Digipass Plug-In for SBR Administrator Reference - Vasco
Digipass Plug-In for SBR Administrator Reference - Vasco
Digipass Plug-In for SBR Administrator Reference - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>SBR</strong> <strong>Administrator</strong> <strong>Reference</strong> Error and Status Codes<br />
Status<br />
Code<br />
1031 The policy does not allow a selfassignment<br />
attempt<br />
1032 Hashed passwords cannot be verified by<br />
Windows<br />
Message Notes<br />
applicable Policy had invalid settings or failed to load. This<br />
should not occur, but is possible due to the delay in Active<br />
Directory replication <strong>for</strong> example. The two main ways in<br />
which a Policy can become invalid are:<br />
One or more choice list settings are Default in the<br />
Policy, and its parent Policy if it has one.<br />
A circular chain of Policies has been created, <strong>for</strong><br />
example: Policy A inherits from Policy B; Policy B<br />
inherits from Policy C; Policy C inherits from Policy A.<br />
The Policy must be fixed in order <strong>for</strong> authentication to be<br />
permitted using that Policy.<br />
A User attempted Self-Assignment, but it is not<br />
permitted under the Policy.<br />
An authentication request could not be processed<br />
successfully because Back-End Authentication using<br />
Windows was required, but the User's password was<br />
hashed. It is not possible to verify hashed passwords with<br />
Windows. This can occur when a CHAP-based protocol is<br />
used – this includes CHAP, MS-CHAP, MS-CHAP2, EAP-MD5<br />
and other more complex protocols that utilize a one-way<br />
hash of the password entered by the User.<br />
Note that the effective Back-End Authentication setting<br />
is the effective setting of the Policy, unless the <strong>Digipass</strong><br />
User Account overrides the Policy.<br />
1033 A <strong>Digipass</strong> must be used The effective Local Authentication setting is <strong>Digipass</strong><br />
Only and the User tried to log in with a static password.<br />
Note that the 'effective' setting is the effective setting of<br />
the Policy, unless the <strong>Digipass</strong> User Account overrides the<br />
Policy.<br />
1034 Challenge/Response is not supported by<br />
CHAP-based protocols<br />
1035 Challenge/Response is not supported by<br />
Windows 2000<br />
Challenge/Response is only supported in RADIUS using the<br />
PAP protocol. An attempt was made to generate a<br />
challenge using a CHAP-based protocol – this includes<br />
CHAP, MS-CHAP, MS-CHAP2, EAP-MD5 and other more<br />
complex protocols.<br />
This status code can only occur in the <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong><br />
IAS. There is a product limitation on Windows 2000 only<br />
that Challenge/Response is not supported. It will occur if<br />
the User attempted to request a challenge.<br />
1036 1-Step Challenge/Response is disabled A request was made to generate a random challenge <strong>for</strong> 1step<br />
Challenge/Response, but the applicable Policy does<br />
not have 1-step Challenge/Response enabled or does not<br />
specify the challenge length and check digit indicator.<br />
1037 Password Autolearn is disabled A request was made to update a user's Stored Password,<br />
but Password Autolearn is disabled, so the update is not<br />
permitted. Password Autolearn must be enabled <strong>for</strong> the<br />
password update request to be processed.<br />
1038 The administration session ID is not<br />
known at this location<br />
1039 The administration session is no longer<br />
active<br />
An administration command has been received, but the<br />
internal session ID is not recognised at the location from<br />
which the command came. This can only occur by<br />
attempting to reuse a session ID from another location.<br />
An administration command has been received, but the<br />
session has stopped or is unrecognised. This can occur due<br />
to an idle timeout, a maximum session length timeout or a<br />
restart of the <strong>SBR</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
1040 Back-end authentication returned a This can occur when the <strong>SBR</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong>wards a request to<br />
© 2006 VASCO Data Security <strong>In</strong>c. 183