Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Error and Status Codes Status Code Message Notes Digipass User account was found and Local Authentication is required by the Policy. 1011 The static password was incorrect As part of Local Authentication, verification of the static password failed. 1012 The One Time Password was incorrect Verification of the OTP failed. More specific details may be found in the VACMAN Controller error code and message. 1013 The challenge was invalid A response to a challenge was given, but the challenge was not the latest one issued for that Digipass. This is controlled by the Check Challenge Policy setting. 1014 The Digipass Grace Period has expired A User attempted to log in with their static password, but their Grace Period had already expired. They have to use a Digipass to log in. If they do not have their Digipass yet, the administrator will have to allow them more time by modifying the Grace Period End date on their Digipass record. 1015 Backup Virtual Digipass is not allowed A User attempted to request a Backup Virtual Digipass OTP, but they were not permitted. This would normally occur when either: The effective Backup VDP Enabled setting is Yes – Time Limited, and the Digipass Backup VDP Enabled Until date is the current date or before. The Digipass Backup VDP Uses Remaining counter has reached 0. In both cases, administrator intervention is required to permit the User to continue to use Backup Virtual Digipass. The Enabled Until or Uses Remaining limits need to be increased to permit this. Note that the 'effective' setting is the effective setting of the Policy, unless the Digipass record overrides the Policy. 1016 The Digipass is not available A User attempted Self-Assignment, but the Digipass they requested either could not be found within the search scope or was already assigned to someone else. This may occur because of a mistyped Serial Number. Otherwise, the search scope may be incorrect or the Digipass may not be in the correct location to be made available to the User. See the Location of Digipass Records section in the Product Guide. 1017 The user account has no mobile number for Virtual Digipass 1018 No password was supplied for a Virtual Digipass login A User requested a Primary or Backup Virtual Digipass OTP, but it could not be delivered because the User account had no mobile phone number. In Active Directory this is the first Mobile No. on the record. A User attempted a Virtual Digipass login, but did not enter a password in the second stage of the login. See 10.1.4 Virtual Digipass for more information. 1019 The new password confirmation failed In a password change request, the new password was not confirmed correctly. 1020 Local authentication failed General-purpose failure of Local Authentication when a more specific status code is not available. Additional information should provide more specific details. 1021 Back-end authentication reported that the password has expired Back-End Authentication (eg. Windows) failed because the password was correct but it has expired. 1022 Back-end authentication failed Back-End Authentication (eg. Windows) failed. A specific error code and message will accompany this record. 1030 The policy was invalid An authentication request was rejected because the © 2006 VASCO Data Security Inc. 182
Digipass Plug-In for SBR Administrator Reference Error and Status Codes Status Code 1031 The policy does not allow a selfassignment attempt 1032 Hashed passwords cannot be verified by Windows Message Notes applicable Policy had invalid settings or failed to load. This should not occur, but is possible due to the delay in Active Directory replication for example. The two main ways in which a Policy can become invalid are: One or more choice list settings are Default in the Policy, and its parent Policy if it has one. A circular chain of Policies has been created, for example: Policy A inherits from Policy B; Policy B inherits from Policy C; Policy C inherits from Policy A. The Policy must be fixed in order for authentication to be permitted using that Policy. A User attempted Self-Assignment, but it is not permitted under the Policy. An authentication request could not be processed successfully because Back-End Authentication using Windows was required, but the User's password was hashed. It is not possible to verify hashed passwords with Windows. This can occur when a CHAP-based protocol is used – this includes CHAP, MS-CHAP, MS-CHAP2, EAP-MD5 and other more complex protocols that utilize a one-way hash of the password entered by the User. Note that the effective Back-End Authentication setting is the effective setting of the Policy, unless the Digipass User Account overrides the Policy. 1033 A Digipass must be used The effective Local Authentication setting is Digipass Only and the User tried to log in with a static password. Note that the 'effective' setting is the effective setting of the Policy, unless the Digipass User Account overrides the Policy. 1034 Challenge/Response is not supported by CHAP-based protocols 1035 Challenge/Response is not supported by Windows 2000 Challenge/Response is only supported in RADIUS using the PAP protocol. An attempt was made to generate a challenge using a CHAP-based protocol – this includes CHAP, MS-CHAP, MS-CHAP2, EAP-MD5 and other more complex protocols. This status code can only occur in the Digipass Plug-In for IAS. There is a product limitation on Windows 2000 only that Challenge/Response is not supported. It will occur if the User attempted to request a challenge. 1036 1-Step Challenge/Response is disabled A request was made to generate a random challenge for 1step Challenge/Response, but the applicable Policy does not have 1-step Challenge/Response enabled or does not specify the challenge length and check digit indicator. 1037 Password Autolearn is disabled A request was made to update a user's Stored Password, but Password Autolearn is disabled, so the update is not permitted. Password Autolearn must be enabled for the password update request to be processed. 1038 The administration session ID is not known at this location 1039 The administration session is no longer active An administration command has been received, but the internal session ID is not recognised at the location from which the command came. This can only occur by attempting to reuse a session ID from another location. An administration command has been received, but the session has stopped or is unrecognised. This can occur due to an idle timeout, a maximum session length timeout or a restart of the SBR Plug-In. 1040 Back-end authentication returned a This can occur when the SBR Plug-In forwards a request to © 2006 VASCO Data Security Inc. 183
Page 1 and 2:
Modify these field values (right-cl
Page 3 and 4:
Digipass Plug-In for SBR Administra
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132: Digipass Plug-In for SBR Administra
Page 181: Digipass Plug-In for SBR Administra
Page 185: Digipass Plug-In for SBR Administra
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?