2 Web Service error codes

This section contains a list of the errors that can occur when using the MyID Web Services. Not all of these errors can appear if you are using exclusively Intercede software on the client. Often multiple error messages will share common text but have a different code. This is to assist in locating the cause of the issue. Further details about each error can often be found in the Audit Reports workflow.

To assist with the diagnosis of issues, Intercede support may guide you to enable logging on the ProcessDriver service; you can then provide these logs to customer support for analysis. See the MyID Web Services section in the Configuring Logging guide for details of enabling logging.

The specific text displayed on a client may have been optimized for that client, and not explicitly match the text below. When searching, search on the error number, not the error text.

Error Code

2978

Text

Please check your configuration. If the problem occurs again, contact your administrator.

Details

An attempt has been made to cancel a Device Identity and the user does not have permissions to create the Cancel Device Identity job.

Solution

Check that the user has the (Devices) group in their administrative groups.

Relates To

Device Identity Management

 

Error Code

10304

Text

Invalid Entry

Details

A certificate used during mobile provisioning contains invalid or corrupted data.

Solution

The certificate is unusable. The PFX file that the certificate was imported from is probably invalid. Source a valid PFX file and import it again.

Relates To

Identity Agent Provisioning

 

Error Code

21629

Text

Already Issued

Details

Issuing the current device has been prevented because the device is already issued.

Solution

If the device should not be issued to anyone, it can be canceled using the Cancel Credential workflow or Remote Cancel Credential. The Audit Reporting workflow will give details of the user that the device is already issued to.

Relates To

Credential Issuance

 

Error Code

21642

Text

Incompatible

Details

Issuing the current device has been prevented because the device is incompatible. It may be that a virtual smart card was selected for a credential profile that is restricted to physical smart cards, or that the inserted smart card does not support a data model assigned to the credential profile.

Solution

Try selecting a different credential profile, or using a different device. See the Audit Reporting workflow for further details.

Relates To

Credential Issuance

 

Error Code

21643

Text

Insufficient Space

Details

Issuing the current device has been prevented because the device has insufficient space for the required number of certificates.

Solution

Provide the user with a device that has capacity for the chosen credential profile. If the credential profile was chosen in error, request a different credential profile with fewer certificates on it. See the Audit Reporting workflow for further details.

Relates To

Credential Issuance

 

Error Code

21644

Text

Incorrect Device

Details

Issuing to the current device has been prevented because the request is bound to a different device.

Solution

Provide the user with the correct device, and ensure that it is this device the user is attempting to issue. See the Audit Reporting workflow for further details about the device the user used.

Relates To

Credential Issuance

 

Error Code

21645

Text

Unsuitable Device

Details

Issuing the current device has been prevented because the device is unsuitable.

Solution

It may be that a virtual smart card was selected for a credential profile that is restricted to physical smart cards, or that the inserted smart card does not support a data model assigned to the credential profile. Check that the selected credential profile is suitable for the device the user is trying to issue. See the Audit Reporting workflow for further details.

Relates To

Credential Issuance

 

Error Code

21646

Text

Job Invalid

Details

Issuing the current device has been prevented because the request is in an invalid state. Repeating the issuance may help. See the Audit Reporting workflow for further details.

Solution

Canceling the job in the Job Management workflow and repeating the issuance process should resolve this. If it does not, see the Audit Reporting workflow for further details as to the cause.

Relates To

Credential Issuance

 

Error Code

21647

Text

Not Imported

Details

The issuance requires that the device being issued has already been imported into the system. The presented device is unknown to the system.

Solution

The user may be attempting to issue the credentials to a foreign card. Check that device the user is attempting to issue to. Details of the device can be found in the Audit Reporting workflow.

Relates To

Credential Issuance

 

Error Code

21648

Text

GUID is not valid.

Details

The GUID for the provisioning job has been corrupted.

Solution

Check the email template is sending it correctly. Details can be found in the mobile documentation. If the provisioning was using a Derived Credential kiosk, try scanning the code again. If this fails, contact Intercede Support.

Relates To

Identity Agent Provisioning

 

Error Code

21776

Text

Authentication is required to continue. Your card's issuance profile is not configured to require one.

Details

Self-service credential activation must be configured to require at least one form of authentication. If none are configured, any attempt to self activate the credential will be blocked.

Solution

Authentication requirements can be configured in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

21777

Text

This job can not be collected as a self-service operation as it requires countersigning.

Details

You have attempted a self-service collection of a job that requires another operator to be present for countersigning.

Solution

Select a different job, or ask an operator to collect the job with the assistance of a another operator to countersign.

Relates To

Credential Issuance

 

Error Code

30021

Text

Adjudication requires fingerprint samples captured using a 10-Slap enrollment device. Check that you have captured new fingerprints before submitting for adjudication

Details

Pending biometric samples that were captured using a 10-Slap enrollment device could not be found for the person.

This error may also occur if the Fingerprints identification check enabled configuration option (on the Biometrics page of the Operation Settings workflow) is not set.

Solution

Ensure that the person has pending biometric samples that were captured using a 10-Slap enrollment device, then try the action again.

Relates To

Adjudication

 

Error Code

50038

Text

The selected credential profile is not allowed because the person that requested the job was not allowed to request this credential profile.

Details

Validation failed because the operator does not have the correct permissions to make a request with the selected credential profile.

Solution

Try another credential profile for which the operator does have permission to create requests, or grant the operator permissions to use the credential profile. Permissions are set in the Credential Profiles workflow in MyID Desktop.

See the Working with credential profiles section in the Administration Guide for further details.

Relates To

Adjudication

 

Error Code

50039

Text

You cannot action your own adjudications.

Details

MyID prevents an operator from carrying out actions on their own adjudications.

Solution

Ask another operator who has the correct permissions to carry out the required actions on the adjudication for your account.

Relates To

Adjudication

 

Error Code

50041

Text

This action cannot be performed because the user has outstanding adjudications.

Details

MyID prevents you from carrying out this action on people who have outstanding adjudications.

Solution

Ensure that the person has adjudication records that have decision statuses that are either "Approved" or "Not Required".

Relates To

Adjudication

 

Error Code

50042

Text

External adjudication server has not been configured

Details

You must configure the connection to the adjudication system before you can carry out adjudication actions.

Solution

Use the External Systems workflow to create an external system entry for the adjudication server. See the Adjudication Integration Guide for details.

Relates To

Adjudication

 

Error Code

82369

Text

The capacity limit has been reached for the system.

Details

The action would exceed the current license capacity.

Solution

Cancel existing users or devices or obtain additional licenses.

Relates To

Credential Issuance

 

Error Code

82373

Text

You are unable to request a replacement card, please contact your administrator.

Details

An attempt to request a replacement card failed.

This could be due to the credential profile having prerequisite data requirements that the user doesn't fulfill.

Solution

Check that the user meets all the requirements of the credential profile.

Relates To

Credential Issuance

 

Error Code

82450

Text

Invalid auth code for the specified job.

Details

The presented authentication code is incorrect.

Solution

Check that the code was entered correctly. The input device may have caps lock enabled, or be set to an incorrect region. A new authentication code can be requested using the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

82452

Text

SAM Account not found

Details

There has been a problem identifying the user's Windows credentials.

Solution

Retry the current process. If the problem persists, and there have been no changes to the network infrastructure, contact Intercede Support.

Relates To

Authentication

 

Error Code

82501

Text

The specified mobile does not have any issued devices.

Details

A request has been attempted to replace an Identity Agent device that contains no valid keystores. This attempt has been blocked.

Solution

The Identity agent device is in an errored state and should be re-issued. Use the Cancel Credential and Request ID workflows to achieve this. If the problem persists, contact Intercede Support.

Relates To

Credential Issuance

 

Error Code

82502

Text

Only Identity Agent mobiles are supported.

Details

A request has been attempted to replace a non-Identity Agent in a workflow specifically intended for Identity Agent devices. This attempt has been blocked.

Solution

Non-Identity Agent devices can be canceled using the Request Replacement Card workflow.

Relates To

Credential Issuance

 

Error Code

85080

Text

Open Platform Keys are not defined for this device

Details

This usually occurs when a configured GlobalPlatform keyset cannot be found in the database, or a keyset has not been configured.

Solution

Ensure GlobalPlatform keys are correctly configured for the device being issued.

Relates To

Global Platform Security

 

Error Code

85118

Text

The 9B key for this device has not been configured or has been configured incorrectly. This needs to be corrected before issuance can continue.

Details

The 9B key for this device has not been configured or has been configured incorrectly.

Solution

The 9B key can be configured using the Key Management workflow.

Relates To

Credential Issuance

 

Error Code

85119

Text

The 9B key specified for this device are incorrect. This needs to be corrected before issuance can continue

Details

The 9B key for this device has not been configured or has been configured incorrectly.

Solution

The 9B key can be configured using the Key Management workflow.

Relates To

Credential Issuance

 

Error Code

85120

Text

The 9B key specified for this device are incorrect. This needs to be corrected before issuance can continue

Details

The 9B key for this device has not been configured or has been configured incorrectly.

Solution

The 9B key can be configured using the Key Management workflow.

Relates To

Credential Issuance

 

Error Code

85121

Text

The 9B key specified for this device are incorrect. Please ensure that the correct Encryption Type has been selected. This needs to be corrected before issuance can continue

Details

The 9B key for this device has not been configured or has been configured incorrectly.

Solution

The 9B key can be configured using the Key Management workflow.

Relates To

Credential Issuance

 

Error Code

85122

Text

The GlobalPlatform keys for this card are missing or incorrect. These need to be corrected before issuance can continue

Details

The GlobalPlatform keys for this device have not been configured or have been configured incorrectly.

Solution

The GlobalPlatform keys  can be configured using the Manage Global Platform Keys workflow.

