7 MyID Operator Client error codes
This section contains the list of server-generated errors that may occur when using the MyID Operator Client, the MyID Core API, or the web.oauth2 and web.oauth2.ext authentication services.
To assist with the diagnosis of issues, Intercede support may guide you to enable logging on the rest.core or web.oauth2 web services; you can then provide these logs to customer support for analysis. See the MyID REST and authentication web services section in the Configuring Logging guide for details of enabling logging.
Note: You may also see errors produced by the MyID Client Service when using the MyID Operator Client. See section 8, MyID Client Service error codes for details.
Error Code |
OA10000 |
Text |
Server Error |
Details |
An internal server error has occurred. |
Solution |
Retry the operation; the cause could be a temporary issue such as a database timeout due to server load. If the problem persists, check the System Events and Audit Reporting workflows within MyID, then the web.oauth2 logs for more information. For information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
OA10001 |
Text |
Unable to communicate with app - ensure that MyID UMC app (MyIdClientService) is running |
Details |
The web page has been unable to communicate with the MyID Client Service. |
Solution |
Make sure the MyID Client Service is installed and running. See the Installing the MyID Client Service section in the Installation and Configuration Guide. Make sure that the browser you are using supports websockets connections to ws://localhost. See the Supported browsers section in the MyID Operator Client guide. |
Error Code |
OA10002 |
Text |
Invalid credentials |
Details |
The credentials you have supplied for authentication are not valid. |
Solution |
Supply valid credentials for logon. |
Error Code |
OA10003 |
Text |
You do not have sufficient security questions configured |
Details |
The person attempting to log on must have sufficient security questions set up on their account. |
Solution |
Use the Change Security Phrases or Change My Security Phrases workflows to provide the required security phrases. See the Setting security phrases section in the Operator's Guide. Alternatively, you can set a lower value for the Number of security questions for self-service authentication option. See the Setting the number of security phrases required to authenticate section in the Administration Guide. |
Error Code |
OA10004 |
Text |
Your username or security response is incorrect, or you may not have permission to access this client. |
Details |
The person attempting to log on has mistyped their username or security responses. Alternatively, your MyID license may have expired. |
Solution |
Try again. If the problem does not appear to be related to your security response, log on to MyID using MyID Desktop and check the status of your license in the Licensing workflow. Note: If the number of failed attempts exceeds the configuring maximum (by default, three) the person |
Error Code |
OA10005 |
Text |
The registration link is invalid |
Details |
The registration job ID is not a valid job ID. This can also occur if there is a problem with the request that is being collected, or the request is not at the ‘Awaiting Issue’ status; for example, if it has been canceled. |
Solution |
Carry out the request again. |
Error Code |
OA10006 |
Text |
Logoncode OTPs are disabled on the server |
Details |
The Allow Logon Codes option is not set on the server, or the person's role does not have access to the Password logon mechanism. |
Solution |
Set the Allow Logon Codes option, make sure the person has access to the Password logon mechanism, then try again. See the Setting the configuration options and the Configuring roles for registering FIDO authenticators sections in the FIDO Authenticator Integration Guide for details. |
Error Code |
OA10007 |
Text |
Your OTP has been entered incorrectly, is locked, has expired, or you do not have permission to perform this operation. Please try again. |
Details |
The registration code was incorrect, has expired, or has been entered incorrectly too many times, or you do not have access to the Register FIDO Security Key operation. |
Solution |
Retry entering the registration code. If it continues to fail, it may be locked. Request another FIDO authenticator. You can use the automatic job cancellation feature in MyID to remove any old uncollected, locked, or expired jobs; see the Automatic job cancellation section in the Administration Guide. Check that your have access to the Register FIDO Security Key operation; see the Configuring roles for registering FIDO authenticators section in the FIDO Authenticator Integration Guide for details. |
Error Code |
OA10008 |
Text |
Your session has timed out or is invalid, please try again |
Details |
You may have waited too long to complete the registration process. |
Solution |
Try again. If you have already used your registration code, you must request the FIDO authenticator again, which will send you a new registration code. |
Error Code |
OA10009 |
Text |
Error registering FIDO in browser |
Details |
The ServerDomain app setting may configured incorrectly. Note that ServerDomain is case sensitive and must be consistent with the casing of the DNS Name in the web server's TLS certificate. |
Solution |
Set the ServerDomain in the app settings file. See the Setting up the FIDO metadata section in the FIDO Authenticator Integration Guide for details. |
Error Code |
OA10010 |
Text |
Error authenticating FIDO in browser. |
Details |
A cause of this is if the FIDO credential was registered on a website running a different origin to the website that is performing the authentication – at registration, FIDO credentials become locked to the origin on which they were registered. This may also occur if the web.oauth2 Fido:Config:Origin is configured incorrectly in the authentication service app settings file. Note that Origin is case sensitive and must be consistent with the casing of the DNS Name in the web server's TLS certificate |
Solution |
Set the Origin in the app settings file. See the Setting up the FIDO metadata section in the FIDO Authenticator Integration Guide for details. |
Error Code |
OA10011 |
Text |
FIDO authentication failed, please try again. You may not have permission to access this client. |
Details |
This may occur when the credential profile for a FIDO authenticator was set up to require user verification, but the FIDO authenticator does not support that feature. This may also occur when you are attempting to log on with a FIDO authenticator without providing a username, but the credential profile was not set up with the Require Client Side Discoverable Key option, and consequently the FIDO authenticator does not have the key required for logon without a username. |
Solution |
Try a different FIDO authenticator, try a credential profile that has been set up with less stringent requirements, or try a credential profile that sets up the client side discoverable key |
Error Code |
OA10012 |
Text |
FIDO registration failed, the FIDO token used to register was not trusted. Try a different FIDO token if you have one. <details> |
Details |
The FIDO authenticator you have tried to register failed the attestation check. |
Solution |
Try a different FIDO authenticator. |
Error Code |
OA10013 |
Text |
FIDO registration failed, user mismatch |
Details |
The FIDO authenticator cannot be registered as there is a problem matching the user. |
Solution |
Try registering the authenticator to a different user. |
Error Code |
OA10014 |
Text |
FIDO registration failed, the credential profile is invalid |
Details |
The credential profile is not valid, or the person for whom the FIDO authenticator was requested has changed roles, and can no longer receive the originally-requested credential profile. |
Solution |
Request a FIDO authenticator using a different credential profile, and try again. |
Error Code |
OA10015 |
Text |
FIDO registration failed, this token is already registered |
Details |
The FIDO authenticator is already registered. |
Solution |
Try a different FIDO authenticator. |
Error Code |
OA10016 |
Text |
FIDO registration failed, the credential profile is set to Enforce Authenticator Attestation Check, but the token registered does not have metadata available on the server. Try registering a different token. |
Details |
The manufacturer did not register metadata with the FIDO metadata service, and the file-based metadata does not include information about this token. This token cannot be used with this credential profile. |
Solution |
Either register a different token, register this token to a different credential profile using a credential profile that does not have Enforce Authenticator Attestation Check set, get the token manufacturer to publish the metadata for this token to the FIDO metadata service, or obtain the FIDO metadata and configure it manually on the server using the MDSCacheDirPath setting. See the Setting up credential profiles for FIDO authenticators or Setting up a local metadata repository section in the FIDO Authenticator Integration Guide for details. |
Error Code |
OA10017 |
Text |
FIDO registration failed, there was a problem accessing the FIDO Metadata Server |
Details |
There was a problem trying to get a metadata TOC payload entry from the FIDO metadata service. |
Solution |
Check that the URLs https://*.fidoalliance.org are accessible from the web server and try again. |
Error Code |
OA10018 |
Text |
You do not have any FIDO tokens registered |
Details |
The person has attempted to authenticate to the MyID authentication service using FIDO, but does not have any registered FIDO authenticators. |
Solution |
Request a FIDO authenticator for the person. |
Error Code |
OA10019 |
Text |
Username should not be null or empty |
Details |
The MyID Username claim was missing in the cookie for the call to logon with FIDO. |
Solution |
Restart the browser and try again. |
Error Code |
OA10020 |
Text |
FIDO basic and FIDO high logonmechanisms are disabled for this client |
Details |
No supported FIDO logon mechanisms were found. |
Solution |
This may be the result of an attempt to bypass FIDO logon mechanisms. Make sure you have gone through the correct procedure. |
Error Code |
OA10021 |
Text |
Invalid return URL |
Details |
The return link from a logon authentication call was invalid. |
Solution |
This may be the result of a redirect attack or a malicious link. Make sure you have gone through the correct procedure. |
Error Code |
OA10030 |
Text |
MyID:Database:ConnectionStringCore is not configured |
Details |
A configuration file error has occurred. You must configure a database connection string. |
Solution |
Check the configuration file settings – ConnectionStringCore must be configured. See the Configuring the standalone authentication service section in the MyID Authentication Guide. |
Error Code |
OA10031 |
Text |
MyID:Database:ConnectionStringAuth is not configured |
Details |
A configuration file error has occurred. You must configure a database connection string. |
Solution |
Check the configuration file settings – ConnectionStringAuth must be configured. See the Configuring the standalone authentication service section in the MyID Authentication Guide |
Error Code |
OA10032 |
Text |
Unable to find configured JWT signing certificate |
Details |
No JWT signing certificate was found, but JWT signing is configured. |
Solution |
Check the JWT settings. See the Load balancing section in the MyID Operator Client guide. |
Error Code |
OA10033 |
Text |
No JWT signing certificate configured and no RSA signing key containername configured |
Details |
MyID is configured to use a previously configured RSA keyname but no RSA container name was found. |
Solution |
Check the JWT settings. See the Load balancing section in the MyID Operator Client guide. |
Error Code |
OA10034 |
Text |
JWT signing key is configured, but has an incorrect algorithm or key size |
Details |
MyID has found an RSA key with an incorrect algorithm or key size. |
Solution |
Check the JWT settings. See the Load balancing section in the MyID Operator Client guide. |
Error Code |
OA10035 |
Text |
Generated JWT signer certificate, but unable to load it |
Details |
A server error has occurred while attempting to validate the generated signer certificate. |
Solution |
Check the JWT settings. See the Load balancing section in the MyID Operator Client guide. |
Error Code |
OA10036 |
Text |
No JWT signing certificate configured and no RSA signing key containername configured, and not configured to generate a JWT signing key |
Details |
A configuration error has occurred. No authentication method has been set. |
Solution |
Check the JWT settings. See the Load balancing section in the MyID Operator Client guide. |
Error Code |
OA10037 |
Text |
You do not have permission to perform this operation. Your permissions could not be verified |
Details |
A valid access token has not been supplied to authorize this extension grant. The token may be missing, may not contain the required claims. |
Solution |
Check that your system is providing the correct data for the extension grant. |
Error Code |
OA10038 |
Text |
You do not have permission to perform this operation |
Details |
This can happen if the caller does not have scope over the object (request, device or person) in the context of the operation being performed. |
Solution |
Check the roles that the person has and check the permissions these roles give in Edit Roles. |
Error Code |
OA10039 |
Text |
You do not have permission to perform this operation on the identified object or the identified object does not exist |
Details |
This can happen if the caller does not have scope over the object (request, device or person) in the context of the operation being performed. |
Solution |
Check the roles that the person has and check the permissions these roles give in Edit Roles. |
Error Code |
OA10040 |
Text |
Your assigned roles do not have permission to collect this request’s credential profile |
Details |
The credential profile does not include any of your roles in the Can Collect option. |
Solution |
Edit the credential profile to add one of your roles to the Can Collect options for the profile. |
Error Code |
OA10041 |
Text |
Authorization failure, missing data |
Details |
Data required to perform the extension grant is missing. This should not be seen through the MyID Operator Client but may occur if integrating third party systems to perform token operation extension grants if they do not supply the required data. |
Solution |
Check that your system is providing the data required to perform the extension grant. |
Error Code |
OA10042 |
Text |
