|
The example error is seen in the debug when the connection is refused and the token goes into pending status:
Check if the FortiToken server is reachable:
diag fortitoken info
FORTITOKEN DRIFT STATUS
FTKMOBxxxxxxxxxx 0 new
FTKMOBxxxxxxxxxx 0 new
Total activated token: 0
Total global activated token: 0
Token server status: reachable
If it is reachable, check the debugs for detail issues as shown below. If it is not reachable, follow the link at the bottom for 'FortiToken server not reachable'.
Turn on activation debugging by executing the commands below:
di de application forticldd 255
di de enable
· [275] fds_svr_default_on_error: fds-update: req-id=1, num_try=1, read=0, reason=3
· [2993] tsk_send_image_list: num=76
· [465] fds_send_reply: Sending 5176 bytes data.
· [489] fds_send_reply: send reply failed: req-1, Connection refused
· [421] fds_free_tsk: cmd=1; req.noreply=1
· [421] fds_free_tsk: cmd=1; req.noreply=0
If the same error happens, try to change the FortiGuard port from 443 to port 53 using UDP protocol.
Change the FortiGuard setting shown below:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 53
end
Select the refresh button on the FortiToken GUI webpage and check the status.
If the SoftToken/Mobile token is in the pending status after attempting the steps above and the issue persists, try importing the FortiToken again from the server:
exec fortitoken-mobile import 0000-0000-0000-0000-0000
Refresh the FortiToken page and check the status. If the issue still persists, try deleting the FortiToken and importing it again with the command above, then refresh the page. The status should be 'available'.
Related articles:
|