Relates To

Credential Issuance

 

Error Code

85123

Text

The GlobalPlatform keys for this card are missing or incorrect. Please verify the key version. These need to be corrected before issuance can continue

Details

The GlobalPlatform keys for this device have not been configured or have been configured incorrectly.

Solution

The GlobalPlatform keys  can be configured using the Manage Global Platform Keys workflow.

Relates To

Credential Issuance

 

Error Code

85124

Text

There is no CHUID signing certificate configured. Please consult the product documentation

Details

The CHUID signing certificate for this device has not been configured or has been configured incorrectly.

Solution

The certificate location is configured in the Registry of the Application server.

Relates To

Credential Issuance

 

Error Code

85125

Text

The private key for a server signing certificate is not available. Please consult the product documentation

Details

The server signing certificate (CHUID signing certificate or OPACITY CVC signing certificate) for this device has been configured incorrectly.

Solution

The certificate location is configured in the registry of the MyID application server. See the Setting up OPACITY section of the Smart Card Integration Guide for more details.

Relates To

Credential Issuance

 

Error Code

85126

Text

The FASCN is invalid. Card issuance can not continue

Details

The system has attempted to generate an identifier for the user and failed. This is usually a PIV compliant FASCN

Solution

If a FASCN is expected, the user lacks mandatory data. Please enroll the user again. Details of the missing data will be highlighted in the Audit Report. If a FASCN is not required, change the node BuildFASCN from 1 to 0 in the relevant CardProperties file.

Relates To

Credential Issuance

 

Error Code

85127

Text

Some of the data provided is invalid. This could either be attributes of the Applicant or the Agency. Please review the details.

Details

The system has attempted to generate an identifier for the user and failed. This is usually a PIV compliant FASCN

Solution

If a FASCN is expected, the user lacks mandatory data. Please enroll the user again. Details of the missing data will be highlighted in the Audit Report. If a FASCN is not required, change the node BuildFASCN from 1 to 0 in the relevant CardProperties file.

Relates To

Credential Issuance

 

Error Code

85128

Text

The user's biometrics are not valid. Please check server version

Details

The system has attempted to write biometric data to a card, but the biometric data is invalid.

Solution

Please enroll the user again. Details for each supported biometric matching library are available with this release. If the problem persists, contact Intercede Support.

Relates To

Credential Issuance

 

Error Code

85143

Text

The card is locked and requires activation.

Details

The system has attempted to write to a locked device

Solution

Activate the device using either the Activate Card process, or Assisted Activation workflow. Alternatively, if the card is no longer required, use the Erase Card workflow to unlock and erase the device.

Relates To

Credential Issuance

 

Error Code

85167

Text

The key for this device has not been configured or has been configured incorrectly. This needs to be corrected before issuance can continue

Details

The 9B key for this device has not been configured or has been configured incorrectly.

Solution

The 9B key can be configured using the Key Management workflow.

Relates To

Credential Issuance

 

Error Code

85182

Text

The Global Platform keys for this card are missing or incorrect. These need to be corrected before issuance can continue.

Details

The Global Platform keys for this device have not been configured or have been configured incorrectly.

Solution

The Global Platform keys  can be configured using the Manage Global Platform Keys workflow.

Relates To

Credential Issuance

 

Error Code

85184

Text

Could not determine Windows logon credentials.

Details

MyID is attempting to determine the Windows logon name for the connected user, but is failing to do so.

Solution

Ensure the client and the server are in the same Windows Domain

Run the following script on the web server to enable IIS to determine the identity of the connecting client:

ConfigureWindowsAuthentication.ps1

This script is installed to the Utilities folder on the MyID web server; by default, this is:

C:\Program Files\Intercede\MyID\Utilities\

Relates To

Update My Device

 

Error Code

85187

Text

There has been a problem updating your account.

Details

MyID has encountered an error performing the User Sync action during the Update My Device workflow.

Solution

Further details about the specific error are available in the Audit Reports workflow.

Common causes include requesting a credential profile that the user does not have permissions to receive, and requesting a credential profile that does not exist.

Relates To

Update My Device

 

Error Code

85188

Text

Unable to connect to the authentication server

Details

An attempt by the Process Driver web service to connect to the authentication server web service failed

Solution

This error may occur if you are using a load balancer or have multiple web servers.

In this case, carry out the following:

  1. Set the IssuerUri option in the web.oauth2 application settings file.

    See the Setting the issuer in web.oauth2 section in the MyID Operator Client guide.

  2. Configure a shared JWT signing key so that all instances of web.oauth2 use the same signing key.

    See the Load balancing section in the MyID Operator Client guide.

    Instead of setting the shared JWT signing key, as an alternative you can set the AuthServerUrl option in the ProcessDriver myid.config file; see the MyID Operator Client pass-through authentication with a load balancer section in the MyID Operator Client guide.

Relates To

Authentication

 

Error Code

410039

Text

Authentication Failed

Details

The data supplied to Logon either contained invalid data, or was missing essential data.

Solution

Further details will be available in the Audit Reporting workflow.

Relates To

Authentication

 

Error Code

410072

Text

You cannot collect this device because your original device has expired.

Details

A renewal cannot be collected because the device has expired.

Solution

Cancel the credential and issue a new one, or use the Request Replacement Credential workflow to request a replacement credential.

Relates To

Credential Issuance

 

Error Code

410073

Text

Event not found

Details

An Identity Agent Provisioning job is missing or has an invalid status.

Solution

Retry the current process. If the problem persists, and there have been no changes to the network infrastructure, contact Intercede Support.

Relates To

Identity Agent Provisioning

 

Error Code

410074

Text

Job is invalid

Details

An Identity Agent Provisioning job has an invalid status.

Solution

Retry the current process. If the problem persists, and there have been no changes to the network infrastructure, contact Intercede Support.

Relates To

Identity Agent Provisioning

 

Error Code

410076

Text

The specified DN is not valid.

Details

The DN for the user is not in a valid format and cannot be processed.

Solution

If you believe the DN is valid, you can bypass validation by setting ValidateDN to a value of false in the myid.config file, or update the user's DN.

See the DN validation section in the Web Service Architecture guide.

Relates To

Credential Issuance

 

Error Code

410077

Text

Unable to process the DN.

Details

The DN for the user cannot be processed into a format expected by the certificate authority.

Solution

Update the user's DN.

Relates To

Credential Issuance

 

Error Code

420000

Text

User cannot be issued with certificates.

Details

The system is attempting to issue a credential with X509 certificates on it to a user with no Distinguished Name. A Distinguished Name is required for certificate issuance.

Solution

The Distinguished Name can be set using a number of processes. It is set when an account is imported from an LDAP. It is set when a user is assigned to a group or agency. It can be set using Lifecycle API. Ensure that the user has a Distinguished Name set and then retry the process.

Relates To

Credential Issuance

 

Error Code

500041

Text

You cannot renew this device at this time.

Details

Cards can only be renewed when they are about to expire. The number of days before expiry is controlled by the configuration flag CARD RENEWAL PERIOD. The device has more days remaining than this value.

Solution

Wait until the device is within the renewal period and retry the operation. Alternatively, if the configured period is unsuitable, change the Card Renewal Period option (on the Devices page of the Operation Settings workflow) then retry the process.

Relates To

Credential Issuance

 

Error Code

500042

Text

Existing Card found - You can not renew this device

Details

Cards can only be renewed if there are no outstanding credential requests for a user.

Solution

Collect all outstanding requests for the user, then repeat this process. If the requests are not required, they can be canceled using the Job Management workflow. A list of the IDs can be found in the Audit Reporting workflow.

Relates To

PIV Credential Issuance

 

Error Code

500048

Text

You cannot renew expired devices.

Details

Cards can only be renewed when they are valid. This device has expired.

Solution

Request a replacement credential specifying a reason that is not Renewal.

Relates To

PIV Credential Issuance

 

Error Code

503000

Text

The system could not generate a unique FASCN for this device

Details

An attempt has been made to issue a PIV-compatible device. There was an error encountered while trying to create the FASCN. The user account may not be in a suitable state to receive a PIV-compatible credential.

Solution

Ensure that the user account has all mandatory fields and that the user is approved for card issuance. If the problem persists, contact customer support.

Relates To

Credential Issuance

 

Error Code

503001

Text

The system could not generate a credential number for this person.

Details

An attempt has been made to issue a PIV-compatible device. There was an error encountered while trying to create the Credential Number. The user account may not be in a suitable state to receive a PIV‑compatible credential.

Solution

Ensure that the user account has all mandatory fields and that the user is approved for card issuance. If the problem persists, contact customer support.

Relates To

Credential Issuance

 

Error Code

503002

Text

Failed to update FASCN or credential number

Details

An attempt has been made to update the FASCN or Credential Number on a user's record, but the logged on user lacks the relevant permissions.

Solution

This is usually caused when multiple PIV compatible cards are requested for a user, then that user collects them using a self service mechanism. If this is a use case that is required, contact Intercede Support for details on how to resolve this issue.

Relates To

Credential Issuance

 

Error Code

800528

Text

Biometric logon is not allowed.

Details

An attempt has been made to authenticate with biometrics, and this logon mechanism is not enabled.

Solution

Biometric logon is currently used only for resetting PINs.

See the Self-service PIN reset authentication section in the Operator's Guide.

Relates To

Authentication

 

Error Code

800529

Text

Integrated windows logon is not allowed.

Details

An attempt has been made to authenticate with Windows Integrated authentication, and this logon mechanism is not enabled.

Solution

Logon mechanisms are configured in the Edit Roles workflow. The logon mechanisms that you can use depend on which options you have selected on the Logon Mechanisms page of the Security Settings workflow.

See the Logon mechanisms section in the Administration Guide for details.

Relates To

Authentication

 

Error Code

800530

Text

Token logon is not allowed.

Details

An attempt has been made to authenticate with an OTP token, and this logon mechanism is not enabled.

