Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Common login errors

The authentication order when authenticating a user with FortiAuthenticator Agent for Microsoft Windows is:

Username + OTP à FortiAuthenticator
Username + Password à Windows Domain Login

This is important when diagnosing issues with the login process.

Verification of users OTP failed: User does not exist

The OTP validation is the first step in the authentication process. The OTP failed error suggests that the FortiAuthenticator is reachable, but the user does not exist on the FortiAuthenticator. This are a few reasons for this to occur:

Cause Resolution
User mistyped username (will be visible in the login GUI and FortiAuthenticator logs) User must reattempt with correct credentials.
User has not been provisioned on the FortiAuthenticator Contact your FortiAuthenticator administrator.

Verification of users OTP failed: Authentication error

The OTP failed error suggests that the FortiAuthenticator is reachable, but is responding with an authentication error, i.e. the incorrect username/OTP combination has been entered. There are several reasons for this to occur:

Cause Resolution
User is using a token not assigned to them. Only the token assigned to the user in the FortiAuthenticator database can be used for authentication. Use the assigned FortiToken.
The user is configured in FortiAuthenticator but does not have a FortiToken assigned. Contact your FortiAuthenticator administrator.
The user is using a FortiToken OTP (the digits from the token) that has been used previously to authenticate. This may include on another system, or in a previous failed attempt to log into the current system. Wait for a new OTP to be generated and retry.
Token is out of sync. Log into the FortiAuthenticator portal to resynchronize token.

Unknown user / incorrect password

The fact that the logon process has reached the point at which the password is being validated means that the Username and FortiToken OTP has been successfully validated. There are several possible reasons for such an error:

Cause Resolution
User has mistyped their password.

Retry login with the correct AD password. Remember to wait for a new FortiToken OTP otherwise the OTP validation will fail.

User should follow organizational password reset procedure if problems persist.

The user has been deleted from AD since they were imported into FortiAuthenticator.

Contact the AD administrator.

Common login errors

The authentication order when authenticating a user with FortiAuthenticator Agent for Microsoft Windows is:

Username + OTP à FortiAuthenticator
Username + Password à Windows Domain Login

This is important when diagnosing issues with the login process.

Verification of users OTP failed: User does not exist

The OTP validation is the first step in the authentication process. The OTP failed error suggests that the FortiAuthenticator is reachable, but the user does not exist on the FortiAuthenticator. This are a few reasons for this to occur:

Cause Resolution
User mistyped username (will be visible in the login GUI and FortiAuthenticator logs) User must reattempt with correct credentials.
User has not been provisioned on the FortiAuthenticator Contact your FortiAuthenticator administrator.

Verification of users OTP failed: Authentication error

The OTP failed error suggests that the FortiAuthenticator is reachable, but is responding with an authentication error, i.e. the incorrect username/OTP combination has been entered. There are several reasons for this to occur:

Cause Resolution
User is using a token not assigned to them. Only the token assigned to the user in the FortiAuthenticator database can be used for authentication. Use the assigned FortiToken.
The user is configured in FortiAuthenticator but does not have a FortiToken assigned. Contact your FortiAuthenticator administrator.
The user is using a FortiToken OTP (the digits from the token) that has been used previously to authenticate. This may include on another system, or in a previous failed attempt to log into the current system. Wait for a new OTP to be generated and retry.
Token is out of sync. Log into the FortiAuthenticator portal to resynchronize token.

Unknown user / incorrect password

The fact that the logon process has reached the point at which the password is being validated means that the Username and FortiToken OTP has been successfully validated. There are several possible reasons for such an error:

Cause Resolution
User has mistyped their password.

Retry login with the correct AD password. Remember to wait for a new FortiToken OTP otherwise the OTP validation will fail.

User should follow organizational password reset procedure if problems persist.

The user has been deleted from AD since they were imported into FortiAuthenticator.

Contact the AD administrator.