Troubleshooting

The following table describes some of the basic issues that can occur while using your FortiAuthenticator device, and suggestions on how to solve said issues.

Problem	Suggestions
All user log in attempts fail, there is no response from the FortiAuthenticator device, and there are no entries in the system log.	Check that the authentication client has been correctly configured. See Adding a FortiAuthenticator unit to your network. If the authentication client is not configured, all requests are silently dropped. Verify that traffic is reaching the FortiAuthenticator device. Is there an intervening Firewall blocking 1812/UDP RADIUS Authentication traffic, is the routing correct, is the authentication client configured with correct IP address for the FortiAuthenticator unit, etc.
All user log in attempts fail with the message RADIUS ACCESS-REJECT, and invalid password shown in the logs.	Verify that the authentication client secrets are identical to those on the FortiAuthenticator unit.
Generally, user log in attempts are successful, however, an individual user authentication attempt fails with invalid password shown in the logs.	Reset the user’s password and try again. See Editing a user. Have the user privately show their password to the administrator to check for unexpected characters (possibly due to keyboard regionalization issues).
Generally, user log in attempts are successful, however, an individual user authentication attempt fails with invalid token shown in the logs.	Verify that the user is not trying to use a previously used PIN. Tokens are One Time Passwords, so you cannot log in twice with the same PIN. Verify that the time and timezone on the FortiAuthenticator unit are correct and, preferably, synchronised using NTP. See Configuring the system date, time, and time zone. Verify that the token is correctly synchronized with the FortiAuthenticator unit, and verify the drift by synchronizing the token. See FortiToken drift adjustment. Verify the user is using the token assigned to them (validate the serial number against the FortiAuthenticator unit configuration). See User Management. If the user is using an email or SMS token, verify it is being used within the valid timeout period. See Lockouts.