This item is not in the correct state to perform this operation |
Details |
You have attempted to carry out an operation that requires a particular status; for example, collecting a card requires a job status of Awaiting Issue. If this error occurs, the status is no longer correct for the operation; this may occur when multiple operators attempt to carry out an operation on the same item. |
Solution |
Go back and attempt the operation again from the beginning; if the item is not in the correct status, you should not be offered the opportunity to carry out the operation. If you are using the self-service menu in the MyID Operator Client, click Check For Updates to refresh the list of available actions before attempting the operation again. |
Error Code |
OA10043 |
Text |
Your assigned roles do not have permission to unlock this device |
Details |
When the configuration flag Constrain Credential Profile Unlock Operator is set, when unlocking devices for other users you require the Can Unlock permission for the credential profile of that device. |
Solution |
Edit the credential profile to add one of your roles to the Can Unlock options for the profile. |
Error Code |
OA10044 |
Text |
You cannot perform this operation on yourself |
Details |
You have attempted to perform and operation that is not allowed for self-service on your own account. |
Solution |
Either perform the operation on another person's account, or get another operator to perform the operation on your account. |
Error Code |
OA10045 |
Text |
You cannot perform this operation on others |
Details |
You have attempted to perform an operation that is allowed for self-service only on another person. |
Solution |
Either perform the operation on your own account, or get the other person to perform the operation on their own account. |
Error Code |
OA10046 |
Text |
The OTP has expired |
Details |
The authentication code has expired. |
Solution |
Request a new authentication code. The lifetime of authentication codes is controlled by the following configuration options on the Auth Code page of the Security Settings workflow:
Error Code |
OA10047 |
Text |
This item does not meet the requirements to perform this operation |
Details |
An operation for pass-through authentication has a condition that has not been met. Launching this operation is not allowed. |
Solution |
This operation can be performed only if the subject of the operation meets the criteria configured for the operation. Ensure that the subject of the operation meets the configured criteria, or if these have been customized in MyID Project Designer, ensure that this has been configured correctly. |
Error Code |
OA10048 |
Text |
The user does not have the required contact details for this delivery mechanism |
Details |
A notification cannot be sent, the required contact details (email address or cell phone number) are not known for this user. |
Solution |
Contact an administrator to get the contact details updated. |
Error Code |
OA10049 |
Text |
An error occurred capturing the fingerprint. Please try again |
Details |
MyID failed to capture the fingerprint due to an issue with the fingerprint reader. |
Solution |
Check that the fingerprint reader is connected, and that its drivers are installed correctly. |
Error Code |
OA10050 |
Text |
Number of fingerprint attempts has been exceeded |
Details |
The number of attempts to capture fingerprints has exceeded the configured maximum (the Number of fingerprint validation attempts configuration option on the Biometrics page of the Operation Settings workflow), either through failure to match or verify, or failure to capture. |
Solution |
Close the authentication popup window and try again. If you continue to experience failures, check that your fingerprint reader is connected, and that its drivers are installed correctly. |
Error Code |
OA10051 |
Text |
No match was found for the fingerprint |
Details |
A fingerprint was captured, but no match was found in MyID. |
Solution |
Check that you have fingerprints captured in your MyID user account. |
Error Code |
OA10052 |
Text |
Authorization failure, missing data |
Details |
The request for the secondary authentication extension grant is missing some information. |
Solution |
Check the call to get the secondary authentication extension grant has the required parameters, such as the necessary tokens. |
Error Code |
OA10053 |
Text |
You do not have permission to perform this operation |
Details |
The primary token (the MyID Logon token) is invalid. |
Solution |
Check that the MyID Logon token is valid, and has not expired. |
Error Code |
OA10054 |
Text |
You do not have permission to perform this operation |
Details |
The secondary authentication token (biometric) failed validation against MyID. |
Solution |
Check the secondary authentication token has the required claims and validity. |
Error Code |
OA10055 |
Text |
You do not have permission to perform this operation |
Details |
The tokens were valid, but the user's or token's permission has been denied for the attempted operation. |
Solution |
Check your MyID configuration for operation authentication. |
Error Code |
OA10056 |
Text |
Invalid request for Secondary Authentication |
Details |
Invalid data was found when attempting to verify the Secondary Authentication token. |
Solution |
Check your MyID configuration for operation authentication. |
Error Code |
OA10057 |
Text |
A required claim is missing for Secondary Authentication |
Details |
The secondary authentication token presented was missing required claims. |
Solution |
Check your MyID configuration for operation authentication. |
Error Code |
OA10058 |
Text |
There are no fingerprints registered for this person |
Details |
The user has tried to authenticate with a fingerprint, but no fingers are registered or enrolled in MyID. |
Solution |
The user must enroll fingerprints. |
Error Code |
OA10059 |
Text |
There are no update jobs to collect for this device |
Details |
There are no update jobs available to be collected for this device. |
Solution |
There may not be any jobs or there may be jobs awaiting validation. Check that there are appropriate update jobs available for the device. |
Error Code |
OA10060 |
Text |
The credential profile to be collected requires user data approval, but the target user has no such approval |
Details |
The person for whom you are attempting to collect the card for is not approved, but has a credential profile requiring approval. |
Solution |
Use a different credential profile, or approve the person. |
Error Code |
OA10061 |
Text |
The credential profile to be collected requires terms and conditions to be accepted, but assisted collection of updates does not support this |
Details |
The credential profile being collected requires terms and conditions to be accepted, but this is not supported by Assisted Collect. |
Solution |
Collect this profile using a self service operation, or use a different credential profile. |
Error Code |
OA10062 |
Text |
MyID client service is not running |
Details |
You have attempted to use the Manage My Credentials option on the MyID Authentication screen, but the MyID Client Service application is not running. |
Solution |
Close the MyID Authentication screen, start the MyID Client Service, then click Sign In and Manage My Credentials again. See the Managing your credentials from the MyID Authentication screen section in the MyID Operator Client guide. |
Error Code |
OA10063 |
Text |
You cannot retrieve security questions for this client |
Details |
You have attempted to use headless passphrase authentication (for example, for PIN unlock for mobile identities) but the client ID specified in the API call is not listed in the application settings file. |
Solution |
Check that the appsettings.Production.json and appsettings.json files for the web.oauth2 web service are correctly configured. |
Error Code |
OA10064 |
Text |
The security questions logonmechanism is disabled for this client |
Details |
You have attempted to use headless passphrase authentication (for example, for PIN unlock for mobile identities) but either the Password Logon mechanism (on the Logon Mechanisms page of the Security Settings workflow) or the EnableHeadlessPassphraseLogin option (in the application settings JSON file for the web.oauth2 web service) is not enabled. Both must be enabled to use this feature. |
Solution |
Check that the Password Logon option and the appsettings.Production.json and appsettings.json files for the web.oauth2 web service are correctly configured. |
Error Code |
OA10065 |
Text |
You cannot retrieve a challenge for this client |
Details |
You have attempted to use headless card authentication (for example, for certificate renewal for mobile identities) but the client ID specified in the API call is not listed in the application settings file. |
Solution |
Check that the appsettings.Production.json and appsettings.json files for the web.oauth2 web service are correctly configured. |
Error Code |
OA10066 |
Text |
The smartcard logon logonmechanism is disabled for this client |
Details |
You have attempted to use headless card authentication (for example, for certificate renewal for mobile identities) but either the Smart Card Logon mechanism (on the Logon Mechanisms page of the Security Settings workflow) or the EnableHeadlessCardLogin option (in the application settings JSON file for the web.oauth2 web service) is not enabled. Both must be enabled to use this feature. |
Solution |
Check that the Smart Card Logon option and the appsettings.Production.json and appsettings.json files for the web.oauth2 web service are correctly configured. |
Error Code |
OA10067 |
Text |
Key-pair authentication failed, or you may not have permission to access this client |
Details |
You have attempted to use headless card authentication (for example, for certificate renewal for mobile identities) but the key pair used is invalid. |
Solution |
Try the operation again. |
Error Code |
OA10068 |
Text |
Windows logon failed, your windows account is unknown or untrusted |
Details |
You have attempted to sign in using Windows authentication, but your Windows account is not suitable. |
Solution |
See the Signing in using Windows authentication section in the MyID Operator Client guide. |
Error Code |
OA10069 |
Text |
Windows logon failed, your user account is not permitted to logon |
Details |
You have attempted to log on to MyID using Windows authentication, but the specified user account does not have permission to do so. |
Solution |
Make sure the logon name provided exists, and has permission to log on with Windows authentication. See the Signing in using Windows authentication section in the MyID Operator Client guide. |
Error Code |
OA10070 |
Text |
Windows Authentication is disabled on the server |
Details |
You have attempted to log on to MyID using Windows authentication, but your server is not configured to allow it. |
Solution |
Check that the Integrated Windows Logon mechanism is enabled on the Logon Mechanisms page of the Security Settings workflow. On the MyID web server, in IIS, check the Authentication settings for web.oauth2, and make sure that both Anonymous Authentication and Windows Authentication are enabled. See the Signing in using Windows authentication section in the MyID Operator Client guide. |
Error Code |
OA10071 |
Text |
Refresh Token failed to retrieve token |
Details |
The refresh token could not be found in the internal store, based on the handle provided. |
Solution |
Check the token handle being sent, or log off and try again. See the Signing in using Windows authentication section in the MyID Operator Client guide. |
Error Code |
OA10072 |
Text |
Authorization failure, missing data for Token Refresh |
Details |
This error may be caused by the request for the Refresh token missing the token handle value (the value returned with the initial logon token). |
Solution |
Check the token handle being sent, or log off and try again See the Signing in using Windows authentication section in the MyID Operator Client guide. |
Error Code |
OC10001 |
Text |
There are no actions available for your current logon method and the roles that you have been assigned. |
Details |
You have not been assigned any actions for use in the MyID Operator Client. |
Solution |
Ensure that the roles you have assigned provide MyID Operator Client actions. See the Roles and groups section in the MyID Operator Client guide. |
Error Code |
OC10002 |
Text |
This web browser cannot be used. Please use an alternative web browser. |
Details |
An unsupported browser has been detected. Due to the browser technology used, you cannot use Internet Explorer to access the MyID Operator Client. |
Solution |
The MyID Operator Client is designed to work on a range of browsers running on Windows 10 or Windows 11, excluding Internet Explorer. You are recommended to use Google Chrome, Microsoft Edge (Chromium version) or Mozilla Firefox. See the Supported browsers section in the MyID Operator Client guide. |
Error Code |
OC10003 |
Text |
There has been a problem on the server and it is not possible to continue. |
Details |
The API server is unreachable or has been configured incorrectly. |
Solution |
Confirm that the API server is reachable, and has been configured correctly. Check the URLs in the web service configuration files; they must use https and be valid URLs. See The rest.core web service configuration file and The web.oauth2 web service configuration file sections in the MyID Operator Client guide for details of the web service configuration files. The REST-based web services require HTTPS, and will not operate if this is not set up. For more information, see the REST-based web services section in the System Interrogation Utility guide. |
Error Code |
OC10004 |
Text |
The server could not be contacted. Please try again. |
Details |
Connection to the server unavailable. Either the client is not connected to the Internet, or the server is offline. |
Solution |
Confirm that the API server is reachable, and try again. Confirm that you have the correct server address specified; see the Specifying the server for the MyID Client Service section in the MyID Operator Client guide. Confirm that your environment's security (for example, the load balancer or firewall) has been configured to allow full access to the REST web services; while some systems may be locked down to allow only GET and POST, the MyID web services require the full range of verbs, including (but not limited to) GET, POST, PATCH, OPTIONS, and DELETE. |
Error Code |
OC10005 |
Text |
The file you have uploaded is not an image. Please upload an image. |
Details |
You can choose from the following file types:
If you select a file of the wrong type, MyID displays an error. |