Solution

Logon mechanisms are configured in the Edit Roles workflow. The logon mechanisms that you can use depend on which options you have selected on the Logon Mechanisms page of the Security Settings workflow.

See the Logon mechanisms section in the Administration Guide for details.

Relates To

Authentication

 

Error Code

800531

Text

Device logon is not allowed.

Details

An attempt has been made to authenticate with credentials stored on a device, and this logon mechanism is not enabled.

Solution

Logon mechanisms are configured in the Edit Roles workflow. The logon mechanisms that you can use depend on which options you have selected on the Logon Mechanisms page of the Security Settings workflow.

See the Logon mechanisms section in the Administration Guide for details.

Relates To

Authentication

 

Error Code

800532

Text

Password logon is not allowed.

Details

An attempt has been made to authenticate with passphrases, and this logon mechanism is not enabled.

Solution

Logon mechanisms are configured in the Edit Roles workflow. The logon mechanisms that you can use depend on which options you have selected on the Logon Mechanisms page of the Security Settings workflow.

See the Logon mechanisms section in the Administration Guide for details.

Relates To

Authentication

 

Error Code

800533

Text

Unknown Device Inserted

Details

A user has attempted a self-service operation with a device that was not issued by the system.

Solution

Issue the user a new device and repeat the process.

Relates To

Biometric Logon

 

Error Code

800538

Text

Passphrase Logon is not allowed.

Details

An attempt to authenticate to MyID with passphrases whilst passphrase authentication is disabled. This attempt has been blocked.

Solution

Ask the user to authenticate with a device instead of passphrases.

Relates To

Authentication

 

Error Code

800540

Text

An error occurred attempting to retrieve data from the MyID Server

Details

The system has reported that there are no enabled authentication mechanisms available for self-service operations.

Solution

Contact Intercede Support.

Relates To

PIV Self Service

 

Error Code

800548

Text

Your card has not been issued and can't be used to logon.

Details

The device that is attempting to logon has not been issued.

Solution

The user may not have collected their issuance job yet. If no issuance job exists, or it has been canceled, a new request can be made using the Request Card workflow.

Relates To

Authentication

 

Error Code

800549

Text

Your card is disabled and can't be used to logon.

Details

The device that is attempting to logon has been disabled.

Solution

Use the Enable / Disable Credential workflow to enable it. If this is unexpected, see the Audit Reporting workflow for the initial issuance of the device, or the Identify Credential workflow for a history of actions against the device.

Relates To

Authentication

 

Error Code

800550

Text

You do not have sufficient privileges to perform this operation.

Please contact your administrator.

Details

An attempt has been made to start an operation to which you have not been granted permissions.

Solution

Use the Edit Roles workflow to grant the appropriate permissions to the required workflow.

Relates To

All

 

Error Code

800551

Text

Logon Denied.

Details

An attempt has been made to log in and that attempt has failed.

Solution

Ensure the correct passphrases have been entered. By default passphrases are case sensitive. If the authentication was with a device, ensure the device is enabled.

This situation may also occur on an upgraded MyID system where users have SHA1 passwords and the administrator has set the Use Security Phrase algorithm version 2 configuration option. In this case, follow the instructions for Upgrading security phrase security in the Installation and Configuration Guide.

This error may also occur if the user attempts to log on with an expired smart card or logon code, or attempts to log on with a disabled user account.

This error may also occur if you are using Integrated Windows Logon and your system is not configured correctly; for example, if the SystemAccounts.Domain field has not been updated from LDAP.

This error may also occur if you have a misconfigured UDL file for database connectivity.

This error may also occur if you have attempted to use Integrated Windows Logon with a user in the Active Directory group Protected Users.

As this error may have a variety of causes, you are recommended to try using the System Interrogation Utility to investigate further.

Relates To

Authentication

 

Error Code

800552

Text

You cannot logon using this card.

Details

An attempt has been made to log in with a disabled device. This attempt has been blocked.

This may also occur if the card has been issued without MyID Logon capabilities.

Solution

Details of the disabled device can be found in the Audit Reporting workflow. Devices can be enabled using the Enable / Disable Credential workflow.

Relates To

Authentication

 

Error Code

800554

Text

Activation requires assistance.

Details

The credential profile is set up for assisted activation. You cannot use self-service activation for this device.

Solution

If the device is intended to be activated using a self-service method, you must edit the device's credential profile to allow self collection.

If the device is intended to be activated using assisted activation, use the Assisted Activation workflow to activate the device.

Relates To

Authentication

 

Error Code

800560

Text

Self-Service Unlock not allowed

Details

A self-service PIN reset has been initiated and the instance of the MWS server is not configured to allow self-service operations.

Solution

This applies only to PIV installations.

Relates To

PIV Self Service

 

Error Code

800564

Text

Self-Service Unlock not allowed

Details

A self-service PIN reset has been initiated and MyID is not configured to allow self-service operations.

This error may also occur if the card has been assigned, but not yet issued, and the cardholder attempts to reset the PIN.

Solution

See the Allowing self-service unlocking section in the Operator's Guide for details of setting up your system for self-service unlocking.

Make sure the card has been issued before attempting to reset the PIN.

Relates To

Self Service

 

Error Code

800590

Text

The Certificate Policy is disabled and cannot be issued.

Details

An attempt has been made to issue a disabled certificate policy.

Solution

Select an alternate credential profile that does not contain a disabled certificate policy. This error may occur when attempting to issue a new instance of an unmanaged certificate. Unmanaged certificates should be set for historic recovery only in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

800591

Text

The Certificate Policy is Unmanaged and the user has not had a corresponding certificate imported.

Details

An attempt has been made to issue a Credential Profile to a user that contains an unmanaged certificate. The user has no valid imported unmanaged certificates.

If the credential profile uses the Use Existing option, check that the unmanaged certificate has not expired; this configuration requires a valid certificate.

Solution

Either issue a different Credential Profile (one without an unmanaged certificate, or, in the case where the certificate has expired, with the Historic Only option selected for the unmanaged certificate, which will not check the expiry date) or upload a valid certificate for the user; you can use the Upload PFX Certificates workflow to upload a certificate.

Relates To

Identity Agent Provisioning

 

Error Code

800600

Text

iOS OTA Organisation is mandatory

Details

An attempt has been made to issue an iOS device, but the Organisation field has not been configured.

Solution

This can be set in the Operation Settings workflow, under the Certificates tab. See the Setting up iOS OTA provisioning section in the Mobile Identity Management document for details.

Relates To

Identity Agent Provisioning

 

Error Code

800601

Text

iOS OTA Credential Profile is mandatory

Details

An attempt has been made to issue an iOS device, but the OTA Credential Profile has not been configured.

Solution

This can be set in the Operation Settings workflow, under the Certificates tab. See the Setting up iOS OTA provisioning section in the Mobile Identity Management document for details.

Relates To

Identity Agent Provisioning

 

Error Code

800602

Text

iOS OTA Credential Profile not found

Details

An attempt has been made to issue an iOS device, but the configured OTA credential profile is either incorrect, or the user lacks permissions to retrieve.

Solution

This can be set in the Operation Settings workflow, under the Certificates tab. The value is case sensitive. See the Setting up iOS OTA provisioning section in the Mobile Identity Management document for details.

Relates To

Identity Agent Provisioning

 

Error Code

800603

Text

iOS OTA Credential Profile has to be MachineIdentity

Details

An attempt has been made to issue an iOS device using an OTA Credential Profile that is not configured to have the Device Identity capability.

Solution

The credential profile can be modified in the Credential Profiles workflow. See the Setting up iOS OTA provisioning section in the Mobile Identity Management document for details.

Relates To

Identity Agent Provisioning

 

Error Code

800610

Text

The requested image was not found: {0}

Details

An image that is present in a card layout cannot be found.

Solution

Ensure the value in Image Upload Server on Operation Settings on the Video tab is resolvable by both the client and the server, and is correct. If it is, check to see if the image is actually in the location specified, and restore it if it is not.

Relates To

Identity Agent Provisioning

 

Error Code

800630

Text

Biometrics are required

Details

An attempt has been made to collect a device update for a credential profile that requires biometric authentication, but the device owner has no credentials enrolled.

Solution

To collect the update, the user must enroll biometrics. Alternatively, configure the credential profile to have a biometric requirement of either Never or Preferred.

Relates To

Authentication

 

Error Code

800611

Text

The requested image timed out: {0}

Details

There has been a network issue retrieving an image used in a card layout.

Solution

Ensure the value in Image Upload Server on Operation Settings on the Video tab is resolvable by both the client and the server, and is correct. If it is, check to see if the image is actually in the location specified, and restore it if it is not.

Relates To

Identity Agent Provisioning

 

Error Code

881043

Text

User account is disabled

Details

A user with a disabled account has attempted to perform a security phrase logon to the system. This attempt has been blocked.

Solution

User accounts can be enabled using the Edit Person workflow.

Relates To

Authentication

 

Error Code

881044

Text

The user account is locked.

Details

A user without security phrases set has attempted to perform a security phrase logon to the system. This attempt has been blocked.

This error may also occur if you have attempted to use Integrated Windows Logon, and this has failed (possibly because the user is in the Active Directory group Protected Users, or because the fields SAMAccountName and Domain are not be stored in MyID) and MyID has attempted to fall back to logon with security phrases, which is not configured for use.

Solution

Security phrases can be set either using the Change Security Phrases or Change My Security Phrases workflows.

See the Logon using security phrases and Integrated Windows Logon sections in the Administration Guide for details of configuring logon with security phrases and Integrated Windows Logon.

Relates To

Authentication

 

Error Code

881045

Text

User not found.

Details

The attempt to retrieve a users details, possibly from a connected LDAP system, has failed.

