Help
FortiToken
FortiToken Mobile is an application for iOS or Android that acts like a hardware token but utilizes hardware the majority of users possess, a mobile phone.
tpatel
Staff
Staff

Created on ‎09-26-2023 11:51 PM Edited on ‎08-21-2025 07:05 AM By Staff

Article Id 276107

Troubleshooting Tip: Hardtoken / SoftToken shown in pending status

Description This article describes how to resolve a situation when the Hardtoken / SoftToken is stuck in the pending status even if it has already been assigned to FortiGate.
Scope FortiGate.
Solution

The example error is seen in the debug when the connection is refused and the FortiToken goes into pending status:

 

Check if the FortiToken server is reachable:

 

   diagnose fortitoken info

 

FORTITOKEN            DRIFT   STATUS

FTKMOBxxxxxxxxxx     0      new

FTKMOBxxxxxxxxxx     0      new

Total activated token: 0

Total global activated token: 0

Token server status: reachable

 

If it is reachable, check the debugs for detailed issues as shown below. If it is not reachable, follow the link at the bottom for 'FortiToken server not reachable'.

 

Turn on activation debugging by executing the commands below:

 

diagnose debug application  forticldd 255

diagnose debug enable

 

·       [275] fds_svr_default_on_error: fds-update: req-id=1, num_try=1, read=0, reason=3

·       [2993] tsk_send_image_list: num=76

·       [465] fds_send_reply: Sending 5176 bytes data.

·       [489] fds_send_reply: send reply failed: req-1, Connection refused

·       [421] fds_free_tsk: cmd=1; req.noreply=1

·       [421] fds_free_tsk: cmd=1; req.noreply=0

 

If the same error happens, try to change the FortiGuard port from 443 to port 53 using UDP protocol.

 

Change the FortiGuard setting shown below:

 

config system fortiguard

    set fortiguard-anycast disable

    set protocol udp 

    set port 53

end

 

Select the refresh button on the FortiToken GUI webpage and check the status.

 

Note: While installing FortiToken in the mobile application, avoid errors when copying and pasting or manually typing the invitation code.

If there is any mistake in copy-pasting or manually typing the invitation code, it will lead the FortiToken to go into the pending status.


It is recommended to use the QR code sent to email to complete the installation process. 

 

If the SoftToken/Mobile Token is in the pending status after attempting the steps above and the issue persists, try importing the FortiToken again from the server:

 

execute fortitoken-mobile import 0000-0000-0000-0000-0000

 

Refresh the FortiToken page and check the status. If the issue persists, try deleting the FortiToken and importing it again with the command above, then refresh the page. The status should be 'available'.

 

Related articles:
4903
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.