4.1 Troubleshooting error messages

• CA reporting error -142

  This error, which presents as "INI file mismatch", may be caused by DNS lookup problems. Make sure that all servers have fully resolvable addresses and do not have DNS issues.

• CA reporting error -162

  You must make sure that the FIPS value in the entrust.ini file is set to 0. Failure to do this will usually result in an Entrust error = -162 being reported when you try to test the connection.

• CA reporting error -2187

  This error may be caused by incorrect mapping in the certificate attributes; for example, if you have mapped the FASC-N attribute to FASC-N (ASCII) instead of FASC-N (Hex).

• CA reporting error -2921

  This CA error – THE SIGNING/ENCRYPTION EXPIRATION DATE EXCEEDS THE LONGEST ALLOWED CERTIFICATE LIFETIME – may occur if you have configured MyID to request a date that the CA cannot honor; that is, the CA's own certificate expires before the user certificate end date that you have requested.

  If you see an error with this code, you must reduce the credential profile or certificate lifetime to within a range that your CA can support. See your CA administrator for details of your CA's limits.

• CA reporting error -8120

  If you are working in a PIV environment, and your CA reports error -8120, you may need to update your certspec to remove the rule for interim_indicator.

  This error may also be caused (on a customized MyID system that passes Entrust user roles to the CA when requesting a certificate) by a mismatch between the user roles listed on the MyID system and in the Entrust CA. Make sure that the lists on the CA match the lists in MyID. Check the Entrust logs for more information on what might be causing this error.

• CA reporting error -32712

  This CA error – GIVEN TIME VALUE IS NOT VALID – relates to invalid time values that have previously occurred in situations relating to an overflow in the epoch calculation. If you see an error with this code, contact Intercede customer support, providing as much logging detail as possible.

• CA reporting error -01055

  This CA error – UNABLE TO LOCK THE PROFILE FOR UPDATING – relates to problems loading the Entrust EPF. If you see this error in your Entrust logs, try giving the MyID COM+ user local administrator privileges.

• MyID reporting "Card Server Error During Process"

  After upgrading MyID, if you see an error similar to:

  Card Server Error During Process

  when attempting to issue a certificate, with details similar to:

  BOL COM catch handler Function : ProcessAPDUCommand, catch handler. Error : Unspecified error An error occurred inside PivCardServer::ProcessCommand Error: 0x80004005 Unspecified error Unable to locate java method GetArchCert Unable to locate java method GetArchCert ------------------------- Exception raised in function: JavaEnvironment::GetMethodID In file JavaEnvironment.cpp at line 132 ------------------------- Exception raised in function: JavaAccessor::getArchivedCertificate In file JavaAccessor.cpp at line 67 In object EntrustJTKConnector.KeyStore.1

  this may have been caused by an issue during the upgrade installation process that prevented the EntrustJTKConnector.jar file from being replaced. As a workaround, you can copy the EntrustJTKConnector.jar file from another system, or you can raise a support case with Intercede to identify the cause – to do so, you must provide the TestReports folder from the MyID Installation Assistant and quote reference SUP-376.