Solution

Check that the user exists in the database. The account may have been removed during a process. If the account is linked to an LDAP, check the LDAP permissions for the MyID system accounts. The Audit Reporting workflow may be able to assist with diagnosing the problem.

Relates To

User Management

 

Error Code

881046

Text

Biometrics configuration problem

Details

The libraries for biometric matching on the server have failed to load.

Solution

Ensure the software is installed and the correct library selected in the Operation Settings workflow. Details for each supported biometric matching library are available in the integration guides provided with MyID.

Relates To

Authentication

 

Error Code

881048

Text

User has no devices.

Details

An operation has been initiated to perform an action on a user's credential. The selected user does not have any credentials.

Solution

The user's credentials may have been canceled prior to this operation. Check the Audit Reporting workflow for a history of the user's credentials.

Relates To

Credential Maintenance

 

Error Code

881055

Text

You have no devices. Please contact your administrator.

Details

The user has requested a self-service operation on a credential they own. They do not have any credentials.

Solution

The user's credentials may have been canceled prior to this operation. Check the Audit Reporting workflow for a history of the user's credentials.

Relates To

Self Service Operations

 

Error Code

881056

Text

You have no devices that are available for replacement. Please contact your administrator.

Details

The user has requested that a credential they own be replaced. They do not have any credentials.

Solution

The user's credentials may have been canceled prior to this operation. Check the Audit Reporting workflow for a history of the user's credentials.

Relates To

Self Service Operations

 

Error Code

881057

Text

The user account is locked.

Details

A user with a locked account has attempted to perform a password logon to the system. This attempt has been blocked.

Solution

User accounts can be unlocked using the Unlock Security Phrases workflow.

Relates To

Authentication

 

Error Code

881058

Text

Target is not approved to issue a Machine Identity.

Details

The credential profile is configured to require that the recipient is approved before issuance can occur.

Solution

For information on approving users, see the Setting the User Data Approved flag section in the Administration Guide. Alternatively, this restriction can be removed using the Credential Profiles workflow.

Relates To

Device Identity Management

 

Error Code

881059

Text

The user account data must be approved before credentials can be issued or updated. Please contact an Administrator.

Details

The credential profile is configured to require that the recipient is approved before issuance can occur.

Solution

For information on approving users, see the Setting the User Data Approved flag section in the Administration Guide. Alternatively, this restriction can be removed using the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

881061

Text

The person has no activate authentication code configured.

Details

An Activation code is required, but there are no activation codes assigned to the user.

Solution

Activation codes can be requested using the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

881062

Text

The person has no unlock authentication code configured.

Details

An unlock code is required, but there are no unlock codes assigned to the user.

Solution

Unlock codes can be requested using the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

881063

Text

The person has no logon code configured.

Details

A logon code is required, but there are no logon codes assigned to the user.

Solution

Authentication and Unlock codes can be requested using the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

881064

Text

User has no Logon Code.

Details

An attempt has been made by a user to perform a Logon Code authentication, but the account has no logon codes assigned to it.

Solution

Logon Codes can only be used once. If new codes are required, the workflow Request Auth Code can be used to handle this. Alternatively, repeat the process.

Relates To

Logon

 

Error Code

881065

Text

You have insufficient security phrases configured.

Details

An attempt has been made by a user to perform a Passphrase based authentication, but the account has insufficient passphrases to meet the current security setting. Additionally, the user does not have access to the configured workflow allowing them to set additional passphrases.

Solution

If the intent is to allow the user to authenticate, and then set their own passphrases, ensure the user has permissions to Change My Security Phrases then change the Set Security Phrase at Logon option (on the Logon tab of the Security Settings workflow) to 1,110.

Relates To

Authentication

 

Error Code

881068

Text

Your authentication code has expired.

Details

The user's authentication code has expired and so they cannot authenticate.

Solution

The user will need to be issued a new authentication code.

Relates To

Authentication

 

Error Code

881100

Text

Virtual smart card issuance cannot continue

Details

An attempt has been made to issue a virtual smart card on a system but one of the following may apply:

  • Virtual smart card support is disabled on the system.
  • Attempt to generate the virtual smart card has failed.
  • The client operating system is not supported for VSCs.

Solution

To issue the device you must:

  • Enable virtual smart card support in the Operation Settings workflow.
  • Ensure that the TPM on the device is in a state to allow generation of a virtual smart card.
  • Make sure the client operating system meets the requirements in the Intercede VSC documentation.
  • The number of smart cards connected to the device does not exceed the maximum limit of 10.

Relates To

Credential Issuance

 

Error Code

881101

Text

Credential profile can only be issued to a virtual smart card. Issuance cannot continue.

Details

The selected credential profile can only be issued to a virtual smart card. The user has presented a device that is not a virtual smart card.

Solution

Review your issuance process. Credential profile restrictions can be managed in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

881102

Text

Credential profile cannot be issued to a virtual smart card. Issuance cannot continue.

Details

The selected credential profile cannot be issued to a virtual smart card. The user has presented a virtual smart card.

Solution

Review your issuance process. Credential profile restrictions can be managed in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

881104

Text

There has been an error deleting the virtual smart card.

Details

An attempt to delete a virtual smart card remotely has failed

Solution

Contact Intercede Support.

Relates To

Credential Termination

 

Error Code

881106

Text

Virtual smart card support is disabled, cancellation cannot continue.

Details

An attempt has been made to cancel a virtual smart card on a system that has virtual smart card support disabled

Solution

To cancel the device you must enable virtual smart card support in the Operation Settings workflow.

Relates To

Credential Termination

 

Error Code

881116

Text

Failed to sign the terms and conditions.

Details

You have attempted to recover certificates to a device with terms and conditions that need to be signed, but the device does not already contain a signing certificate. You must have a signing certificate to allow you to sign the terms and conditions.

Solution

If you want to issue a new device with recovered certificates, and have Terms and Conditions cryptographically signed in the same process, you can use the following workaround:

  1. Issue a new device for the purpose of key recovery, using a credential profile that contains a signing certificate first (with no key recovery specified).

  2. Follow the process to request key recovery to an existing card.

  3. Collect the key recovery to the device you have just issued. You can now sign the acceptance of the terms and conditions using the signing certificate already on the device.

Relates To

Credential Issuance

 

Error Code

881117

Text

Virtual smart card creation failed, please contact your administrator.

Details

An attempt has been made to issue a virtual smart card on a system but one of the following may apply:

  • Attempt to generate the virtual smart card has failed.
  • The client operating system is not supported for VSCs.

See the Audit Report workflow for further details.

Solution

To issue the device you must:

  • Make sure that the TPM on the device is in a state to allow generation of a virtual smart card.
  • Make sure the client operating system meets the requirements in the VSC integration guide.
  • Make sure the number of smart cards connected to the device does not exceed the maximum limit of 10.

Relates To

Credential Issuance

 

Error Code

890019

Text

Temporary card profile not found in configuration

Details

A fixed temporary credential profile has been configured, but the configuration references a credential profile that does not exist.

Solution

Use the Operation Settings workflow to ensure that the value specified in the Temporary Credential Profile Name matches the intended temporary credential profile exactly. The match is not case sensitive.

Relates To

Credential Issuance

 

Error Code

890020

Text

Insufficient permissions to access card profile.

Details

The system has been configured to use a single, static credential profile for temporary replacement actions, but the user does not have permission to receive it.

Solution

Use the Credential Profiles workflow to configure the roles that are allowed to receive the temporary credential profile.

Relates To

Credential Issuance

 

Error Code

890042

Text

This action cannot be performed on your device.

Details

The job about to be actioned is not suitable for the target device, for example, collecting an Identity Agent credential profile onto a smart card.

Solution

Ensure a suitable credential profile has been requested for the user. Details about the credential presented can be found in the Audit Reporting workflow.

Relates To

Credential Issuance

 

Error Code

890053

Text

Approval is needed.

Details

An attempt has been made to issue a credential with a request that has not yet been validated.

Solution

Requests can be validated in the Validate Request workflow. Alternatively, if validation is not required, this requirement can be removed in the Credential Profiles workflow. Previous requests made when validation was required will still require validation. These requests can be canceled using the Job Management workflow.

Relates To

Credential Issuance

 

Error Code

890054

Text

Action no longer available

Details

An attempt has been made to issue a credential with a request that is not in a valid state. It may be that the request has been suspended or canceled.

Solution

The status of requests can be reviewed using the Job Management workflow.

Relates To

Credential Issuance

 

Error Code

890055

Text

You are not authorized to complete this action

Details

An attempt has been made to issue a credential by a user that lacks permission to that credential.

Solution

Credential profile permissions can be managed using the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

890100

Text

You have no card profiles available.

Details

There are no suitable credential profiles available to the user.

Solution

Availability of credential profiles can be changed in the Credential Profiles workflow. See the Audit Reporting workflow for further details.

Relates To

Credential Issuance

 

Error Code

890110

Text

No suitable credential profiles available.

Details

While attempting to replace the device, no suitable card profiles were found. This is probably due to user permission changes since the initial issuance of the device.

Solution

Permissions can be edited in the Edit Roles workflow. Credential Profile permissions can be edited using the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

890467

Text

Unable to authenticate card. Unlocking your own card is not allowed.

Details

An attempt has been made to perform a self-service PIN unlock. The card in question does not have a card authentication certificate in container 5FC101, and so cannot be validated. The process has been blocked

Solution

If the card was issued by this system, then the credential profile needs to be updated to ensure a card authentication certificate is included in the correct container. Any previously issued devices will need to be updated before they can perform self service operations. This can be performed using the Update Card or Request Card Update workflows.

Relates To

PIV Self Service

 

Error Code

890468

Text

This version has been disabled.

Details

This is usually encountered when attempting to access ProcessDriver with an obsolete client.

Solution

Update the client software to be the latest version. If the problem persists, contact Intercede Support.

