Description | This article describes how to resolve a situation when the Hardtoken / SoftToken is stuck in the pending status even if it has already been assigned to FortiGate. |
Scope | FortiGate. |
Solution |
The example error is seen in the debug when the connection is refused and the token goes into pending status:
Check if the FortiToken server is reachable:
diag fortitoken info
FORTITOKEN DRIFT STATUS FTKMOBxxxxxxxxxx 0 new FTKMOBxxxxxxxxxx 0 new Total activated token: 0 Total global activated token: 0 Token server status: reachable
If it is reachable, check the debugs for detail issues as shown below. If it is not reachable, follow the link at the bottom for 'FortiToken server not reachable'.
Turn on activation debugging by executing the commands below:
di de application forticldd 255 di de enable
· [275] fds_svr_default_on_error: fds-update: req-id=1, num_try=1, read=0, reason=3 · [2993] tsk_send_image_list: num=76 · [465] fds_send_reply: Sending 5176 bytes data. · [489] fds_send_reply: send reply failed: req-1, Connection refused · [421] fds_free_tsk: cmd=1; req.noreply=1 · [421] fds_free_tsk: cmd=1; req.noreply=0
If the same error happens, try to change the FortiGuard port from 443 to port 53 using UDP protocol.
Change the FortiGuard setting shown below:
config system fortiguard set fortiguard-anycast disable set protocol udp set port 53 end
Select the refresh button on the FortiToken GUI webpage and check the status.
If the SoftToken/Mobile token is in the pending status after attempting the steps above and the issue persists, try importing the FortiToken again from the server:
exec fortitoken-mobile import 0000-0000-0000-0000-0000
Refresh the FortiToken page and check the status. If the issue still persists, try deleting the FortiToken and importing it again with the command above, then refresh the page. The status should be 'available'.
Related articles: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.