Solution |
See the Uploading an existing image file section in the MyID Operator Client guide. |
Error Code |
OC10006 |
Text |
MyID Client Service error |
Details |
You have attempted to use a feature provided by the MyID Client Service App, but the app is not running, or is configured incorrectly. |
Solution |
This may occur when accessing smart card, editing captured images, or other operations provided by the MyID Client Service App. Make sure the app is running. See the Installing the MyID Client Service section in the Installation and Configuration Guide for instructions on installing the MyID Client Service. This may also occur if MyID Desktop or the Self-Service App could not be found at the configured path. See the Setting the location of MyID Desktop or the Self-Service App section in the MyID Operator Client guide. |
Error Code |
OC10007 |
Text |
A problem has occurred when connecting to the camera. |
Details |
The MyID Image Capture component cannot make a connection to the camera. The camera might be in use or has a low maximum supported camera resolution. |
Solution |
Confirm that the camera is operating correctly and can support a minimum resolution of 640x480. Confirm that the camera is not currently in use in another application, then start Image Capture again. |
Error Code |
OC10008 |
Text |
Unable to launch the MyID Desktop or Self-Service App. Please check configuration and try again. |
Details |
MyID Desktop or the Self-Service App could not be found at the configured path. Check the MyID Client Service log in the Windows system tray for further details. |
Solution |
Confirm that the application is installed and available at the configured location. See the Setting the location of MyID Desktop or the Self-Service App section in the MyID Operator Client guide. |
Error Code |
OC10009 |
Text |
Unable to connect to MyID Desktop or the Self-Service App. Please try again. |
Details |
The MyID Client Service failed to start a client application due to a timeout error. Check the MyID Client Service log in the Windows system tray for further details. |
Solution |
Try again. If this issue persists, confirm that MyID Desktop and the Self-Service App are able to start within the configured timeout setting. This issue has been seen on environments where there is no Internet connection. See the Troubleshooting MyID Client Service connection issues section in the MyID Operator Client guide. |
Error Code |
OC10010 |
Text |
Unable to launch MyID Desktop or the Self-Service App. Please try again. |
Details |
MyID Desktop or the Self-Service App is running but is already servicing a request. Try again when the current request has been completed. Check the MyID Client Service log in the Windows system tray for further details. |
Solution |
Try again when the current request has been completed. |
Error Code |
OC10011 |
Text |
The item is not available. This may be due to the item changing status, the link no longer being valid or you do not have permission to access this information. |
Details |
The operation or entity provided in the URL link is not available. Confirm that the link provided is valid and you have permissions for the operation specified. |
Solution |
Confirm that you have permissions to the link provided and try again. |
Error Code |
OC10012 |
Text |
The item is not available. Check the link is valid and you have permission to access this information. |
Details |
The search provided in the URL link is not available. Confirm that the link provided is valid and you have permissions for the search specified. |
Solution |
Confirm that you have permissions to the link provided and try again. |
Error Code |
OC10013 |
Text |
Unable to launch MyID Desktop or the Self-Service App. Please check installed version and try again. |
Details |
An incorrect version of MyID Desktop or the Self-Service App has been detected. |
Solution |
Confirm that the correct version of MyID Desktop or the Self-Service App is installed, and try again. You may have to upgrade your version of MyID Desktop or the Self-Service App to the latest version to support the feature you are trying to use. If you have more than one version of the client software installed, make sure that the MyID Client Service is configured with the location of the correct version. See the Setting the location of MyID Desktop or the Self-Service App section in the MyID Operator Client guide. |
Error Code |
OC10014 |
Text |
This action cannot be performed. Please check the installed version of MyID Client Service, and try again. |
Details |
The version of MyID Client Service that is currently installed does not support performing this action. |
Solution |
Install a later version of MyID Client Service, and try again. |
Error Code |
OC10015 |
Text |
At least one record must be selected in order to perform this operation. |
Details |
You have attempted to run a batch operation with no items selected. This may occur if you attempt to return to an intermediate URL in the batch process. |
Solution |
Return to the main screen and try the operation again. |
Error Code |
OC10016 |
Text |
Your login has expired. Please re-authenticate to the MyID Operator Client. |
Details |
Due to inactivity, you have been logged out of the MyID Operator Client. |
Solution |
Re-authenticate to the MyID Operator Client using the same user and logon mechanism. See the Timeouts and re-authentication section in the MyID Operator Client guide. |
Error Code |
OC10017 |
Text |
You have re-authenticated to the MyID Operator Client with a different user. For security reasons, the operation has been canceled. |
Details |
A different user was used to re-authenticate to the MyID Operator Client. You have returned to the home page, and the previous operation has been canceled. |
Solution |
Use the same user and logon mechanism that was previously used to complete the intended operation. See the Timeouts and re-authentication section in the MyID Operator Client guide. |
Error Code |
OC10018 |
Text |
You have re-authenticated to the MyID Operator Client with a different logon mechanism. For security reasons, the operation has been canceled. |
Details |
A different logon mechanism was used to re-authenticate to the MyID Operator Client. You have returned to the home page, and the previous operation has been canceled. |
Solution |
Use the same logon mechanism that was previously used to complete the intended operation. See the Timeouts and re-authentication section in the MyID Operator Client guide. |
Error Code |
OC10019 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using the MyID Client Service. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID Client Service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10020 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10021 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. UMC threw an exception when we called AcceptPkcs7Ex2. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
This error may be caused by the certificate policy for a soft certificate not having the Private Key Exportable option set. See the Setting up a credential profile for soft certificates section in the Administration Guide for details. This issue may also occur if the certificate file name generated from the certificate policy name contains invalid characters. As a workaround, you can customize the file names; see the Customizing certificate file names section in the MyID Operator Client guide. If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10022 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. Failed to load an archived certificate into a .NET x509 object. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10023 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. Failed to add an archived certificate to the user store. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10024 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. Request included an extension that is not explicitly permitted. Default allowed extensions are .pfx and .cer. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
This issue may occur if the certificate file name generated from the certificate policy name contains invalid characters. As a workaround, you can customize the file names; see the Customizing certificate file names section in the MyID Operator Client guide. If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10025 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. Auto-save has been disabled in the client configuration file. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10026 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services. An exception was thrown when we tried to write a certificate to a file. This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information. |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support. |
Error Code |
OC10028 |
Text |
The printer is unavailable. Please check the printer is operational and not in use. |
Details |
There has been a problem with the printer. |
Solution |
Check the printer for any messages. |
Error Code |
OC10029 |
Text |
The printer reported the print operation has failed. Please see the printer for further details. |
Details |
There has been a problem with the printer. |
Solution |
Check the printer for any messages. |
Error Code |
OC10030 |
Text |
The MyID Client Service was unable to read the document. |
Details |
The MyID Client Service requires the WebView2 Runtime component to be installed on the client PC to allow it to read and print HTML document templates. |
Solution |
Check that all pre-requisites are installed before attempting to print the document. See the Client workstation section in the Installation and Configuration Guide for details. |
Error Code |
OC10031 |
Text |
The MyID Client Service was unable to read the document. |
Details |
The MyID Client Service could not read the mailing document due to a permissions error. |
Solution |
Check that the MyID Client Service is not running with elevated permissions. |
Error Code |
OC10032 |
Text |
A problem occurred when collecting the certificates. Please retry the operation. |
Details |
A technical problem occurred when processing the certificate using MyID client services.This issue requires detailed troubleshooting by a system administrator. Please consult MyID documentation for more information.", |
Solution |
If this issue can be reproduced, examine logs from the MyID client service at the time the problem occurred. To access the MyID client service log information, right click on the MyID icon in the Windows system tray on the computer affected and select 'Show'. This information may need to be analyzed by Intercede support." |
Error Code |
OC10033 |
Text |
Error notifying the server of sign out. Your client has still been signed out. |
Details |
A technical issued occurred when signing out. The session has been cleared on this computer but this issue should be reported to an administrator for further investigation if the problem persists. |
Solution |
Confirm that the authServerRevocationLocation is correctly set, the web.oauth2 web service has been configured correctly, and the database is reachable. The authServerRevocationLocation option is available in the appSettings.js file for the MyID Operator Client website, which is in the following folder on the web server by default: C:\Program Files\Intercede\MyID\OperatorClient The default value is: authServerRevocationLocation: "/web.oauth2/connect/revocation", |
Error Code |
WS10000 |
Text |
Server error |
Details |
An internal server error has occurred. |
Solution |
Retry the operation; the cause could be a temporary issue such as a database timeout due to server load. This error may also occur if you have configured your system to use the web server to store images and have attempted to upload an image using the MyID Operator Client; this is not a supported configuration; see the Displaying images stored on the web server section in the MyID Operator Client guide for details. If the problem persists, check the System Events and Audit Reporting workflows within MyID, then the rest.core logs for more information. For information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS10001 |
Text |
Unable to convert WSQ image to 378 biometric format |
Details |
The supplied WSQ image is either corrupt or invalid or the Aware components are not installed on the server. |
Solution |
Check that the WSQ image is valid. Check that the Aware components are installed on the server. See the Aware Fingerprint Capture guide provided with the Aware Fingerprint Capture module. |
Error Code |
WS10002 |
Text |
Unable to retrieve the values for the specified selection box. |
Details |
A problem has occurred with a dynamic drop-down list, where the contents of one list depend on another; MyID was unable to call the stored procedure specified for the dependent list. This feature may have been implemented on a custom system using Project Designer. |
Solution |
Check that your linked picklists are configured correctly in Project Designer; if your custom system was provided by Intercede, contact customer support, quoting the error reference WS10002. |
Error Code |
WS10003 |
Text |
Unable to retrieve the requested session information. |
Details |
There is an API method that allows you to retrieve information about the currently authenticated session. This error appears when there is a problem determining the session. |
Solution |
Re-authenticate and try again. |
Error Code |
WS10004 |
Text |
Unable to generate the requested report file. |
Details |
There is no report matching the specified operation id in the database. |
Solution |
Check the ID of the report and try again. |
Error Code |
WS10005 |
Text |
Unable to generate the requested EFT export file. |
Details |
When you export EFT files, MyID attempts to write them to the location specified in the EFT export directory configuration option (on the Import & Export tab of the Operation Settings workflow), or to the FileExport folder under the MyID installation folder if this is not set. The MyID COM user must have write access to this folder. |
Solution |
Make sure the MyID COM user has write access to the export folder and try again. |
Error Code |
WS10006 |
Text |
Unable to substitute values, entity name invalid. |
Details |
You have attempted to use a substitution code for the Additional Identity LDAP Self-Service User Filter configuration but have specified an entity other than People. You must use People in the substitution code; for example; [[People.LogonName]] |
Solution |
See the Setting up additional identities section in the Administration Guide for details of valid substitution codes. |
Error Code |
WS10007 |
Text |
Unable to substitute values, field name invalid. |