Relates To

Authentication

 

Error Code

890477

Text

Notification creation has failed.

Details

The system attempted to send a notification to another system, but this process has failed.

Solution

The Audit Reporting workflow may be able to assist with diagnosing the problem. If it does not, contact Intercede Support.

Relates To

Notifications

 

Error Code

890478

Text

An unexpected problem has occurred, please wait a short while then try again.

Details

There has been an underlying error in COM+. It may be that the COM+ settings are invalid, or the service has become unavailable.

Solution

If this is a consistent problem, permissions for the MyID system accounts may have changed. If it is an intermittent problem, the Windows Event Log may offer the cause of the authentication issues.

Relates To

Authentication

 

Error Code

890480

Text

Unable to register the device.

Details

An attempt to register a Trusted Platform Module with the system has failed.

Solution

The Audit Reporting workflow may be able to assist with diagnosing the problem.

Relates To

Credential Issuance

 

Error Code

890482

Text

Invalid response to the Client Action.

Details

The client has responded to the MWS with either a blank or invalid response.

Solution

This is usually caused by an unexpected client side error. The Audit Reporting workflow may be able to assist with diagnosing the problem.

Relates To

All

 

Error Code

890483

Text

There are no jobs for this device.

Details

An attempt was made to activate a device which does not have a corresponding job.

Solution

The Audit Reporting workflow may be able to assist with diagnosing the problem.

Relates To

Credential Issuance

 

Error Code

890488

Text

The card is not issued.

Details

An attempt was made to change the PIN for a credential that was not issued by the system.

Solution

Ensure that the user is using the correct device.

Relates To

Self Service Operations

 

Error Code

890489

Text

The card is disabled.

Details

An attempt has been made to reset the user PIN for a device that is currently disabled.

Solution

Details of the disabled device can be found in the Audit Reporting workflow. Devices can be enabled using the Enable / Disable Credential workflow.

Relates To

Self Service Operations

 

Error Code

890490

Text

The card is not recognized or the user does not have permissions to use it.

Details

A device has been selected that the user does not have permissions to view or manipulate.

Solution

Typically, this occurs during self service operations where a process is initiated with one card but, mid process, an alternative card is switched-in. It can also occur when an Auth Code that is tied to a device is used against another device. New authentication codes can be requested from the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

890491

Text

An unknown error has occurred trying to capture biometrics.

Details

An unexpected error has occurred validating biometric data.

Solution

The System Events log may give further advice.

Relates To

Authentication

 

Error Code

890493

Text

An unknown error has occurred.

Details

An unexpected low level error has occurred.

Solution

The error is usually caused by low level exceptions being thrown by components. This can be caused by such things as:

  • The card layout assigned to the mobile credential profile having an image that was missing from the system.
  • A Content Signer Certificate not being correctly configured on the App Server.
  • Card access failure.
  • Other low level failure conditions.

If you experience this error when attempting to issue a smart card set up for OPACITY, see the Troubleshooting OPACITY smart cards section in the Smart Card Integration Guide.

If you are attempting to issue a Windows Hello credential, this may be caused by selecting a certificate that is not suitable for Windows Hello. See the Certificate policies section in the Windows Hello for Business guide.

Details of the issue will be available in the Audit Reporting and System Events workflows. If the problem persists, contact Intercede Support.

Relates To

All

 

Error Code

890495

Text

The job specified has not been found or is invalid.

Details

An attempt has been made to access a job, but the details for the job are incorrect.

Solution

Ensure that the job details are valid.

Relates To

All

 

 

Error Code

890496

Text

Attempted to execute un-approved command

Details

An unsolicited command has been attempted against a card.

Solution

Stop using the issuing workstation or device immediately and contact Intercede Support.

Relates To

Credential Issuance

 

Error Code

890497

Text

Your session has expired, please try again.

Details

The action cannot be completed because the user did not complete the workflow in a reasonable time.

Solution

Ask the user to repeat the action. You can configure the duration using the Task Number Timeout setting on the Process tab of the Security Settings workflow. The default is 30 minutes.

Relates To

All

 

Error Code

890499

Text

The card profile does not support encryption and therefore can not be used for key recovery

Details

The system was asked to recover a certificate to a device that cannot protect the private key for that certificate. This attempt was blocked.

Solution

Ensure the credential profile is configured correctly. Any device that is to receive an archived certificate must be configured for MyID signing. This is usually a certificate policy of type Signature configured for signing within MyID. If you require further assistance, contact Intercede Support.

Relates To

Credential Issuance

 

Error Code

890500

Text

This card does not support biometric match from card.

Details

A request for a derived credential has been made from a card that does not support biometric matching.

Solution

If it is not the intention to perform biometric matching during the request for derived credentials (for example, if you are using VSCs), set the Require fingerprints for derived credentials option to No.

Relates To

Credential Issuance

 

Error Code

890501

Text

No Captured Sample

Details

The client has returned no biometric data.

Solution

Ensure that the correct client software is installed and that a suitable biometric capture device is connected to the client.

Relates To

Authentication

 

Error Code

890502

Text

No Sample From Card

Details

A card that we expected to have biometric data on it does not.

Solution

Canceling and re-issuing the device may help. The Audit Reporting workflow will show whether biometric data was written to the card during issuance.

Relates To

Authentication

 

Error Code

890503

Text

Security Phrases do not match

Details

The user has entered an incorrect security phrase during credential issuance, so the process has been aborted.

Solution

Repeat the process entering the correct security phrase. Security phrases can be reset either using the Change Security Phrases or Change My Security Phrases workflows.

Relates To

Authentication

 

Error Code

890504

Text

This device does not support the use of generic encryption keys

Details

This device does not support the use of generic keys for encryption. Issuance cannot continue.

Solution

The selected credential does not support the use of generic keys for encryption. You must select a certificate for encryption in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

890505

Text

This device does not support the use of certificates for encryption.

Details

The selected credential does not support the use of certificates for encryption.

Solution

The Credential Profiles workflow can be used to control how a credential authenticates to MyID. Contact Intercede Support for further details.

Relates To

Credential Issuance

 

Error Code

890506

Text

This device does not support the use of generic signing keys

Details

The selected credential does not support the use of generic keys for signing. Issuance cannot continue.

Solution

You must select a certificate for signing in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

890507

Text

This device does not support the use of certificates for signing

Details

The selected credential does not support the use of certificates for signing. Issuance cannot continue.

Solution

The Credential Profiles workflow can be used to control how a credential authenticates to MyID. Contact Intercede Support for further details.

Relates To

Credential Issuance

 

Error Code

890509

Text

The card cannot hold recovered certificates.

Details

An attempt has been made to recover certificates to a credential that does not support certificate recovery.

Solution

Provide the user with a credential that is capable of recovering certificates. Details of the presented credential can be found in the Audit Reporting workflow.

Relates To

Certificate Recovery

 

Error Code

890510

Text

PIV: Card recipient not authorized

Details

The selected user is either disabled, or has not been approved for card issuance.

Solution

For information on approving users, see the Setting the User Data Approved flag section in the Administration Guide. Alternatively, this restriction can be removed using the Credential Profiles workflow.

Relates To

Credential Request

 

Error Code

890511

Text

Insufficient data to issue card

Details

There is insufficient data to either build the FASCN or generate a UUID required for issuing this credential.

Solution

Details of the missing data will be available in the Audit Reporting and System Events workflows. If the problem persists, contact Intercede Support

Relates To

PIV Credential Issuance

 

Error Code

890512

Text

numberOfAttempts

Details

Biometric validation has been attempted multiple times, and has failed each time. The retry limit has been reached and so the process is aborting.

Solution

If biometric authentication is proving to have a high number of false negatives, the number of retries and the matching threshold can be configured in the Operation Settings workflow. If the problem is restricted to a subset of individuals, those individuals should re-enroll their biometric data.

Relates To

Authentication

 

Error Code

890513

Text

The captured fingerprints did not match those held on the card.

Details

Validation of a user's fingerprints against the biometric data stored on their card has failed.

Solution

The number of retries and the matching threshold can be configured in the Operation Settings workflow.

Relates To

Authentication

 

Error Code

890516

Text

Asset was not found in LDAP

Details

The Asset Name reported by the client software does not match an entry in the domain.

Solution

Ensure the workstation is joined to the domain and repeat the process. If the problem persists, contact Intercede Support.

Relates To

Virtual Smart Card Issuance

 

Error Code

890517

Text

An error occurred when checking the machines DNS

Details

The Asset Name reported by the client software does not match an entry in the domain.

Solution

Ensure the workstation is joined to the domain and repeat the process. Check the DNS entry for the workstation. If the problem persists, contact Intercede Support.

Relates To

Virtual Smart Card Issuance

 

Error Code

890518

Text

An error occurred when checking the machines DNS

Details

The Asset Name reported by the client software does not match an entry in the domain.

Solution

Ensure the workstation is joined to the domain and repeat the process. Check the DNS entry for the workstation. If the problem persists, contact Intercede Support.

Relates To

Virtual Smart Card Issuance

 

Error Code

890519

Text

This job is not being collected on the correct asset

Details

An attempt has been made to delete a virtual smart card from an incorrect machine.

Solution

Repeat the process from the correct machine. If the deletion request is no longer required, it can be canceled from the Job Management workflow.

Relates To

Credential Termination

 

Error Code

890520

Text

There has been an error generating the virtual smart card

Details

There has been an error creating a VSC remotely on the client workstation.

Solution

The Audit Reporting workflow will contain details of the error. Ensure your system is configured for virtual smart card issuance as detailed in the Microsoft VSC Integration Guide, and that the client workstation is joined to the domain.

Relates To

Credential Issuance

 

Error Code

890522

Text

There has been an error generating the virtual smart card

Details

There has been an error creating a VSC remotely on the client workstation.

