Working on a lab firewall today to test some FortiToken stuff and when trying to associate one of the FortiToken Mobile trial tokens to a user I get this error:
Unable to provision mobile token FTKMOBxxxxxxxxxx with forticare
I contacted TAC and they state that you must have an active support contract in order to activate the two free FortiToken Mobile tokens. Posting this because I couldn't get any hits on the web about this error.
Enabled debugs:
diagnose debug enable diagnose fortitoken debug enable
And this is debug output I get when trying again:
ftm_cfg_provision_token[349]:provision token: FTKMOBxxxxxxxxxx ftm_fc_cfg_set_fd_mgmt_vdom[47]:Using vfid=0 (mgmt:0 ha:1) ftm_fc_comm_send_request[339]:send packet to forticare success.
POST /SoftToken/Provisioning.asmx/Process HTTP/1.1 Accept: application/json, text/javascript, */*, q=0.01 Content-Type: application/json;charset=utf-8 X-Requested-With: XMLHttpRequest Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 96.45.36.92:443 Content-Length: 346 Connection: Keep-Alive Cache-Control: no-cache
{ "d": { "__type": "SoftToken.ProvisionRequest", "__version": "3", "__device_version": "5.0", "__device_build": "0727", "serial_number": "FGT60xxxxxxxxxx", "__clustered_sns": [ ], "tokens": [ { "token": "FTKMOBxxxxxxxxxx", "seed": "xxxxxxxxxx", "code_expire": 4320, "type": "totp", "period": 60, "digits": 6 } ] } }
ftm_fc_comm_recv_response[495]:[style="background-color: #ffff00;"]Fortigate blocked by Forticare Server[/style] ftm_fc_command[509]:receive from forticare error [-7525] Unable to provision mobile token FTKMOBxxxxxxxxxx with forticare object set operator error, -7525 discard the setting Command fail. Return code 1
And this:
{"d":{"__type":"SoftToken.ProvisionResponse","tokens":[{"code_expire":4320,"token_activation_code":null,"qr_code":null,"error":{"error_code":31,"error_message":"[style="background-color: #ffff00;"]Token does not belong to the product[/style]"},"license":null,"token":"FTKMOBxxxxxxxxxx "}],"__version":"3","__device_version":"5.0","__device_build":"0727","serial_number":"FGT60xxxxxxxxxx","__clustered_sns":[],"result":0,"error":{"error_code":17,"error_message":"No valid tokens found"}}}
What I don't know yet is if the tokens stop working altogether after support expires. But seems like the free tokens are really free*.
* free for otherwise paying customers
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have the same problem. Opened ticket. We have valid contract, but cannot assign tokens.
firmware 5.2.11
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.