Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tehm
New Contributor

Created on ‎02-19-2024 04:26 AM Edited on ‎02-19-2024 04:27 AM

Fortigate VM 7.4.3 stuck at Validating License to FortiGuard

Skærmbillede 2024-02-19 131155.png

 

I have been trying differend things

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Failure-on-update-or-contact-FortiGu...

 

I can ping all necessary addresses

 

This is the debug:

 


# ssl_connect_fds[407]-Poll timeout
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[333]-Failed setup
upd_daemon[1974]-Disabling remaining actions 11
upd_vm_process[809]-last warning 161 seconds ago
upd_dns_change_notif[140]-Detected dns change from 8.8.8.8, 8.8.4.4, 0.0.0.0 to 96.45.45.45, 96.45.46.46, 0.0.0.0
upd_vm_process[809]-last warning 161 seconds ago
upd_ftgd_global_change_notif[224]-Detected anycast change
upd_vm_process[809]-last warning 161 seconds ago
upd_daemon[1808]-Received update request from pid=1905
upd_vm_process[809]-last warning 161 seconds ago
upd_daemon[1776]-Received setup request from pid=1907
upd_vm_process[809]-last warning 161 seconds ago
upd_daemon[1776]-Received setup request from pid=1907
upd_vm_process[809]-last warning 161 seconds ago
upd_vm_process[809]-last warning 166 seconds ago
upd_vm_process[809]-last warning 171 seconds ago
do_setup[329]-Starting SETUP
upd_fds_load_default_server[920]-Addr=[149.5.232.66], weight=205966649
upd_fds_load_default_server[939]-Resolve and add fds euupdate.fortiguard.net ip address OK.
upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 149.5.232.66:443
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[828] ssl_ctx_create_new: SSL CTX is created
[855] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'euupdate.fortiguard.net'...
[922] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[720] __ssl_info_callback: before SSL initialization
[720] __ssl_info_callback: SSLv3/TLS write client hello
[720] __ssl_info_callback: SSLv3/TLS write client hello
[720] __ssl_info_callback: SSLv3/TLS read server hello
[720] __ssl_info_callback: TLSv1.3 read encrypted extensions
ssl_connect_fds[407]-Poll timeout
[207] __ssl_data_ctx_free: Done
[1108] ssl_free: Done
[199] __ssl_cert_ctx_free: Done
[1118] ssl_ctx_free: Done
upd_comm_connect_fds[478]-Failed SSL connect
do_setup[333]-Failed setup
upd_daemon[1974]-Disabling remaining actions 11
upd_vm_process[809]-last warning 297 seconds ago
upd_daemon[1808]-Received update request from pid=1937
upd_vm_process[809]-last warning 297 seconds ago
upd_daemon[1808]-Received update request from pid=2059
upd_vm_process[809]-last warning 297 seconds ago
upd_daemon[1808]-Received update request from pid=2076
upd_vm_process[809]-last warning 297 seconds ago
upd_daemon[1808]-Received update request from pid=2075
upd_vm_process[809]-last warning 297 seconds ago
upd_vm_process[809]-last warning 302 seconds ago
upd_vm_process[809]-last warning 307 seconds ago
do_setup[329]-Starting SETUP
upd_fds_load_default_server6[1046]-Resolve and add fds euupdate.fortiguard.net ipv6 address failed.
upd_comm_connect_fds[459]-Trying FDS 149.5.232.66:443
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[116] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1
[497] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[517] ssl_ctx_use_builtin_store: Enable CRL checking.
[524] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[828] ssl_ctx_create_new: SSL CTX is created
[855] ssl_new: SSL object is created
[191] ssl_add_ftgd_hostname_check: Add hostname checking 'euupdate.fortiguard.net'...
[922] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[720] __ssl_info_callback: before SSL initialization
[720] __ssl_info_callback: SSLv3/TLS write client hello

 

 

Labels:
4851
0 Kudos
21 REPLIES 21
Rajneesh
Staff
Staff

Created on ‎02-19-2024 09:21 PM

Hello @tehm Try changing the update server location to EU or any and check with the below config once :

config system fortiguard

    set fortiguard-anycast disable

    set protocol udp

    set port 8888

    set sdns-server-ip 208.91.112.220

end

Thanks.

590
tehm
New Contributor
In response to Rajneesh

Created on ‎02-19-2024 10:46 PM

Hi,

This have already been tried, same result.

565
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.