Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Niv_E
New Contributor II

Created on ‎01-22-2023 08:26 AM

Error Activating Evaluation Fortigate VM license 7.2.3

Hello, while trying to activate my fortigate VM license 7.2.3 that is running on Vmware I get the following Error:

Niv_E_0-1674404659444.png

However when trying to execute a ping to Forticare domain I get a response.

 

Thank you for the help !

Labels:
2888
9 REPLIES 9
abarushka
Staff
Staff

Created on ‎01-23-2023 12:15 AM

Hello,

 

You may consider to run the commands below and check the error message.

 

diagnose debug application update -1

diagnose debug enable

execute update-now

FortiGate
2833
Niv_E
New Contributor II
In response to abarushka

Created on ‎01-26-2023 02:24 PM

Im getting the following logs:

 

 

Do you want to continue? (y/n)y

Requesting FortiCare Trial license, proxy:(null)
ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_vm_cfg_set_status[279]-Saved status code 502
do_setup[348]-Failed setup
upd_sched_time_to_update[268]-Config changed, next_upd_time=Thu Jan 26 23:16:30 2023

upd_daemon[1844]-Received update request from pid=7060
upd_daemon[1844]-Received update request from pid=7037
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...

ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
upd_comm_connect_fds[459]-Trying FDS 208.184.237.66:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
curl forticare failed, 28

ssl_connect_fds[407]-Poll timeout
[205] __ssl_data_ctx_free: Done
[1057] ssl_free: Done
[197] __ssl_cert_ctx_free: Done
[1067] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[348]-Failed setup
upd_daemon[2075]-Disabling remaining actions 11
do_setup[344]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds usupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 12.34.97.16:443
[114] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[482] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[488] ssl_ctx_use_builtin_store: Enable CRL checking.
[495] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[766] ssl_ctx_create_new_ex: SSL CTX is created
[793] ssl_new: SSL object is created
[184] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortiguard.net'...
curl forticare failed, 28
Failed to request forticare license 28.
Failed to download VM license.

 

2789
0 Kudos
abarushka
Staff
Staff
In response to Niv_E

Created on ‎01-26-2023 03:18 PM

Hello,

 

DNS entry was successfully resolved, however TLS session failed to establish. I would recommend to sniff traffic on ESXi host:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-sniff-traffic-on-hypervisor-ESXi-us...

FortiGate
2784
Niv_E
New Contributor II
In response to abarushka

Created on ‎01-27-2023 07:48 AM Edited on ‎01-27-2023 07:48 AM

After sniffing the traffic and filtering to TLS it seems like Server sends a certificate request and the handshake fails from there, 

Niv_E_0-1674834452217.png

10.100.102.192 is the VM

 

Is there a possible fix for it?

2774
0 Kudos
abarushka
Staff
Staff
In response to Niv_E

Created on ‎02-05-2023 01:49 AM

Hello,

 

Is there by any chance upstream firewall which performs deep inspection?

FortiGate
2719
Niv_E
New Contributor II
In response to abarushka

Created on ‎02-05-2023 03:31 AM

No,

This is the first time setting up the machine

2712
0 Kudos
abarushka
Staff
Staff

Created on ‎02-05-2023 09:10 AM

Hello,

 

I was referring whether there is a firewall between the VM and Internet. In case there is firewall between VM and Internet which performs deep inspection TLS session won't be established.

FortiGate
2708
wrabelo
New Contributor
In response to abarushka

Created on ‎02-23-2023 03:01 PM

i have the same issue   i could not fix i opened ticket with the fortigate

 

2569
0 Kudos
lqiqi
Staff
Staff
In response to wrabelo

Created on ‎07-31-2024 02:49 AM

May I ask if your issue has been resolved? How to solve it, please let me know

Starlight is full and original intention is unchanged.
771
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.