Solution

The Audit Reporting workflow will contain details of the error. Ensure your system is configured for virtual smart card issuance as detailed in the Microsoft VSC Integration Guide, and that the client workstation is joined to the domain.

Relates To

Credential Issuance

 

Error Code

890524

Text

Maximum biographic retries exceeded

Details

The user has entered incorrect data too many times and the process has been aborted.

Solution

Retry the process with the correct biographic details. If the problem persists, contact Intercede Support

Relates To

Kiosk Biographic Logon

 

Error Code

890527

Text

Device not assigned to a user

Details

The current device is expected to be issued, but it is not. The Audit will contain more details.

Solution

The user is probably trying to use a device that has not been issued by MyID. It may be required to issue the user a credential. The Audit Reporting workflow will contain more details about the inserted device.

Relates To

Credential Issuance

 

Error Code

890534

Text

The supplied card is not a temporary card

Details

A workflow that requires a temporary credential to be provided to it has had a permanent credential supplied. The workflow is not allowed to interact with this credential and so terminates

Solution

Ensure the correct credential was presented. The Audit Reporting workflow will give details of the presented credential.

Relates To

Credential Lifecycle

 

Error Code

890535

Text

The supplied card is not assigned to the user

Details

A self-service workflow that requires a temporary credential to be provided to it has had a different user's credential supplied. The workflow is not allowed to interact with this credential and so terminates.

Solution

Ensure the correct credential was presented. The Audit Reporting workflow will give details of the presented credential.

Relates To

Credential Lifecycle

 

Error Code

890537

Text

The device is unsuitable for the profile specified.

Details

The presented device is not suitable for the selected credential profile.

Solution

Details of why issuance was denied can be found in the Audit Reporting workflow. The usual cause is the device having insufficient space for the configured certificates.

Relates To

Credential Issuance

 

Error Code

890540

Text

The content defined in the card profile is not currently supported by this issuance method. Please contact your system administrator

Details

The action being performed is not supported by the client being used. For example, SSA cannot issue credentials with generic signing keys.

Solution

Select an appropriate client to perform the intended action.

Relates To

Credential Issuance

 

Error Code

890543

Text

User not logged in

Details

The current session is unauthenticated. This can happen if a client loses its cookie collection mid-process or a process has timed out. It can also happen if using a web farm that is not session aware. The error may also occur when entering an incorrect auth code.

Solution

Retry the current process. If entering an auth code, make sure you have entered the correct auth code (this error may be caused by a person having two auth codes for different purposes and using the wrong one for the current task). The timeout duration can be managed in IIS. If the problem persists, and there have been no changes to the network infrastructure, contact Intercede Support.

Relates To

Authentication

 

Error Code

890547

Text

No TPM Found

Details

The client workstation has reported that it has no Trusted Platform Module available. A TPM is required to perform Attested Device Identity issuance.

Solution

The client workstation is unsuitable to receive the credentials requested for it. Issuance cannot continue.

Relates To

Credential Issuance

 

Error Code

890550

Text

Error with TPM

Details

The client workstation has reported that it has no Endorsement Key Hash available. An Endorsement Key is required to perform Attested Device Identity issuance.

Solution

The client workstation is unsuitable to receive the credentials requested for it. Issuance cannot continue.

Relates To

Credential Issuance

 

Error Code

890551

Text

The machine specified has not been registered.

Details

A workstation can only receive an Attested Device Identity if it has been registered beforehand. This workstation has not been registered.

Solution

The workstation may have changed its DNS entry or ID since last being registered. Workstations can be registered using the Register Credential workflow.

Relates To

Credential Issuance

 

Error Code

890555

Text

This mobile identity has previously been fully or partially provisioned. To provision it again, the mobile identity must be canceled on the server and a new request made.

Details

The mobile provisioning has got into a state that cannot be recovered from automatically.

Solution

Cancel the device using the Cancel Credential workflow and repeat the issuance process.

Relates To

Identity Agent Provisioning

 

Error Code

890556

Text

Multiple matches

Details

The mobile provisioning has got into a state that cannot be recovered from automatically. There are multiple outstanding requests and the correct one cannot be determined.

Solution

Cancel the device and repeat the issuance process. The status of jobs can be checked in the Job Management workflow.

Relates To

Identity Agent Provisioning

 

Error Code

890557

Text

This mobile identity has previously been fully or partially provisioned. To provision it again, the mobile identity must be canceled on the server and a new request made.

Details

An earlier issuance process for this device has previously failed. The system can automatically recover from most fail conditions but some are unrecoverable.

Solution

Cancel the device and repeat the issuance process. The status of jobs can be checked in the Job Management workflow.

Relates To

Identity Agent Provisioning

 

Error Code

890558

Text

The server has requested more security questions than we can provide.

Details

Server side authentication has failed.

Solution

If this occurs during Identity Agent provisioning, it means the Mobile user has been updated, and the account no longer works.

Relates To

Identity Agent Provisioning

 

Error Code

890561

Text

Your user account does not have permission to complete the request. Please contact your administrator

Details

The user does not have suitable permissions to complete the issuance process, or does not have access to the Credential Profile being requested.

Solution

If this occurs during the provisioning of a mobile device, the user must have access to Collect My Updates (workflow operation ID 242) for device logon. Permissions can be edited in the Edit Roles workflow. Credential profile permissions can be edited using the Credential Profiles workflow. See the Granting access to the workflows section in the Mobile Identity Management document for details.

Relates To

Credential Issuance

 

Error Code

890562

Text

This device cannot be provisioned at this time. The request on the server has expired. You will need to request the provisioning again.

Details

The provisioning job is no longer valid.

Solution

Cancel the device and repeat the issuance process. The status of jobs can be checked in the Job Management workflow.

  • IKB-280 – Misleading error message text for error 890562

    This error may also occur if you attempt to collect the job before it has been validated, in which case you do not need to cancel the job and repeat the issuance process, but must validate the job and then attempt to collect it again.

Relates To

Credential Issuance

 

Error Code

890564

Text

User is not suitable for certificate issuance

Details

The system is attempting to issue a credential with X509 certificates on it to a user with no Distinguished Name. A Distinguished Name is required for certificate issuance.

Solution

The Distinguished Name can be set using a number of processes. It is set when an account is imported from an LDAP. It is set when a user is assigned to a group or agency. It can be set using Lifecycle API. Ensure that the user has a Distinguished Name set and then retry the process.

Relates To

Credential Issuance

 

Error Code

890565

Text

There is no suitable card profile

Details

An attempt has been made to issue a MIM-Badge style mobile device, but configuration is incomplete. There are no credential profiles with a suitable configuration

Solution

Create a suitable credential profile. See the Setting up the Identity Agent credential profiles section in the Mobile Identity Management document for details.

Relates To

Identity Agent Issuance

 

Error Code

890566

Text

This device is not the one specified in the job.

Details

The request is for a different device to the one being presented.

Solution

Either use the correct device, or request a new provisioning for the presented device.

Relates To

Identity Agent Provisioning

 

Error Code

890568

Text

This device belongs to a different user than the one specified in the job.

Details

The device you are attempting to issue is already allocated to someone else.

Solution

Provide the user with a different device. If the device is a mobile device, you could use the Cancel Credential workflow to disassociate the device with the previous owner. If the device is a smart card, you could use the Cancel Credential or Erase Card workflow to cancel the device. After cancellation, the issuance can be re-attempted.

Relates To

Identity Agent Provisioning

 

Error Code

890569

Text

This mobile identity has previously been fully or partially provisioned. To provision it again, the mobile identity must be canceled on the server and a new request made.

Details

The mobile provisioning has got into a state that cannot be recovered from automatically.

Solution

Cancel the device and repeat the issuance process.

Relates To

Identity Agent Provisioning

 

Error Code

890570

Text

The device must be specified to provision this credential profile.

Details

The issuance is restricted to a sub-set of eligible devices. The device being issued is not part of that subset.

Solution

Restrictions are managed in the Credential Profiles workflow.

Relates To

Identity Agent Provisioning

 

Error Code

890571

Text

This device must be assigned to a user to provision this credential profile.

Details

The issuance is restricted to a sub-set of eligible devices. The device being issued is not part of that subset.

Solution

Restrictions are managed in the Credential Profiles workflow.

Relates To

Identity Agent Provisioning

 

Error Code

890572

Text

There has been a configuration error. There is insufficient data available to provision this device.

Details

The system has attempted to generate an identifier for the user and failed. This is usually a PIV compliant FASCN.

Solution

If a FASCN is expected, the user lacks mandatory data. Please enroll the user again. Details of the missing data will be highlighted in the Audit Report. If a FASCN is not required, change the node BuildFASCN from 1 to 0 in the relevant CardProperties file.

Relates To

Identity Agent Provisioning

 

Error Code

890573

Text

The system is at capacity. Issuance cannot continue.

Details

The action would exceed the current license capacity.

Solution

Cancel existing users or devices. Alternatively, obtain additional licenses.

Relates To

Credential Issuance

 

Error Code

890574

Text

Your card was issued by an agency that does not allow derived credentials from this kiosk

Details

An attempt was made to request a derived credential from a card issued by an untrusted source. The issuance was blocked.

Solution

The Cards Allowed For Derivation flag in the Operation Settings workflow determines which devices are allowed to request derived credentials. Details of the presented device can be found in the Audit Reporting workflow.

Relates To

Derived Credential Issuance

 

Error Code

890575

Text

Invalid Credential Profile. Cannot issue new unmanaged certificates.

Details

The credential profile is set to issue a new instance of the "Unmanaged" certificate profile. This is invalid.

Solution

Edit the credential profile to issue "Historic Only" certificates of this policy. This can be performed in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

890578

Text

The mailer component was unable to send the mail to the specified SMTP server

Details

There has been a problem with the email server or settings.

Solution

Verify the SMTP server settings in the External Systems workflow. See the Setting up email section in the Advanced Configuration Guide for details.

