Self-provisioning portal bad return: FetchResponse when assigning new soft-token

The following article describes situations where the users of the Mi-Token self-provisioning portal get an error while trying to assign a new soft-token:

bad return: FetchResponse failed for https://mobile....

It is important to understand the interaction between the different components in order to perform a correct diagnostic, and therefore, a possible solution when facing this error.

During the new soft-token assignment cycle, the server and the token need to exchange information in order to synchronize each other, so the server recognizes the new token as a reliable source. This information exchange is done online by means of a Mi-Token public service deployed at

When the server exposing the self-provisioning portal detects that a new soft-token is trying to synchronize with it, the portal will try to synch back via the service. If the server is unable to reach this location or receives an error from it, it will report the following error on the portal screen:

An error has occurred: Bad return: FetchResponse failed for https://mobile...

At this point we can conclude that the error has occurred on the self-provisioning portal or at the server.

Network communication

If the server exposing the self-provisioning portal cannot communicate with the server it will raise a bad return: FetchResponse error.

Possible solutions:

  1. Verify your network configuration. Make sure that the network connection devices are enabled and correctly configured.
  2. Verify that the server exposing the self-provisioning portal is able to connect to the server.
  3. Verify your network communication devices configuration. Make sure that all of the active devices allow for communication back and forth to

Inadequate configuration

The Mi-Token AD UI tool includes a configuration parameter located at the bottom of the screen, in the Miscellaneous tab of the Mi-token properties window:

By clicking this button, a new auxiliary dialog window appears:

Possible solutions:

  1. Verify that the Generate Multi-User Soft Token Links is unchecked. This functionality requires a separate configuration.
  2. Verify that the field labeled Mi-Token website to use is set to, no space character at the beginning or at the end of the setting.

Old Mi-Token installation

On the General tab of the AD UI Properties windows you can find the software version your system is running.

Old instances may have trouble with the current version of the services deployed at

Possible Solutions:

  1. Upgrade the Mi-Token software to the latest version.