Details |
You have attempted to use a substitution code for the Additional Identity LDAP Self-Service User Filter configuration but have specified a field that is not in the vPeopleUserAccounts view. |
Solution |
See the Setting up additional identities section in the Administration Guide for details of valid substitution codes. |
Error Code |
WS20000 |
Text |
Server configuration error |
Details |
There is a problem with the server configuration. |
Solution |
Check the System Events, Audit Reporting workflows within MyID, then the rest.core logs for more information. For information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS20001 |
Text |
Server configuration error - DataDictionary is inconsistent |
Details |
The MyID Project Designer configuration is incorrect, preventing the server from starting correctly. |
Solution |
If you are using MyID Project Designer to develop your own custom configuration, use Project Designer to correct the configuration and reapply the project configuration. Check the logs for information about the faulty data. For information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS20002 |
Text |
Server configuration error - SearchCriteria is inconsistent |
Details |
The definition of the search criteria is incorrect. |
Solution |
This requires a database fix. You must contact customer support quoting reference SUP-327 and provide details of which search operation is experiencing this error. You will also be asked to provide log files; for information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS30000 |
Text |
Minimum data not supplied |
Details |
There has been a problem with the processing of information entered on the form. |
Solution |
Check the data you have entered and try again. |
Error Code |
WS30001 |
Text |
Invalid data supplied |
Details |
There has been a problem with the processing of information entered on the form. |
Solution |
Check the data you have entered and try again. |
Error Code |
WS30002 |
Text |
Validation problem, the value for <field name>, <details> |
Details |
This error occurs when the <field name> field contains a value that is not allowed. This is a generic error; you are more likely to see a more specific error that gives a reason for the validation problem. |
Solution |
Check the values you have entered for the specified field and try again. |
Error Code |
WS30003 |
Text |
Invalid person id specified |
Details |
The person you have specified does not exist; for example, the person may have been removed by another operator. Alternatively, you have specified a person over whom you do not have permission. |
Solution |
Check the data you have entered and try again. |
Error Code |
WS30004 |
Text |
Validation problem, the value for <field name>, invalid role specified |
Details |
You have selected a role that is not allowed. |
Solution |
Check the roles you have selected and try again. |
Error Code |
WS30005 |
Text |
Validation problem, the value for <field name>, must be no more than <number> characters |
Details |
The value you have entered for the specified field is too long. |
Solution |
Provide a shorter value for the field and try again. |
Error Code |
WS30006 |
Text |
Validation problem, the value for <field name>, invalid value for search criteria |
Details |
The value you have entered for the specified field is not allowed as part of the search criteria. |
Solution |
Check the search criteria you have entered and try again. |
Error Code |
WS30007 |
Text |
Validation problem, the value for <field name>, must contain a value |
Details |
You have not entered a value for the specified field. |
Solution |
Enter a value for the specified field and try again. |
Error Code |
WS30008 |
Text |
Validation problem, the value for <field name>, is not a selectable value |
Details |
You have provided a value for the specified field that is not available in the drop-down list. |
Solution |
Check the value you have entered for the specified field and try again. |
Error Code |
WS30009 |
Text |
Validation problem, the value for <field name>, <details> |
Details |
You have entered a value for the specified field that contains a value that is not allowed. The <details> provide more information about why this value was not allowed; for example, "must be a date in the past" or "must be alphanumeric". |
Solution |
Check the value you have entered for the specified field and try again. |
Error Code |
WS30010 |
Text |
Validation problem, the value for <field name>, fails Validation rule <rule> |
Details |
You have entered a value for the specified field that contains a value that is not allowed. There is no description for this validation rule; it may be a custom validation rule. |
Solution |
Check the values you have entered for the specified field and try again. |
Error Code |
WS30011 |
Text |
Validation problem, the value for <field name>, can only be 0 or 1 |
Details |
You have entered a value for the specified field other than 0 or 1, and this field only allows those values. |
Solution |
Enter a value of 0 or 1 in the specified field and try again. |
Error Code |
WS30012 |
Text |
Validation problem, the value for <field name>, must be a number |
Details |
You have entered a value for the specified field that is not a number. |
Solution |
Enter a number in the specified field and try again. |
Error Code |
WS30013 |
Text |
Validation problem, the value for <field name>, must be a valid uuid |
Details |
A field has been supplied to the server that is not a valid UUID (universally unique identifier). |
Solution |
If you are using the MyID Operator Client, retry the operation. If the problem persists, contact customer support, quoting reference SUP-328. You will be asked to provide log files; for information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS30014 |
Text |
Validation problem, the value for <field name>, must be a date or datetime |
Details |
You have entered a value for the specified field that is not a valid date or time and date value. |
Solution |
Check the value you have entered and try again. |
Error Code |
WS30015 |
Text |
Validation problem, the value for <field name>, is mandatory |
Details |
You have not entered a value for the specified field; this field is mandatory. |
Solution |
Enter a value for the specified field and try again. |
Error Code |
WS30016 |
Text |
Validation problem, the value for <field name>, is not a valid StatusMapping |
Details |
The value you have entered for the specified field is not a valid certificate reason (StatusMapping). |
Solution |
Check the value you have entered and try again. |
Error Code |
WS30017 |
Text |
Validation problem, the value for 'First Name', and 'Last Name' must be provided. |
Details |
You have attempted to save a person's record with neither a first name nor a last name. You must include one or both of these values. |
Solution |
Ensure that you have specified one or both of the First Name and Last Name fields, then attempt to save the person's record again. |
Error Code |
WS30018 |
Text |
Validation problem, the value for <field name>, is not an allowed value |
Details |
The value you have entered for the specified field is not permitted. |
Solution |
Check the value you have entered and try again. |
Error Code |
WS30019 |
Text |
Validation problem, the value for <field name>, is not correctly encoded binary data |
Details |
You have attempted to submit a file (for example, an image file) but the binary data file is not encoded correctly. |
Solution |
Check the file you are submitting and try again. |
Error Code |
WS30020 |
Text |
The value provided contains one or more characters which are disallowed. |
Details |
The provided password is not valid. |
Solution |
Provide a password that contains allowed characters and try again. |
Error Code |
WS30021 |
Text |
Biometric samples of the required type cannot be found for the user. |
Details |
Adjudication requires fingerprint samples captured using a 10-Slap enrollment device. Check that you have captured new fingerprints before submitting for adjudication. This error may also occur if the Fingerprints identification check enabled configuration option (on the Biometrics page of the Operation Settings workflow) is not set. |
Solution |
See the Adjudication Integration Guide provided with the Adjudication module and the Aware Fingerprint Capture guide provided with the Aware Fingerprint Capture module for details. |
Error Code |
WS30022 |
Text |
must be a date in the future |
Details |
The field failed validation as the provided value can only be a date in the future. |
Solution |
Provide a date in the future and try again. |
Error Code |
WS30023 |
Text |
must be a date in the past |
Details |
The field failed validation as the provided value can only be a date in the past. |
Solution |
Provide a date in the past and try again. |
Error Code |
WS30024 |
Text |
Serial number range information must be supplied. |
Details |
You have attempted to import devices without providing a serial number range. |
Solution |
Provide a range of serial numbers to import and try again. |
Error Code |
WS30025 |
Text |
must be a date in the past within correct range |
Details |
The field failed validation as the provided value must be a date within correct range in the past. |
Solution |
Provide a date in the past in the correct range and try again. |
Error Code |
WS30026 |
Text |
must be a date in the future within correct range |
Details |
The field failed validation as the provided value must be a date within correct range in the future. |
Solution |
Provide a date in the future in the correct range and try again. |
Error Code |
WS40000 |
Text |
Validation problem, the value for 'Distinguished Name', already exists |
Details |
You have specified a Distinguished Name for the person that is already used for a different person, and your system is configured to require unique DNs. |
Solution |
Enter a unique DN for the person and try again. |
Error Code |
WS40001 |
Text |
Validation problem, the value for ‘Logon’, already exists |
Details |
You have specified a Logon name for the person that is already used for another person. Logon names must be unique. |
Solution |
Enter a unique logon name and try again. |
Error Code |
WS40002 |
Text |
The specified Credential Profile could not be found |
Details |
The credential profile you selected is no longer available. |
Solution |
Select a different credential profile and try again. |
Error Code |
WS40003 |
Text |
Duplicate group name is not allowed (a group with this name already exists for this parent) |
Details |
You have specified a group name that already exists. Groups that are located under the same parent group must have unique names. |
Solution |
Enter a new group name and try again. |
Error Code |
WS40004 |
Text |
Unable to get default roles for group |
Details |
When adding a person, default roles are retrieved from that person's group – this operation has failed. |
Solution |
Retry the operation. Make sure that the group you have selected is valid. |
Error Code |
WS40005 |
Text |
The item referenced was not found |
Details |
You have selected an item (for example, a person, device, or request) that does not exist, has been removed by another operator, or over which you do not have permission. |
Solution |
Retry the operation. If the problem persists, check that you have sufficient privilege to access the item. You may have attempted to carry out an operation on a request that has been canceled. Make sure the item is in the correct status. Check the MyID System Events workflow and the rest.core logs for more information. For information on configuring logging, see the MyID REST and authentication web services section in the Configuring Logging guide. |
Error Code |
WS40006 |
Text |
The required group, <group name>, is not available |
Details |
You have specified a group that is not available. |
Solution |
Check the group name and try again. |
Error Code |
WS40007 |
Text |
The user location in the directory could not be matched to an existing group |
Details |
When importing a person to the MyID database from a directory, the person could not be matched to a group in MyID. |
Solution |
Error Code |
WS40008 |
Text |
Directory synchronization is not available with this API due to configuration or role limitations |
Details |
An attempt has been made to synchronize a person with the directory manually; however, this operation is disabled due to system configuration. Directory synchronization is controlled by the following configuration:
Solution |
As the button appears only when it is allowed by system configuration, this error is unlikely to appear. However, if it does appear, it means that a client is out of step with the server configuration. Shut down the client, clear the browser cache, and try the operation again. |
Error Code |
WS40009 |
Text |
You must provide a reason for rejecting the specified request. |
Details |
You have attempted to reject a request without specifying a reason. A reason is mandatory when rejecting a request. |
Solution |
Specify a reason for rejecting the request and try again. |
Error Code |
WS40010 |
Text |
You must provide a reason for canceling the specified request. |
Details |
You have attempted to cancel a request without specifying a reason. A reason is mandatory when canceling a request. |
Solution |
Specify a reason for canceling the request and try again. |
Error Code |
WS40011 |
Text |
When creating or approving a request, the job expiry date must be in the future. Either the newly selected request maximum expiry date, or the user maximum expiry date of the request target is in the past. |
Details |
Either the selected maximum expiry date for the request, or the user maximum expiry date is in the past. |
Solution |
Specify a date for the request that is in the future and try again. |
Error Code |
WS40012 |
Text |
The device cannot be replaced because it is not issued |
Details |
You have specified a device to be replaced, but MyID does not recognize it as an issued device. |
Solution |
Specify a valid issued device and try again. This error may occur if you attempt to update a key recovery card; key recovery cards are not fully-featured MyID cards and can only be used for key recovery. |
Error Code |
WS40013 |
Text |
The device cannot be replaced because it is has already expired |
Details |
You have specified a device to be replaced, but it has already expired. |
Solution |
Specify a currently-issued device to be replaced, or request a new device to replace the original expired device. |
Error Code |
WS40014 |
Text |
The device cannot be replaced because it is too close to its expiry date |
Details |
You have attempted to replace a device, but it will expire soon. You must renew the device instead.
