According to theFortiClient EMS Administrator Study Guideand officialTechnical Tipsfrom Fortinet, when the web console is inaccessible (e.g., timing out), the administrator must use tools available directly on the server's operating system (CLI) to gather diagnostic information.
1. Why the CLI Diagnostic Tool (Answer A) is the Correct Choice:
Availability during Outage:When the GUI is unreachable, the standard "Generate Diagnostic Logs" option within the EMS interface is also unavailable.
Windows-based EMS:The administrator can manually run the EMSDiagnosticTool.exe located at C:\Program Files (x86)\Fortinet\FortiClientEMS\. This tool collects server information, Windows events, and EMS-specific logs into a compressed file for investigation.
Linux-based EMS (v7.4+):For newer versions running on Linux, the administrator can use the CLI command: sudo /opt/forticlientems/bin/diagnostic_tool -o /tmp/diag to generate a diagnostic package.
Service Verification:The CLI also allows administrators to verify if critical services (like fcems, apache2, or postgres) are running or if remote access has been disabled using the emscli utility.
2. Why Other Options are Incorrect:
B. Download webserver logs from PostgreSQL:PostgreSQL is the database engine for EMS, not the web server. While database logs are useful, they are not the primary method for gathering general "diagnostic information" and would typically be collected as part of the CLI diagnostic tool output rather than downloaded directly from the DB.
C. Diagnostic logs option from the GUI:This option is impossible to use if the administrator has lost web access and the page is timing out.
D. Download log generator from support site:While Fortinet provides various tools on their support site, theEMS Diagnostic Toolis natively installed with the FortiClient EMS software and is the primary, documented method for troubleshooting the EMS server itself.