Relates To

Credential Issuance

 

Error Code

890579

Text

The job specified is being used by another operator.

Details

An attempt has been made to action a job that is currently being actioned by another user of the system. This attempt has been blocked.

Solution

Sometimes this can occur if a session is forcibly closed mid-process and the job re-attempted. If this is the case, the lock should clear within 60 minutes.

Relates To

Credential Issuance

 

Error Code

890580

Text

There was a problem generating the Terms and Conditions. This process cannot continue.

Details

The required Terms and Conditions document for the credential issuance could not be created. As such, the issuance has been prevented.

Solution

The usual cause for this is a missing mapped field. This could be either a form element that has not been completed, or a user attribute that has no value.

Correct the terms and conditions document in the ServerDocuments table of the database and try again. If the problem persists, contact customer support.

Relates To

Credential Issuance

 

Error Code

890581

Text

User PIN not supported in Batch Process

Details

Credentials that require a manual PIN to be set are not appropriate for batch issuance, and so the issuance of the credential has been prevented.

Solution

Default filters usually prevent these credential profiles from being selectable. Do not remove these filters when selecting jobs. Use Collect Card for jobs that require the User PIN to be chosen.

Relates To

Credential Issuance

 

Error Code

890585

Text

Disabled devices cannot sign Terms and Conditions

Details

The workflow requires that Terms and Conditions be signed in order to continue. It is not possible to sign with the presented credential as it is disabled. The workflow will not continue.

Solution

Enable the device and repeat the workflow.

Relates To

Credential Issuance

 

Error Code

890586

Text

Disabled users cannot sign Terms and Conditions

Details

The workflow requires that Terms and Conditions be signed in order to continue. It is not possible to sign with the presented credential because the user account associated with it is disabled. The workflow will not continue.

Solution

Enable the user account and repeat the workflow.

Relates To

Credential Issuance

 

Error Code

890588

Text

The request has not been approved yet. Try again later.

Details

An attempt has been made to action a job that is awaiting validation.

Solution

If you want to carry out this job, use the Validate Request workflow in MyID Desktop or the Approve Request option in MyID Operator Client to approve it. Otherwise, you can use the Job Management workflow to cancel the job.

Relates To

Identity Agent Provisioning

 

Error Code

890594

Text

You have no authentication mechanisms that are suitable for this operation.

Details

The user has either no self service authentication mechanisms available, or has failed to authenticate with all of their authentication mechanisms. They cannot perform the desired action.

Solution

If the user has configured authentication mechanisms, repeat the process, passing the correct values. It may be necessary to unlock the user's security phrases.

If this error is encountered while attempting a self service unlock operation, it may be because the configuration option Verify fingerprints during card unlock is enabled and the user does not have fingerprints enrolled.

For self-service unlock operations using the Self-Service App or the Self-Service Kiosk, this error may also occur if the user does not have a role that has access to the Unlock My Card workflow.

If the user has no means to authenticate themselves then the process cannot continue.

Relates To

Authentication

 

Error Code

890596

Text

Your account is not eligible to receive this credential.

Details

An attempt has been made to collect a credential for a user whose account lacks the required attributes to receive that credential.

Solution

The credential profile selected specifies requisite user data; the user does not have the required attributes populated. Either populate these attributes for the user, or select a credential profile that does not have these requirements.

Check the audit, which may contain additional information about the missing attributes.

Relates To

Credential Issuance

 

Error Code

890597

Text

The specified user cannot be found.

Details

The user account identity is determined using either the UPN from the current Windows logon session or the value held in the MYID_USERNAME environment variable but cannot be found within MyID.

Solution

To correct this issue:

  • Check that the user account exists in MyID.
  • UPN matching is case-sensitive – check that the value used by Windows matches the case of the stored UPN in MyID.
  • Check that the value in MYID_USERNAME is set to the correct value for the MyID user account.

For further details about how a user account is associated to MyID, see the Specifying the target user section in the Web Service Architecture guide.

Relates To

Authentication

 

Error Code

890598

Text

A problem has been reported by Windows (<error>). Check the Microsoft documentation for further details.

Details

The Windows Hello for Business enrollment failed due to a problem with your system, and Windows reported an error; for example, 0x80070015.

Solution

Check the Windows event log. If you have a persistent issue, see the MyID Client Components section in the Configuring Logging guide for information on how to enable MyID client logging for the WHfB component.

Relates To

Windows Hello

 

Error Code

890599

Text

Failed to detect the Windows Hello reader

Details

Enrollment was reported as completing successfully, but MyID could not detect the Windows Hello device.

Solution

Check the Windows event log. If you have a persistent issue, see the MyID Client Components section in the Configuring Logging guide for information on how to enable MyID client logging for the WHfB component.

Relates To

Windows Hello

 

Error Code

890600

Text

An unknown error occurred with Windows Hello for Business

Details

This error is unexpected.

Solution

Check the Windows event log. If you have a persistent issue, see the MyID Client Components section in the Configuring Logging guide for information on how to enable MyID client logging for the WHfB component.

Relates To

Windows Hello

 

Error Code

890601

Text

Cannot perform this operation over a remote desktop connection

Details

Windows Hello for Business is not supported over RDP.

Solution

Make sure you are logged on directly to the PC you want to work with.

Relates To

Windows Hello

 

Error Code

890700

Text

You cannot reset your Windows Hello PIN using this application.

Details

Resetting a Windows Hello PIN is managed by Windows and may be dependent on Windows Hello group policy configuration.

Solution

Check the Microsoft documentation for details.

Relates To

Windows Hello

 

Error Code

890701

Text

You cannot change your Windows Hello PIN using this application.

Details

Changing a Windows Hello PIN is managed by Windows and may be dependent on Windows Hello group policy configuration.

Solution

Check the Microsoft documentation for details.

Relates To

Windows Hello

 

Error Code

890703

Text

The attempt to assign a device has been rejected. The device assignment end date for the group that this person is associated with has passed.

Details

The issuance of the device would place it in a group that has expired.

Solution

Update the group to expire in the future and repeat the collection.

See the Controlling device assignments for groups section in the Administration Guide for details.

Relates To

Credential Issuance

 

Error Code

890704

Text

The attempt to assign a device has been rejected. The maximum number of assigned devices for the group that this person is associated with has been exceeded.

Details

The issuance of the device would cause the device limit for the group to be exceeded and so has been prevented.

Solution

Increase the group device limit and repeat the collection.

See the Controlling device assignments for groups section in the Administration Guide for details.

Relates To

Credential Issuance

 

Error Code

890705

Text

This request must be collected by the user account named in the request

Details

To collect a key recovery request, you must be the target of the request.

Solution

Ensure that you are the target of key recovery request that you want to collect.

Relates To

Credential Issuance

 

Error Code

890800

Text

Token validation failed.

Details

The OAuth2 authentication token passed through from Operator Client to ProcessDriver failed validation.

Solution

See the MyID Operator Client advanced configuration section in the MyID Operator Client guide.

The Process Driver log may include additional information on the specific validation check that failed.

Relates To

Authentication

 

Error Code

890801

Text

Issuer validation failed.

Details

The OAuth2 authentication token passed through from the MyID Operator Client to ProcessDriver failed validation due to an Issuer mismatch.

Solution

See the Setting the issuer for load-balanced systems section in the MyID Operator Client guide.

Relates To

Authentication

 

Error Code

890811

Text

Unable to determine server address

Details

You have attempted to carry out authentication using an external identity provider but your system is misconfigured.

Solution

Check that the AllowedHosts setting is correct. The setting must match the URL used for the MyID web server.

See the Configuring the MyID web services for external identity providers section in the MyID Authentication Guide guide.

Relates To

Authentication

 

Error Code

890812

Text

Unable to continue, invalid authenticated user

Details

You have attempted to carry out authentication using an external identity provider, but the user account with which you have authenticated is not the target user for the job.

Solution

Try the authentication again, and authenticate using the correct user account for the job.

See the Using an external identity provider section in the Self-Service App guide.

Relates To

Authentication

 

Error Code

891014

Text

Your mobile device is not compatible with biometric authentication.

Details

The credential profile you are attempting to collect on a mobile device is configured to require biometric authentication, and the device is not capable of capturing that data.

Solution

If biometric authentication is not required, review the configuration of the credential profile using the Credential Profiles workflow, under Issuance Settings. The global values are editable in the Operation Settings workflow.

Relates To

Credential Issuance

 

Error Code

891448

Text

The PIN on this device is not locked. You can only unlock this device when it is locked.

Details

An attempt has been made to unblock the PIN of a device that can only be unblocked when the user PIN is actually locked.

Solution

Enter the PIN incorrectly until the user PIN is blocked, then try again.

Relates To

Credential Issuance

 

Error Code

891449

Text

The PIN on this device is permanently locked. You will need to cancel and re-issue the device to be able to use it.

Details

An attempt has been made to unblock the PIN of a device that has had its PIN permanently blocked.

Solution

Unblocking the PIN on the device is not possible. To continue to use the device it will need to be canceled and re-issued.

Relates To

Credential Issuance

 

Error Code

892001

Text

The MyID license has expired.

Details

The current MyID license has expired and needs to be renewed.

Solution

Run the Licensing workflow to request a new license.

Relates To

Licensing

 

Error Code

892002

Text

The MyID license is invalid.

Details

There is something wrong with the current MyID license.

Solution

Run the Licensing workflow to request a new license.

Relates To

Licensing

 

Error Code

892012

Text

This system is not configured to allow issuance of this type of credential. Please contact your administrator.

Details

You have attempted to collect a card, but the system configuration does not allow you to collect it. For example, you may be trying to collect a smart card that requires customer GlobalPlatform keys, but the Enable Customer GlobalPlatform Keys option (on the Device Security tab of the Security Settings workflow) is set to No.

