Hot!FortiToken clock drift detected (code: 086447).

Author
edoutreleau
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/19 08:49:46
  • Status: offline
2020/06/03 06:14:21 (permalink)
0

FortiToken clock drift detected (code: 086447).

Hi
when i want to use my hard fortitoken 200 to acces my vpn i got the following message
 
 FortiToken clock drift detected (code: 086447). Please input the next code and continue
 
but when i go to my fortigate and i type 
diag fortitoken info |
 
i got 
FTKxxxxxxxxxx 0 active 
 
how can i adjust the clock of my fortitoken 200? 
#1

5 Replies Related Threads

    live89
    Silver Member
    • Total Posts : 72
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/05/11 07:20:42
    • Status: offline
    Re: FortiToken clock drift detected (code: 086447). 2020/06/03 06:37:38 (permalink)
    0
    Have you tried this KB:
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD46341
     
    As far as I know it should show provisioned state ...
    post edited by live89aa - 2020/06/03 06:59:27

    Thanks
    #2
    edoutreleau
    New Member
    • Total Posts : 18
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/02/19 08:49:46
    • Status: offline
    Re: FortiToken clock drift detected (code: 086447). 2020/06/03 07:15:31 (permalink)
    0
    Hi
    I have already see this KB but i really don't know what i should do with that.
    There s nothing i can do if i have fortitoken200 with a fortigate.
     
    the only sync command available are fro fortiauthenticator or fortitoken mobile 
    #3
    live89
    Silver Member
    • Total Posts : 72
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/05/11 07:20:42
    • Status: offline
    Re: FortiToken clock drift detected (code: 086447). 2020/06/03 22:54:26 (permalink)
    0
    Is this new implementation or it has worked before and suddenly stopped working?
    Also have you tried to re-activate the fortitoken?

    Thanks
    #4
    edoutreleau
    New Member
    • Total Posts : 18
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/02/19 08:49:46
    • Status: offline
    Re: FortiToken clock drift detected (code: 086447). 2020/06/04 04:07:46 (permalink)
    0
    Hi
     
    well we have around 60 fortitoken 200 and only some doesn't work. But i can't say if thet have work one day.
    i have tried to activate again that token but it told me that they were already activated and i don't see a way to desactivate it. 
    #5
    xsilver
    Expert Member
    • Total Posts : 509
    • Scores: 129
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Location: EMEA
    • Status: offline
    Re: FortiToken clock drift detected (code: 086447). 2020/06/04 06:10:26 (permalink)
    0
    @ac89live  idea is the same, but FTK200 is HARDWARE and not MOBILE token and therefore do have a little bit different statuses.
     
    However to original post .. 
    1. drift is difference between clock inside token (device, for mobile, or hw clock in hardware models like 200-211-220)
    2. FortiGate/FortiAuthenticator should have system time synced by NTP
    3. regardless of NTP sync a clock in token can get out of auto-correction window and so message requesting two consecutive codes for manual sync is shown. That might also happen during first/initial deployment, and so I'd suggest/recommend to admin to sync tokens before handing them over to users
     
    How-to:
    # execute fortitoken sync <tokenId=SN> <code1> <code2>
    - where code1 and code2 have to be consecutive token codes, one after another, so in 60 sec interval (default for HW tokens)
     
    Numbers in DRIFT column on GUI or in 'diag fortitoken info' show how many cycles is token's clock ahead or behind system clock in FGT/FAC.
    post edited by xsilver - 2020/06/04 06:25:05

    Kind Regards,
    Tomas
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5