Solution |
Renew the device. |
Error Code |
WS40015 |
Text |
The device cannot be replaced because it does not have a credential profile |
Details |
You have attempted to replace a device, but the credential profile used to issue the device has been removed. |
Solution |
Cancel the device and issue a new one. |
Error Code |
WS40016 |
Text |
The device cannot be renewed because its remaining lifetime does not fall within the configured window for renewals |
Details |
Solution |
Wait for the device to fall within the window for renewals before trying again. |
Error Code |
WS40017 |
Text |
You must provide at least one resource name. |
Details |
When requesting translations a resource name must be specified. |
Solution |
Ensure that the resource name is specified; see the Swagger documentation for the MyID Core API for more details. |
Error Code |
WS40018 |
Text |
You must provide a language. |
Details |
The language value was not specified in the body in call to set the language. |
Solution |
Ensure that the language is specified; see the Swagger documentation for the MyID Core API for more details. |
Error Code |
WS40019 |
Text |
The specified language has not been configured for use. |
Details |
There is no resource file on the server for the language specified. |
Solution |
Create a new resource file for the specified language. For information about translating the MyID interface, contact customer support quoting reference SUP-138. |
Error Code |
WS40020 |
Text |
No languages have been configured for use. |
Details |
There are no resource files installed on the server. |
Solution |
Your installation appears to have become corrupt. Check your backups. |
Error Code |
WS40021 |
Text |
The specified entity does not exist. |
Details |
A report is attempting to reference an unsupported entity. |
Solution |
The report is incorrectly defined. Redefine it to reference one of the following:
Error Code |
WS40022 |
Text |
The specified operation id is not a valid search operation. |
Details |
There is no report matching the specified operation id in the database. |
Solution |
Check the ID of the report and try again. |
Error Code |
WS40023 |
Text |
The specified search operation id cannot be used for this endpoint. |
Details |
Each operation id is linked to a specific entity; for example, device, people, request. |
Solution |
Check the operation ID and try again. |
Error Code |
WS40024 |
Text |
The delivery mechanism specified does not exist or is not allowed for this operation. |
Details |
Only specific delivery mechanisms are allowed based on the specific operation. |
Solution |
Get a list of suitable delivery mechanisms by making a call to: GET /api/Devices/{id}/codes/deliveryMechanisms See the Swagger documentation for the MyID Core API for more details. |
Error Code |
WS40025 |
Text |
The user does not have the required contact details for this delivery mechanism. |
Details |
A request to send the user an email notification when the user does not have an email address or an SMS notification when the user does not have a cell phone number was attempted. The audit of the attempt will detail which property is required. |
Solution |
Update the person to specify their email address or mobile number. |
Error Code |
WS40026 |
Text |
The specified delivery mechanism is not enabled for this operation. |
Details |
A request to send the user a notification was attempted when the email template is not enabled. The audit of the attempt will detail which email template was selected. |
Solution |
Use the Email Templates workflow to enable the required email template or select an alternative email template. |
Error Code |
WS40027 |
Text |
An auth code action must be supplied. |
Details |
When requesting a list of delivery mechanisms an action must be specified. |
Solution |
See the Swagger documentation for the MyID Core API for more details. |
Error Code |
WS40028 |
Text |
The specified auth code action: {0}, is not supported. |
Details |
The specified action is not supported. |
Solution |
The action specified must be one of the following
Error Code |
WS40029 |
Text |
The specified auth code action: {0}, is not supported for this item. |
Details |
Each action is linked to a specific entity. |
Solution |
Ensure you only select an action appropriate to the entity:
Error Code |
WS40030 |
Text |
Email notifications have not been configured. Please contact your administrator. |
Details |
An attempt to send a notification was made when notifications are not configured. |
Solution |
See the Setting up email section in the Advanced Configuration Guide for details. |
Error Code |
WS40031 |
Text |
This device is already assigned, and must be canceled before it can be reassigned to a different person. The system is not configured to allow unrestricted cancellation. |
Details |
The |
Solution |
Cancel the device before attempting to assign it. Alternatively, if you want to assign a device without first canceling it, you must set the Unrestricted Cancellation option in the credential profile. This option appears only if the Enable unrestricted cancellation option on the Issuance Processes tab of the Operation Settings workflow is set to Yes |
Error Code |
WS40032 |
Text |
This device has a disposal status that prevents it being issued again. |
Details |
The selected device has a disposal status of 'Lost', 'Disposed' or 'Collected'. |
Solution |
Either select a different device, or change the disposal status of the selected device. |
Error Code |
WS40033 |
Text |
This device cannot be issued or updated by MyID. |
Details |
The selected device is 'Unmanaged', does not have GlobalPlatform or 9B keys, or cannot be issued due to secure by default configuration. |
Solution |
Either select a different device, or ensure the correct keys have been entered into MyID to make the selected device issuable. |
Error Code |
WS40034 |
Text |
The request already has an assigned device. |
Details |
The request already has a device assigned. |
Solution |
Either select a different device, or unassign the selected device from its current request. |
Error Code |
WS40035 |
Text |
The request type does not permit device assignment. |
Details |
The selected request is not an issuance or replacement issuance request. |
Solution |
This request cannot be used to assign a device; select a different request. |
Error Code |
WS40036 |
Text |
The request is not awaiting issuance or awaiting validation. |
Details |
The selected request is not at status 'Awaiting Issue' or 'Awaiting Validation'. |
Solution |
Adjust the selected request to be an appropriate status before assigning a device to it. |
Error Code |
WS40037 |
Text |
The request is for a person that is not within the authenticated operators scope |
Details |
The target user for the request is outside the scope of the authenticated operator. |
Solution |
Either adjust your MyID group and role settings to ensure the target for the request is in scope of the authenticated operator, or assign the device to the request using a different operator who has scope over the target for the request. |
Error Code |
WS40038 |
Text |
This device is not known to MyID and the credential profile can only be used with known serial numbers. |
Details |
The selected device is not known to the MyID database |
Solution |
Use a different device that is known to the MyID database. Alternatively, import the device to the MyID database using the Import Serial Numbers workflow, or change the credential profile to deselect the Only Issue to Known Serial Numbers option. |
Error Code |
WS40039 |
Text |
This device does not meet the requirements of the credential profile. |
Details |
The device selected is not a 'Contact' or 'Contactless' card or the credential profile is not of encoding type 'Contact' or 'Contactless'. 'Contact' cards can only be selected for 'Contact' encoding type credential profiles, and 'Contactless' cards can only be selected for 'Contactless' encoding type credential profiles. |
Solution |
Select a device that is compatible with the credential profile assigned to the request. |
Error Code |
WS40040 |
Text |
The request does not have an assigned device. |
Details |
The selected request does not have a device assigned to it. |
Solution |
Ensure the request has a device assigned to it, or select a different request. |
Error Code |
WS40041 |
Text |
This device is already assigned, and must be canceled before it can be reassigned to a different person. |
Details |
The |
Solution |
Cancel the device before attempting to assign it. Alternatively, if you want to assign a device without first canceling it, you must set the Unrestricted Cancellation option in the credential profile. This option appears only if the Enable unrestricted cancellation option on the Issuance Processes tab of the Operation Settings workflow is set to Yes |
Error Code |
WS40042 |
Text |
This device is assigned to the current operator. |
Details |
The selected device is already assigned to the current operator. |
Solution |
Select a different device. |
Error Code |
WS40044 |
Text |
There are no status mappings available for the selected operation. |
Details |
The attempted operation requires a status mapping to be selected, but there are no status mappings available for that operation ID. |
Solution |
You can check the vAllowedStatuses view in the database, which shows the operations that have corresponding status mappings. |
Error Code |
WS40045 |
Text |
The device cannot be updated because it has already expired. |
Details |
To perform this operation, the selected device must not have expired. This error may occur when attempting to reinstate a device, if the original device has expired. |
Solution |
Either renew the device, or issue a new device. |
Error Code |
WS40046 |
Text |
The device cannot be updated because the issuance process has not been completed. |
Details |
The device must have a process status of Active and be assigned to a person. |
Solution |
Ensure that the device has an owner, and that it is issued. This error may occur if you attempt to update a key recovery card; key recovery cards are not fully-featured MyID cards and can only be used for key recovery. |
Error Code |
WS40047 |
Text |
The device cannot be updated because it does not have a credential profile. |
Details |
The selected device must have a credential profile. |
Solution |
Ensure that the device has not been canceled or erased. Reissue the device if necessary. |
Error Code |
WS40048 |
Text |
The location cannot be updated because an existing location has the requested name. |
Details |
You have attempted to create or edit a location but have specified the name of an existing location. Location names must be unique. |
Solution |
Type a different name and try again. |
Error Code |
WS40049 |
Text |
The device cannot be transferred because it is in an invalid state. |
Details |
You have attempted to transfer a device, but it is currently assigned to a person or is already allocated to a stock transfer. |
Solution |
Select a different device and try again. |
Error Code |
WS40050 |
Text |
The device cannot be canceled and have its disposal status set to <Status>. |
Details |
You have attempted to cancel a device and set its disposal status to an invalid value. |
Solution |
Select an appropriate disposal status for the device. |
Error Code |
WS40051 |
Text |
The device is still active and has not expired, so cannot have its disposal status changed. |
Details |
You have attempted to set the disposal status for a device that is still active. |
Solution |
Cancel the device first then set the disposal status. |
Error Code |
WS40052 |
Text |
The device has expired but the system is configured to not allow expired devices to have their disposal status changed. |
Details |
You have attempted to set the disposal status for a device that has expired, but the Allow disposal of expired devices configuration option is set to No. |
Solution |
Set the Allow disposal of expired devices configuration option to Yes and try again. |
Error Code |
WS40053 |
Text |
The device selected cannot be disposed. Please refer to product documentation for further guidance. |
Details |
You have specified a device of type ServerCredential for disposal using the API; you cannot set the disposal status of these devices. |
Solution |
Select a different device and try again. |
Error Code |
WS40054 |
Text |
The additional identity specified already exists. |
Details |
You have attempted to add an additional identity to a person who already has that user and certificate policy selected as an additional identity. |
Solution |
Select a different user or certificate policy and try again. |
Error Code |
WS40055 |
Text |
The request doesn't have an assigned device |
Details |
