificates.  Older appliances may need certificates imported.  See KB article 251200.

     

    If further troubleshooting is required:

  5. Reproduce behavior.

  6. Collect logs from the Manager and all affected FortiNAC servers. See KB article 190755 for instructions.

  7. Open a support ticket and provide the following information:

  • FortiNAC code version (x.x.x.x).
  • Description of behavior.
  • Any changes before behavior started.
  • Steps to reproduce the behavior.
  • Date and time of reproduction.
  • IP address and hostname of Manager and affected FortiNAC servers.
  • Log files.

 

948
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.