Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kscurloc
New Contributor II

Created on ‎06-28-2022 12:02 PM

open map res file error

I recently started to receive the following errors when I run "diagnose debug config-error-log read" on my FortiGate 60F running 7.2.0.  The only thing we did recently is add a REST API user.  However, even after a factory reset we get these.  

 

ffdb_app_map_process-2000: wrong word 5530
ffdb_app_map_process-2000: wrong word 43
ffdb_app_map_process-2000: wrong word 4303
ffdb_app_map_process-2000: wrong word 194
ffdb_app_map_process-2000: wrong word 47
ffdb_err_msg_print: ret=-10, Error: open map res file error

 

I've been doing a lot of searching and can't seem to figure it out.  Any ideas what they are and how to resolve it?

 

Thanks in advance!

Labels:
6291
1 Solution
Markus_M
Staff
Staff
In response to kscurloc

Created on ‎07-01-2022 02:46 AM Edited on ‎07-01-2022 02:47 AM

If the support expired, the exec update-now will not give you joy anymore, that might indeed be related. The DB updates are fortiguard services and tied to a support contract with that serial number.

 

So AV DB and others will be out of date.

There should be no issues on general networking, but the security profiles and ISDB, if used, may not work correctly.

View solution in original post

6243
0 Kudos
8 REPLIES 8
Markus_M
Staff
Staff

Created on ‎06-29-2022 05:20 AM

Hi kscurloc,

 

the command spits out if FFortiGate is unable to write some config section details somewhere. In this case I am not sure where to, but it sounds like an AVDB, ISDB, application DB or so. Try two things:

diag debug app update -1

diag debug console timestamp enable

diag debug enable

exec update-now

leave that running. There might be some details with your support contract and the DBs updated.

 

Next thing - see if there are processes crashing

diag debug crashlog read

Hope this gives more insight.

 

Best regards,

Markus

6273
kscurloc
New Contributor II

Created on ‎06-29-2022 06:36 AM

Thanks Markus!

 

So I did both things you suggested.  

 

The first I ran and let sit overnight.  Didn't see glaring errors.  Nor many references to AVDB or ISDB.  

 

The second just shows normal interfaces and daemons starting/stopping (because of reboots, I'm assuming).

 

I did another factory reset this morning, and the same messages appear.  

6271
0 Kudos
kscurloc
New Contributor II

Created on ‎06-29-2022 06:50 AM

Via the GUI, I just viewed the System Events and saw this:

 

(FortiGate database signature invalid)

 

2022-06-29_08-49-16.png

6271
0 Kudos
Markus_M
Staff
Staff
In response to kscurloc

Created on ‎06-29-2022 08:10 AM

"Another factory reset"? So you did them before?

The exec update-now should basically fix that (provided there is a support contract as data is pulled from FortiGuard).

6265
0 Kudos
kscurloc
New Contributor II
In response to Markus_M

Created on ‎06-30-2022 05:11 AM

I've done several factory resets, yes.  In fact I did another one just now.  Every time it comes back with these same messages.  I get the same system event log messages I included in my screen shot,  and when I run "diagnose debug config-error-log read" I get the ffdb messages.

 

This device is plugged into the network and receiving a routable IP to the internet via DHCP.  So it is connecting to sites like support.fortinet.com, etc.

 

I've also tried reflashing the firmware, which didn't help.

 

And for the record, it's not causing any issues (that I'm aware of).  It's just been happening the past few days and seemed suspicious.  

 

I have the device registered to FortiCare Support.  However, support actually expired last year at some point.  I wouldn't think that would cause this issue?

6259
0 Kudos
Markus_M
Staff
Staff
In response to kscurloc

Created on ‎07-01-2022 02:46 AM Edited on ‎07-01-2022 02:47 AM

If the support expired, the exec update-now will not give you joy anymore, that might indeed be related. The DB updates are fortiguard services and tied to a support contract with that serial number.

 

So AV DB and others will be out of date.

There should be no issues on general networking, but the security profiles and ISDB, if used, may not work correctly.

6244
0 Kudos
kscurloc
New Contributor II
In response to Markus_M

Created on ‎07-06-2022 06:30 AM

Thanks for the continued support Markus!

 

While I certainly understand the inability to update once support expires, that message is a little daunting...especially if this were in production.  Luckily mine is not.  But I understand the need to keep support updated.  Just wish that message were a little more clear and represented that fact.

6177
0 Kudos
Markus_M
Staff
Staff
In response to kscurloc

Created on ‎07-08-2022 08:19 AM

I agree; sometimes "developerish" might be not the easiest to read.

Your thread might however help others to find the same solution!

 

6157
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.