A server document has been attempted to be generated for a request that does not have an assigned device. |
Solution |
Select a different request and try again. |
Error Code |
WS40056 |
Text |
The credential profile does not have a document for the requested doctype |
Details |
You have attempted to print a document, but there is no document template selected in the credential profile. |
Solution |
Edit the credential profile to select a document template and try again. |
Error Code |
WS40057 |
Text |
Unable to generate a server document, the request type is invalid. |
Details |
You have attempted to print a document for a type of request that does not support printing documents. This may also occur if you have attempted to print a document for a request that has been canceled. |
Solution |
Select a different request and try again. |
Error Code |
WS40058 |
Text |
Unable to generate a server document, the status of the request is invalid. |
Details |
You have attempted to print a document for a request that has not been completed. |
Solution |
Complete the request and try to print the document again. |
Error Code |
WS40059 |
Text |
Unable to generate a server document, the collection period is over. |
Details |
Your system has been customized with a time limit for printing mailing documents, and it has been too long since the job was completed. |
Solution |
You cannot print a document for this device. If you want to print a document, you must issue a new device. |
Error Code |
WS40060 |
Text |
Unable to generate a server document, PIN Mailer request not found. |
Details |
You have attempted to print a PIN mailer, but there is no request for the PIN mailer. |
Solution |
Select a different request and try again. Alternatively, ensure that the original request has been collected, and a PIN mailer request has been generated. |
Error Code |
WS40061 |
Text |
Unable to generate a server document, unknown document type. |
Details |
You have attempted to print a document, but the specified document type in not correct. |
Solution |
Check the document type and try again. |
Error Code |
WS40062 |
Text |
The device is currently assigned and cannot be reinstated |
Details |
You have attempted to reinstate a device that is still assigned to a person. |
Solution |
Choose a different device and try again. |
Error Code |
WS40063 |
Text |
The device has not previously been assigned and cannot be reinstated |
Details |
You have attempted to reinstate a device, but the device has not previously been assigned to a person on the current MyID system, so cannot be reinstated. |
Solution |
Choose a different device and try again. |
Error Code |
WS40064 |
Text |
The device is in an invalid state and cannot be reinstated |
Details |
You have attempted to reinstate a device, but it is not in the correct state. |
Solution |
Choose a different device and try again. |
Error Code |
WS40065 |
Text |
Device cannot be reinstated because it is not a card |
Details |
You have attempted to reinstate a device, but it is not a smart card. |
Solution |
Choose a different device and try again. |
Error Code |
WS40066 |
Text |
The certificate cannot have its renewal status changed as it is not currently issued. |
Details |
Certificate has not yet been successfully collected, and needs be fully issued before being able to change the renewal settings. |
Solution |
Collect the certificate and ensure that it is fully issued, then try again. |
Error Code |
WS50000 |
Text |
Your current authentication level cannot access this information. The logon credential used, roles that logon credential can access and scope available to those roles may limit your access |
Details |
You do not have permission to perform the requested operation. |
Solution |
Check the roles and scope for the operator who is attempting to carry out this operation. It is possible to have different scopes for different operations; for example, you may be allowed to view all people in the system, but only be allowed to edit people from a particular group. Check the MyID System Events and Audit Reporting workflows for more information about the operation being attempted. |
Error Code |
WS50001 |
Text |
Licence Limit Reached |
Details |
You have attempted to add a person or request a device but have reached the maximum number of people or devices. |
Solution |
Either remove some people or devices that are no longer required, or request extra licenses from Intercede. See the Requesting licenses section in the Administration Guide for details. |
Error Code |
WS50002 |
Text |
You do not have permission to update your own device |
Details |
The system is configured using the Self-service option (on the Self-Service page of the Security Settings workflow) to prevent you from performing updates to devices that belong to you; for example, you are not allowed to enable a disabled device that belongs to you. |
Solution |
Ask another operator to update the device for you. |
Error Code |
WS50003 |
Text |
You do not have permission to update the device you authenticated with |
Details |
You have attempted to perform an update on the device that you logged on with. This is not allowed. |
Solution |
Ask another operator to update the device for you. |
Error Code |
WS50004 |
Text |
The system is not configured to allow you to edit your own information |
Details |
The system is configured to prevent you from updating your own details. |
Solution |
Ask another operator to edit your information. |
Error Code |
WS50005 |
Text |
Searching for people in the database is disabled |
Details |
You have attempted to search for a person in the MyID database, but MyID is not configured to do so. |
Solution |
You can search the MyID database only if you have configured MyID to do so |
Error Code |
WS50006 |
Text |
Searching for people in the directory is disabled |
Details |
You have attempted to search for a person in an attached directory, but MyID is not configured to do so. |
Solution |
You can search a directory only if you have configured MyID to do so |
Error Code |
WS50007 |
Text |
Invalid job status change |
Details |
You have attempted to update a request job to a status that is not permitted. |
Solution |
The MyID Operator Client prevents you from making changes that are not permitted; however, it is possible that another operator has made a change to the status of the request job at the same time. Retry the operation; if the problem persists, close the Operator Client, clear the browser cache, and try again. If the problem persists further, check the MyID System Events and Audit Reporting workflows. |
Error Code |
WS50008 |
Text |
Your assigned roles do not have permission to request the credential profile specified |
Details |
You have specified a credential profile to which you do not have access. |
Solution |
The credential profiles available depend on the role of the operator and the role of the person for whom you are requesting the device; see the details of the Can Request option in the Constrain credential profile issuer section in the Administration Guide. |
Error Code |
WS50009 |
Text |
It is not possible to create requests for yourself or your devices. |
Details |
This message occurs when an attempt is made by an operator to request their own credentials. It could occur when:
Solution |
Ask another operator to carry out the operation. |
Error Code |
WS50010 |
Text |
Your assigned roles do not have permission to approve or reject requests for this credential profile |
Details |
You have attempted to approve or reject a request that uses a credential profile that you are not allowed to validate. |
Solution |
The credential profiles you can validate depend on your role; see the details of the Can Validate option in the Constrain credential profile validator section in the Administration Guide. |
Error Code |
WS50011 |
Text |
The person selected does not have a role assigned that can hold the requested credential profile |
Details |
You have attempted to request a device using a credential profile to which the person does not have access. |
Solution |
The credential profiles available depend on the role of the operator and the role of the person for whom you are requesting the device; see the details of the Can Receive option in the Linking credential profiles to roles section in the Administration Guide. |
Error Code |
WS50012 |
Text |
The person selected does not have user data approved. The credential profile requires user data to be approved before it can be requested |
Details |
You have attempted to request a device using a credential profile that requires the person to have the User Data Approved flag set on their account, but the person does not have this flag set. |
Solution |
Either set the User Data Approved flag, or edit the credential profile so that it does not require this flag |
Error Code |
WS50013 |
Text |
The account selected is not compatible with this request (kind is mismatched) |
Details |
Requests cannot be made for the selected person. This could be due to this account being a special kind of record that represents a non-person entity (for example, for device identities). |
Solution |
If you are trying to request a credential for a non-person, such as a device identity, use MyID Desktop instead; the MyID Operator Client does not currently support requests of this kind. If you continue to have problems, check the configuration of the credential profile you are using. You can also check the MyID System Events and Audit Reporting workflows. |
Error Code |
WS50014 |
Text |
You are not permitted to approve or reject requests that you have made |
Details |
You have attempted to approve or reject a request that you initiated. You cannot validate these requests. |
Solution |
Ask another operator to validate the request. |
Error Code |
WS50015 |
Text |
You are not permitted to approve or reject requests that you will receive |
Details |
You have attempted to approve or reject a request for your own device. You cannot validate these requests. |
Solution |
Ask another operator to validate the request. |
Error Code |
WS50016 |
Text |
The person selected does not have all required information for this credential profile. Check the Person History audit details to identify the missing requisite user data. |
Details |
You have specified a credential profile that has specific requisite user data requirements; the person you have specified does not meet those requirements. |
Solution |
Carry out one of the following:
See the Requisite User Data section in the Administration Guide for details. |
Error Code |
WS50017 |
Text |
The person selected does not have a Distinguished Name. This profile requires a Distinguished Name for credential issuance. |
Details |
You have specified a credential profile that requires a Distinguished Name for issuing its certificates. |
Solution |
Update the person's user account to provide a Distinguished Name. |
Error Code |
WS50018 |
Text |
This credential profile can only be requested using a Derived Credential process |
Details |
You have specified a credential profile that is used for Derived Credentials. |
Solution |
Specify a different credential profile, or request the device using the appropriate process for derived credentials |
Error Code |
WS50019 |
Text |
Requests created using this API must include an appropriate encoding type |
Details |
The MyID Operator Client supports credential profiles with a restricted list of Card Encoding options. |
Solution |
Check the credential profile you are trying to use. Either select a credential profile that is supported by the MyID Operator Client, or, if you need to use a credential profile that is not supported, use MyID Desktop instead. See the Requesting a device for a person section in the MyID Operator Client guide. |
Error Code |
WS50020 |
Text |
A requested role has been excluded through the application of group role restrictions |
Details |
You have requested a role for a person that is not available because the person's group does not allow this role. |
Solution |
Either select a different role or amend the group so that it has access to the required role. See the Changing a group section in the Operator's Guide for details. |
Error Code |
WS50021 |
Text |
The scope requested for a role is greater than the maximum scope assignable by the current operator |
Details |
You have requested a scope level that is higher than your own scope. An operator cannot assign a scope higher than their own level. |
Solution |
Request a lower scope level that is at your own level or lower. |
Error Code |
WS50022 |
Text |
A requested role is manager controlled and the operator does not hold the role that would permit them to assign it |
Details |
You have requested a role that is restricted by the Managed By option. |
