Troubleshooting Tip: Not receiving SMS for 2FA from FortiGuard

1. Check SMS quota:

execute fortiguard-message info

Controller server status: registered
Expiry date: 20000101
SMS max allowed: 200
SMS used: 100

Last update: Wed Sep  2 07:07:54 2023
Current message server: 38.21.192.4:443
Message server status: Unknown

Run 'diag debug application forticldd -1' to check related error:

[3386] fds_check_request: Not enough SMS quota.

2. Check the message server status:

   
   execute fortiguard-message info

   Controller server status: registered
   Expiry date: 20000101
   SMS max allowed: 200
   SMS used: 100

   Last update: Wed Sep  2 07:07:54 2023
   Current message server: 38.21.192.4:443
   Message server status: Unknown

    

   dia debug res

   dia debug application forticldd -1

   dia debug en

    

   [255] fds_https_send: sent the entire request to server: 38.21.192.4:443

   [291] fds_https_recv: read 147 bytes: pos=147, buf_len=8192

   [313] fds_https_recv: received the header from server: 38.21.192.4:443, [HTTP/1.0 503 Service Unavailable

   Cache-Control: no-cache

   Connection: close

   Content-Type: text/html

   Content-Length: 22]

   [323] fds_https_recv: response code is 503: [HTTP/1.0 503 Service Unavailable

   Cache-Control: no-cache

If the message server status shows unknown, disable anycast and wait for 2-3 hours.

config sys fortiguard

    set fortiguard-anycast disable

end

If the server status still shows as unknown, assign a token to the user and send the activation code using the SMS method to trigger the status update.

Troubleshooting steps:

Sniffer:

WCF_FG100F # dia snif packet any "host <message-server-ip> and port 443" 4 0 l

Logs:

dia test application forticldd 4

dia test application forticldd 5

get system status

execute  fortiguard-message info

Debugs:

dia debug reset

dia debug application update -1

dia debug application forticldd -1

dia debug en

exe update-now