Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PTUSER
New Contributor

Created on ‎02-06-2024 07:03 AM

Unable to reactivate a mobile Fortitoken

Hello,

After disabling Two-Factor authentication for an user, the associated token became "Locked".

I executed the commands below, which were supposed to re-activate the token, but I got error -7500.

The unit has access to the address "directregistration.fortinet.com" (see ping below).

 

Attempting to access via Firefox to https://directregistration.fortinet.com:443 gives me a SEC_ERROR_UNKNOWN_ISSUER error, could this be the issue?

Is there a way to fix this?

 

diag fortitoken debug enable
diag debug enable
config user fortitoken
  edit FTKMOBXXXXXXXXXX
    set status active
end
execute fortitoken-mobile renew FTKMOBXXXXXXXXXX

ftm_cfg_deprovision_token[361]:deprovision token: FTKMOBXXXXXXXXXX
ftm_fc_cfg_set_fd_mgmt_vdom[47]:Using vfid=0 (mgmt:0 ha:1)
ftm_fc_comm_connect[269]:ftm SSL connect error: Success
ftm_fc_command[492]:forticare [directregistration.fortinet.com:443] unreachable
ftm_cfg_deprovision_token[370]:deprovision token:FTKMOBXXXXXXXXXX error -7500
renew softtoken FTKMOBXXXXXXXXXX error -7500

 

exec ping directregistration.fortinet.com
PING directregistration.fortinet.com (63.137.229.3): 56 data bytes
64 bytes from 63.137.229.3: icmp_seq=0 ttl=45 time=174.4 ms

 

Labels:
2061
0 Kudos
4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-06-2024 07:39 AM

When a token has become "locked" or in "Error" state, you need to delete the token once then reactivate the license that includes the token. It wouldn't affect to other active tokens.
I'm not sure about the error when you access it via HTTPS. But if you haven't put the username/password in yet, probably unrelated.

 

Toshi

2046
0 Kudos
PTUSER
New Contributor

Created on ‎02-06-2024 07:47 AM

Thanks for answering.

I tried the command below, but got the same error.

exec fortitoken-mobile import  xxxx-xxxx-xxxx-xxxx-xxxx

2043
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-06-2024 07:54 AM

again, once "locked" you need to delete it. You might need to disable 2FA at the user first to be able to delete the token.

config user local
   edit <user_name>
      set two-factor disable
   next
end

config user fortitoken

   delete <S/N>
end

Toshi

2039
0 Kudos
hbac
Staff
Staff

Created on ‎02-06-2024 08:24 AM

Hi @PTUSER,

 

Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-Fix-Licensed-Mobile-Token-with-Error-Lock...

 

Regards, 

2027
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.