Solution |
Either select a different role, or update the Managed By option for the required role to contain one of your own roles; this will allow you to assign the role. See the Controlling the assigning of roles section in the Administration Guide. |
Error Code |
WS50023 |
Text |
This type of request is not allowed to be updated |
Details |
You have attempted to update a request that is not allowed to be updated. |
Solution |
Retry the operation. Further information is available in the MyID System Events and Audit Reporting workflows. |
Error Code |
WS50024 |
Text |
Enabling/Disabling a directory person is not allowed |
Details |
You have attempted to enable or disable a person whose details are stored in a directory. You can enable or disable user accounts for people only if they are stored in the MyID database. |
Solution |
Select a person in the MyID database and try again. |
Error Code |
WS50025 |
Text |
You do not have permissions to edit PIV applicants |
Details |
You have attempted to edit a PIV applicant; this is not possible as you do not have permission to use the Edit PIV Applicant feature. |
Solution |
Check the role and permission assignments of the operator. |
Error Code |
WS50026 |
Text |
You do not have permission to add or remove the specified administrator groups |
Details |
You have attempted to add or remove administration groups but you do not have permission to those groups. |
Solution |
Request permission from an administrator; see the Administrative groups section in the Administration Guide for details. |
Error Code |
WS50027 |
Text |
The operator does not have sufficient scope to create a request for this account |
Details |
You have attempted to create a request for a person, but that person does not sit within your scope. |
Solution |
Check your scope; see the Scope and security section in the Administration Guide for details. |
Error Code |
WS50028 |
Text |
You cannot validate or reject a request which does not have an Awaiting Validation status |
Details |
You have attempted to validate or reject a request, but the request is not awaiting validation, so does not need to be validated or rejected. |
Solution |
Check the status of the request. |
Error Code |
WS50029 |
Text |
You cannot cancel a request which has a Completed, Canceled or Failed status |
Details |
You have attempted to cancel a request, but the request's status is Completed, Canceled or Failed; requests at those statuses do not need to be canceled. |
Solution |
Check the status of the request. |
Error Code |
WS50030 |
Text |
The person selected does not have a photo. The credential profile requires the user to have a photo before it can be requested |
Details |
The Enforce Photo at Issuance option in the credential profile is set to Request and Issuance, which means that you cannot request or issue a card if the cardholder does not have a photo. |
Solution |
Capture a photo for the person and try again. Alternatively, edit the credential profile to set the Enforce Photo at Issuance option to No. |
Error Code |
WS50031 |
Text |
Operation ID <operation> is not a permitted clone of operation <operation> |
Details |
An API call has been made which violates the cloned operation configuration. |
Solution |
If this occurs when using the MyID Operator Client, contact customer support. If this occurs when calling the REST API directly, check the op parameter references an allowed cloned operation. |
Error Code |
WS50032 |
Text |
The conditions on the Operation with ID <operation ID> prohibit use of the operation for the target entity |
Details |
An operation has been attempted that is not permitted for the entity that would be affected by the operation. For example, the device type may be incompatible with the requested operation, or the person may be not be at an appropriate status |
Solution |
This may occur in batch operations in the MyID Operator Client when you select an item that is not suitable; for example, if you select a device for a batch cancellation operation, but the device was issued with the Validate Cancellation option. If calling the API directly, make sure the operation that is being used is permitted for the entity that would be affected by the operation. For example, this error will occur when using the Edit Person operation to attempt to edit a person who holds the PIV Applicant role. |
Error Code |
WS50033 |
Text |
The person selected does not have fingerprint biometrics. The credential profile requires that the recipient has fingerprint biometrics enrolled. |
Details |
You have attempted to request a device for a person who does not have fingerprints stored in the MyID database, the credential profile for the device has the Require Fingerprints at Issuance option set, and the Enforce biometrics at request configuration option (on the Biometrics page of the Operation Settings workflow) is set. |
Solution |
Enroll fingerprints for the person, select a different credential profile that does not have the Require Fingerprints at Issuance option set, or set the Enforce biometrics at request configuration option to No. |
Error Code |
WS50034 |
Text |
The person selected does not have facial biometrics. The credential profile requires that the recipient has facial biometrics enrolled. |
Details |
You have attempted to request a device for a person who does not have fingerprints stored in the MyID database, the credential profile for the device has the Require Facial Biometrics option set, and the Enforce biometrics at request configuration option (on the Biometrics page of the Operation Settings workflow) is set. |
Solution |
Enroll facial biometrics for the person, select a different credential profile that does not have the Require Facial Biometrics option set, or set the Enforce biometrics at request configuration option to No. |
Error Code |
WS50035 |
Text |
An existing request has been found that prevents this action. Check requests that are already created and if necessary cancel them. |
Details |
You have attempted to request a device for a person using a credential profile that has the Block Multiple Requests for Credential Group set, and the person already has an existing request for a device from the same credential group. |
Solution |
Request a device from a different credential profile that is not subject to the same credential group restrictions, or cancel the existing request, if necessary. See the Block Multiple Requests for Credential Group section in the Administration Guide. |
Error Code |
WS50036 |
Text |
The person selected has a maximum credential expiry date that is before the date requested. |
Details |
You have requested an expiry date for a device that is after the person's maximum credential expiry date. |
Solution |
Choose an expiry date for the device that is before the person's maximum credential expiry date, and try again. See the |
Error Code |
WS50037 |
Text |
Creating a request is not allowed. <details> |
Details |
You have attempted to create a request, but it does not meet the criteria set by a customized system. The <details> may provide more information. |
Solution |
Check the requirements of the customized system, adjust the request to meet those requirements, then try again. |
Error Code |
WS50038 |
Text |
The selected credential profile is not allowed because the person that requested the job was not allowed to request this credential profile. |
Details |
The system has checked the permissions on the job (for example, the device request) and the issuer does not have the required permissions to request the credential profile selected. |
Solution |
Select a different credential profile, or cancel the request and create a new device request. |
Error Code |
WS50039 |
Text |
You cannot action your own adjudications. |
Details |
The operator has attempted to generate or update an adjudication request for themselves. |
Solution |
Ask another operator to carry out the adjudication. |
Error Code |
WS50040 |
Text |
You do not have permission to perform this operation against the selected item. |
Details |
You have attempted to perform an action on an item, but your scope does not permit the action. For example, if you have scope that allows you to view a user, and permission to validate requests, but your validate request scope does not allow you to validate requests for that user, you can attempt to validate a request for the user, but the action will not succeed, and this error appears. |
Solution |
Make sure that your scope permits you to carry out the appropriate actions for the target user, then try again. |
Error Code |
WS50041 |
Text |
This action cannot be performed because the user has outstanding adjudications. |
Details |
A person can only have one adjudication that is being processed at once. This error appears when an adjudication request is attempted for a person who has an outstanding unfinished request. |
Solution |
Complete or cancel the existing adjudication. |
Error Code |
WS50042 |
Text |
The request task type is not supported by the credential profile. |
Details |
The system can restrict certain credential profiles being used for certain types of jobs. For example, you cannot issue a VSC to a FIDO authenticator. |
Solution |
Select the correct device type for the credential profile. |
Error Code |
WS50043 |
Text |
This credential profile can only be requested from Request Device. |
Details |
Request Card has been used for to generate a request for a FIDO device. There is a different workflow used to request FIDO device jobs. |
Solution |
Use the correct process for requesting FIDO authenticators. |
Error Code |
WS50044 |
Text |
This device requires secondary authorization to cancel it. Please use the MyID Desktop Cancel Credentials workflow. |
Details |
You have attempted to cancel a device that was issued with a credential profile that had the Validate Cancellation option selected. Validating cancellations is not supported in the MyID Operator Client. |
Solution |
Use the Cancel Credential workflow in MyID Desktop to cancel the device. |
Error Code |
WS50045 |
Text |
The device selected cannot be canceled. Please refer to product documentation for further guidance. |
Details |
You have attempted to cancel a server credential. You cannot cancel server credentials. |
Solution |
Choose a different device and try again. |
Error Code |
WS50046 |
Text |
The specified resource is not accessible, or does not exist. |
Details |
The resource requested needs to be one of the allowed resources. |
Solution |
The resource should be one of the following
Error Code |
WS50047 |
Text |
Requests for Software Certificate Packages are not permitted for this operation. |
Details |
The credential profile specified does not allow issuance of software certificates. |
Solution |
Select a different credential profile or update the current credential profile to allow for software certificates. |
Error Code |
WS50048 |
Text |
You do not have permission to download reports. |
Details |
The user requires permission to each specific report. |
Solution |
Grant the user additional roles or use the Edit Roles workflow to ensure the user has the required permissions. See the Granting access to reports section in the MyID Operator Client guide for details. |
Error Code |
WS50049 |
Text |
Additional authorization is required to perform this operation. |
Details |
Some workflows require additional authorization, such as a biometric check to perform. |
Solution |
You need to perform the secondaryAuth as specified in the link returned. |
Error Code |
WS50050 |
Text |
The request is not at a valid status for this operation. |
Details |
You have attempted to carry out an operation on a request, but the request is at the wrong status. |
Solution |
Select a different request and try again. |
Error Code |
WS50051 |
Text |
There are no available reports to perform a secondary search. |
Details |
The operator does not have permission to any reports to perform a secondary search within the MyID Operator Client. |
Solution |
Check the MyID permissions are correct using the Edit Roles workflow. |
Error Code |
WS50052 |
Text |
The device owner has a maximum expiry date that is earlier than the expiry date of the device. The update cannot be requested because the credential profile does not have Ignore User Expiry Date set. |
Details |
Solution |
Increase the maximum credential expiry date for the device owner |
Error Code |
WS50053 |
Text |
The capabilities of the selected credential profile are not supported by this operation. |
Details |
Certain operations may allow only certain card capabilities for a device. For example, Request Update allows only Contact This error may occur if you attempt to select a credential profile configured for derived credentials. Derived credentials must follow a different request process; for example, see the Requesting a Derived Credential section in the Derived Credentials Self-Service Request Portal guide. |
Solution |
Select a credential profile that has one of the capabilities specified for the operation. You can check the JSON conditions in the Operations table of the MyID database for that operation ID. |
Error Code |
WS50054 |
Text |
The selected credential profile has different capabilities to the current device credential profile. |
Details |
Certain operations allow you to change the credential profile of a device. This error means that when changing the credential profile, you must select a profile which has exactly the same card capabilities as the previous credential profile. |
Solution |
Examine the previous profile in the Credential Profiles workflow, and create the new credential profile for the device to have the same card capabilities. |
Error Code |
WS50055 |
Text |
The user has an existing request or device that exists with a different exclusive group, the request cannot be added. |
Details |
You have attempted to request a device that has an exclusive group specified in its credential profile, but the target of the request already has a device, or a request for a device, that has a different exclusive group. You cannot have devices from different exclusive groups. |
Solution |
See the Exclusive Group section in the Administration Guide for details. |
Error Code |
WS50056 |
Text |
The user has an existing request or device that exists with a different exclusive group, the request cannot be validated. |
Details |
You have attempted to validate a request for a device that has an exclusive group specified in its credential profile, but the target of the request already has a device, or a request for a device, that has a different exclusive group. You cannot have devices from different exclusive groups. |
Solution |
See the Exclusive Group section in the Administration Guide for details. |
Error Code |
WS50057 |
Text |
The user has an existing request or device that exists with a different exclusive group, the request cannot be collected. |
Details |
You have attempted to collect a request for a device that has an exclusive group specified in its credential profile, but the target of the request already has a device, or a request for a device, that has a different exclusive group. You cannot have devices from different exclusive groups. |
Solution |
See the Exclusive Group section in the Administration Guide for details. |
Error Code |
WS50058 |
Text |
The selected user has no suitable biometric samples for EFT export. |
Details |
You have selected a person who does not have suitable biometric samples enrolled, and therefore cannot have their biometric samples exported as EFT. The person must either have an existing EFT stored, or suitable WSQ or WSQ roll image stored, from which an EFT can be generated then exported. |
Solution |
Ensure the selected person has the appropriate biometrics enrolled, or select a different person. |
Error Code |
WS50059 |
Text |
The selected user has no fingerprint rolls available for EFT export. |
Details |
You have selected a person who does not have suitable fingerprint rolls captured, and therefore cannot have their biometric samples exported as EFT. The person must either have an existing EFT stored, or suitable WSQ or WSQ roll image stored, from which an EFT can be generated then exported. |
Solution |
Ensure the selected person has the appropriate biometrics enrolled, or select a different person. |
Error Code |
WS50060 |
Text |
Maximum number of generated sequential serial numbers exceeded. |
Details |
You can import a maximum of 10,000 devices at one time. |
Solution |
Provide a different range of serial numbers that totals 10,000 devices or fewer. |
Error Code |
WS50061 |
Text |
The attempt to assign a device has been rejected. The device assignment end date for the group that this person is associated with has passed. |
Details |
The issuance of the device would place it in a group that has expired. |
Solution |
Update the group to expire in the future and repeat the operation. See the Controlling device assignments for groups section in the Administration Guide for details. |
Error Code |
WS50062 |
Text |
The attempt to assign a device has been rejected. The maximum number of assigned devices for the group that this person is associated with has been exceeded. |
Details |
The issuance of the device would cause the device limit for the group to be exceeded and so has been prevented. |
Solution |
Increase the group device limit and repeat the operation. See the Controlling device assignments for groups section in the Administration Guide for details. |
Error Code |
WS50063 |
Text |
The selected directory person is already in the MyID database. |
Details |
You have attempted to import a person from a directory, but the person is already in the MyID database. |
Solution |
Select a different person to import, or edit the existing person record in the MyID database. |
Error Code |
WS50064 |
Text |
You are not allowed to deliver this device |
Details |
You have attempted to set the delivery status on your own device. |
Solution |
Select a different device, or ask another operator to set the delivery status for your device. See the Accepting delivery for a device section in the MyID Operator Client guide for details. |
Error Code |
WS50065 |
Text |
The device already has an active request |
Details |
You have attempted to request a cancellation for a device that already has an active cancellation request. |
Solution |
Approve, reject, or cancel the original cancellation request for the device. |
Error Code |
WS50067 |
Text |
The selected certificate policy does not allow identity mapping. |
Details |
You have selected a certificate policy for an additional identity that does not have the Allow Identity Mapping option selected. |
Solution |
Select a different certificate policy and try again, or edit the certificate policy to have the Allow Identity Mapping option. |
Error Code |
WS50068 |
Text |
Replacement card has gone too far through issuance to reinstate previous device. |
Details |
You have attempted to reinstate a device, but a replacement was requested and the replacement process is too far advanced. |
Solution |
Use the replacement device instead of the device you want to reinstate. |
Error Code |
WS50069 |
Text |
The operator does not have sufficient scope to view the requests of this account |
Details |
You have attempted to carry out an operation on a person, but your scope does not allow you to view the requests for this person. |
Solution |
Choose a different person, or amend your account to increase your scope. |
Error Code |
WS50070 |
Text |
The provided certificate cannot be suspended or revoked as it is not currently issued. |
Details |
The certificate has not yet been successfully collected, and needs be fully issued before being able to suspend or revoke it. |
Solution |
Make sure the certificate has been issued and try again. |
Error Code |
WS50071 |
Text |
The provided certificate cannot be suspended or revoked as it has been issued by the 'Unmanaged' certificate authority. |
Details |
Certificates in the Unmanaged certificate authority certificates have not been issued from a CA using MyID. |
Solution |
Select a different certificate. |
Error Code |
WS50072 |
Text |
You do not have permission to suspend or revoke this certificate. |
Details |
The operator has attempted to suspend or revoke a certificate they do not have scope to using the Rest API. |
Solution |
Select a different certificate or amend the scope of the operator and try again. |
Error Code |
WS50073 |
Text |
The provided certificate cannot be unsuspended as it is not suspended. |
Details |
The certificate is not at a status valid for unsuspension operation |
Solution |
Select a different certificate. |
Error Code |
WS50074 |
Text |
You do not have permission to unsuspend this certificate. |
Details |
The operator has attempted to unsuspend a certificate they do not have scope to using the Rest API. |
Solution |
Select a different certificate or amend the scope of the operator and try again. |
Error Code |
WS50075 |
Text |
The provided revocation reason cannot be used for this certificate. |
Details |
You have provided a revocation reason that you cannot use for the certificate. |
Solution |
Select a different revocation reason and try again. |
Error Code |
WS50076 |
Text |
The provided certificate cannot be paused as it is not pending issuance or revocation. |
Details |
The certificate is not at a status valid for the pause operation. |
Solution |
Select a different certificate and try again. |
Error Code |
WS50077 |
Text |
You do not have permission to pause this certificate. |
Details |
Operator has attempted to pause a certificate they do not have scope to using the Rest API. |
Solution |
Select a different certificate or amend the scope of the operator and try again. |
Error Code |
WS50078 |
Text |
The provided certificate cannot be paused as no retries will be attempted. |
Details |
The Retries value for the certificate in the MyID database is at a value of -1 so there are no more retry attempts left |
Solution |
Select a different certificate. |
Error Code |
WS50079 |
Text |
The provided certificate cannot be resumed as it is not pending issuance or revocation. |
Details |
The certificate is not at a status that is valid for the resume operation. |
Solution |
Select a different certificate. |
Error Code |
WS50080 |
Text |
You do not have permission to resume this certificate. |
Details |
Operator has attempted to resume a certificate they do not have scope to using the Rest API. |
Solution |
Select a different certificate or amend the scope of the operator and try again. |
Error Code |
WS50081 |
Text |
The provided certificate cannot be unsuspended as it has been issued by the 'Unmanaged' certificate authority. |
Details |
Certificates in the Unmanaged certificate authority certificates have not been issued from a CA using MyID. |
Solution |
Select a different certificate. |
Error Code |
WS50082 |
Text |
The certificate cannot have its renewal status changed as it has been issued by the 'Unmanaged' certificate authority. |
Details |
Certificates in the Unmanaged certificate authority certificates have not been issued from a CA using MyID. |
Solution |
Select a different certificate |
Error Code |
WS50083 |
Text |
You do not have permission to change the renewal status of this certificate. |
Details |
The operator has attempted to change renewal status of a certificate they do not have scope to using the Rest API. |
Solution |
Select a different certificate or amend the scope of the operator and try again. |
Error Code |
WS50084 |
Text |
The maximum number of devices for a given licence has been exceeded |
Details |
You have requested a device that requires a license, but you do not have sufficient available suitable device licenses for that category of device. |
Solution |
Contact Intercede and request additional licenses, or cancel some devices you no longer require to free up some licenses. |
Error Code |
WS50086 |
Text |
At least one of the order by fields selected is not an orderable field. |
Details |
You have attempted to specify a field for sorting that does not support sorting. |
Solution |
Try the search again, specifying only fields that support sorting. |
Error Code |
WS50087 |
Text |
At least one of the order by fields selected is an invalid field name. |
Details |
You have attempted to specify an invalid field name for a sorting column. |
Solution |
Try the search again, specifying the correct field name. |
Error Code |
WS40067 |
Text |
Directory searches do not allow multiple column sorting |
Details |
You have attempted to search a directory using sorting from more than one column. |
Solution |
Try the search again, selecting at most one column for sorting. |
Error Code |
WS60000 |
Text |
Database timeout. Please contact your administrator for more information. |
Details |
There was a performance issue when requesting a large amount of search data. |
Solution |
You may be able to improve performance by disabling the report search count. See the Performance considerations for searching large sets of data section in the MyID Operator Client guide for details. |
Error Code |
WS60001 |
Text |
The search query timed out. Please contact your administrator for more information. |
Details |
There was a performance issue when requesting a large amount of search data. |
Solution |
You may be able to improve performance by disabling the report search count. See the Performance considerations for searching large sets of data section in the MyID Operator Client guide for details. |