Solution

Check that you have configured your system to issue this type of credential.

Relates To

Credential Issuance

 

Error Code

892015

Text

Card update failed due to non-compliance with T&C signing requirements.

Details

The current workflow is incapable of performing the Terms and Conditions step, but system configuration dictates that this step is mandatory for the selected update.

Solution

If Terms and Conditions are required, use an alternative workflow to collect the update or contact Intercede Support. Terms and Conditions requirements can be configured in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

892016

Text

Server authentication not enabled, please contact your administrator.

Details

ProvisionDevice relies on a secure server side authentication process. This process has either not been configured or has been disabled.

Solution

Contact Intercede Support. MyID 9.0 systems may require a patch to enable this feature.

Relates To

Identity Agent Provisioning

 

Error Code

892021

Text

Finger print biometrics have expired.

Details

The biometrics captured for the user have expired.

Solution

Capture fresh biometrics and try again.

Relates To

Authentication

 

Error Code

892022

Text

Facial biometrics have expired.

Details

The biometrics captured for the user have expired.

Solution

Capture fresh biometrics and try again.

Relates To

Authentication

 

Error Code

892023

Text

Iris biometrics have expired.

Details

The biometrics captured for the user have expired.

Solution

Capture fresh biometrics and try again.

Relates To

Authentication

 

Error Code

892024

Text

Biometrics have expired.

Details

The biometrics captured for the user have expired.

Solution

Capture fresh biometrics and try again.

Relates To

Authentication

 

Error Code

892025

Text

Facial biometrics have not been found.

Details

There are no facial biometrics for the user.

Solution

Capture fresh biometrics and try again. If there is no requirement for facial biometrics, disable the need for facial biometrics in the credential profile.

Relates To

Authentication

 

Error Code

892026

Text

The server content signing certificate will expire before the device expires. Please contact your system administrator.

Details

The server content signing certificate will expire before the device expires.

Solution

Issue a new content signing certificate.

Relates To

Credential Issuance

 

Error Code

892101

Text

You do not have access to any workflows.

Details

The account that has authenticated does not have access to any workflows available to the client.

Solution

Permissions can be configured in the Edit Roles workflow.

Relates To

Authentication

 

Error Code

892102

Text

Invalid session.

Details

The content of the data used to perform a logon has become corrupt.

Solution

Restart the client and try again.

Relates To

Authentication

 

Error Code

892103

Text

The system hasn't been configured to allow PFX files to be issued.

Details

An attempt to issue PFX certificates to an iOS based Identity Agent using Safari has failed

Solution

The account the web service is running as does not have write permissions to the Generated folder on the Web server.

Relates To

Identity Agent Issuance

 

Error Code

892106

Text

System configuration error

Details

This is usually encountered as soon as the client application loads, and means that the server has been incorrectly configured. For example, the Web Services user does not have permission to activate the COM components.

Solution

Each COM+ application on the MyID application server needs to have the Web_Role enabled in the Security tab.

Run the System Interrogation Utility to help you identify the issue; see the System Interrogation Utility guide for details.

Relates To

All

 

Error Code

892110

Text

Card label mapping is invalid

Details

The Card label mapping setting is not set to a valid attribute.

Solution

Make sure that the attribute is formatted correctly, and that it is valid. This can be checked and changed in the Operation Settings workflow, under the Devices tab.

See the Devices page (Operation Settings) section in the Administration Guide for details.

Relates To

Credential Issuance

 

Error Code

9007124

Text

Card type must match the card stock

Details

The credential does not match the credential type of the credential stock for the credential profile selected.

Solution

Make sure the credential inserted or selected matches the credential type of the credential stock on the required credential profile.

Relates To

Credential Issuance

 

Error Code

9000511

Text

Logon Failed: Incorrect credentials supplied.

Details

An attempt to authenticate to MyID with incorrect credentials was attempted. This attempt has been blocked.

Solution

This is usually due to a user entering incorrect Security Phrases. Security Phrases can be set either using the Change Security Phrases or Change My Security Phrases workflows.

Relates To

Authentication

 

Error Code

9001004

Text

The terms and conditions signed envelope could not be validated.

Details

The approval of the Terms and Conditions has failed to validate.

Solution

The credential being issued should be canceled. The Audit Reporting workflow may be able to assist with diagnosing the problem.

Relates To

Credential Issuance

 

Error Code

9001005

Text

The terms and conditions certificate could not be validated.

Note: This error is often only visible via the audit.

Details

Terms and Conditions have been signed with a certificate using MyID Desktop. The validity of that cannot be verified against the CA. This is usually due to a firewall blocking access to the Certificate Revocation List (CRL) from the MyID application server.

The Audit Reporting workflow may be able to assist with diagnosing the problem.

Solution

Configure the application server to allow it to validate certificates issued by the CA. Often this involves granting access to the CRL, or ensuring that the root CA is in the application server's trusted root store.

On a Microsoft CA, you can determine whether the application server can verify the certificate chain using the certutil utility on the application server:

certutil -f -urlfetch -verify <issuing CA certificate.cer>

Relates To

Authentication

 

Error Code

9001400

Text

Access Denied

Details

You have attempted to initiate a workflow you do not have permissions to.

Solution

Permissions can be edited in the Edit Roles workflow.

Relates To

Authentication

 

Error Code

9002020

Text

Invalid Asset Selected

Details

The identity the connecting client has reported is either blank, or does not match an existing entry in the database.

Solution

Device information can be entered either using the Import Device workflow or using the DWS web service.

Relates To

Credential Issuance

 

Error Code

9002021

Text

Failed to add asset

Details

An attempt to add device identity information to the system has failed.

Solution

Check the data is valid and try again. If the problem persists, contact Intercede Support.

Relates To

Credential Issuance

 

Error Code

9003348

Text

This card profile requires that the recipient has a photograph captured

Details

The credential profile being issued enforces the user to have a photograph captured.

Solution

Photographs can be captured either using the Edit Person workflow or using Lifecycle API. Alternatively, this requirement can be relaxed in the Credential Profiles workflow.

Relates To

Credential Issuance

 

Error Code

9003400

Text

No biometric data captured

Details

The client has returned no biometric data.

Solution

Ensure that the correct client software is installed and that a suitable biometric capture device is connected to the client.

Relates To

Authentication

 

Error Code

9004028

Text

You do not have permission to access this workflow

Details

An attempt has been made to start a workflow the user does not have permissions to.

Solution

Check that the user has access to the required workflow. Permissions can be edited in the Edit Roles workflow.

The user's role must have access to the required workflow, and must also have the appropriate logon method.

This error may also occur if a system role has been edited and an essential workflow removed; for example, if you want to carry out self activation processes, the system role "Activation User" must have access to the Activate Card workflow, or to import a PIV card, the Server Credentials role must be given access to the Import from PIV Card operation.

Note: Any role that you want to receive mobile identities must have the Issue Device option selected in the Cards category in the Edit Roles workflow.

Relates To

Authentication

 

Error Code

9007084

Text

Operator may not issue this device

Details

An attempt has been made to collect a credential. This issuance was prevented because the operator does not have a suitable role to access this workflow.

Solution

Check that the operator has access to the required credential collection workflow. You can edit permissions in the Edit Roles or the Credential Profiles workflows. The user's role must also have the appropriate logon method.

Relates To

Credential Issuance

 

Error Code

9007085

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Card Applicant does not have a suitable role to collect this credential.

Solution

The Card Applicant lacks the roles required to receive this credential.

Relates To

Credential Issuance

 

Error Code

9007086

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Operator requested the job.

Solution

Have a different operator collect the credential

Relates To

Credential Issuance

 

Error Code

9007087

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because you cannot collect your own card in this workflow.

Solution

Have a different operator collect the credential.

Relates To

Credential Issuance

 

Error Code

9007088

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because you cannot collect a job that you have validated.

Solution

Have a different operator collect the credential.

Relates To

Credential Issuance

 

Error Code

9007089

Text

Card Applicant must have Facial Biometrics captured to continue.

Details

An attempt has been made to issue a credential. This issuance was prevented because the Card Applicant must have Facial Biometrics captured.

Solution

Enroll facial biometrics and try again.

Relates To

Credential Issuance

 

Error Code

9007090

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Card Applicant must have an image captured to continue.

Solution

Enroll a user photograph and try again.

Relates To

Credential Issuance

 

Error Code

9007091

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Card Applicant must have their user data approved.

Solution

Approve the Card Applicant and try again.

Relates To

Credential Issuance

 

Error Code

9007092

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Job is configured for bureau issuance.

Solution

This job cannot be issued using MyID. If this is unexpected, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007093

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the card layout specified for this job is no longer valid.

Solution

The job cannot be issued in its current state.

Relates To

Credential Issuance

 

Error Code

9007094

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the expiry date of this card has passed.

Solution

The job cannot be issued. Request a new credential for the user.

Relates To

Credential Issuance

 

Error Code

9007095

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the lifetime of this card will be less than the minimum allowed.

Solution

The job cannot be issued. Request a new credential for the user.

Relates To

Credential Issuance

 

Error Code

9007096

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because it is a Virtual Smart Card request. The target device is not compatible with Virtual Smart Card Issuance.

Solution

Collect the job using the self service application on an appropriate machine. If the problem persists, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007097

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the card cannot be used with MyID.

Solution

The card is incompatible with MyID. If this is unexpected, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007098

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the card has been disposed or lost and unable to be reissued.

Solution

Repeat the process with a different device.

Relates To

Credential Issuance

 

Error Code

9007099

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the credential must be issued to a known Serial Number.

Solution

Either use a device that was imported, or modify the credential profile to not require the target card to have been previously imported.

Relates To

Credential Issuance

 

Error Code

9007100

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because it must be a known proximity card.

Solution

Either use a device that was imported, or modify the credential profile to not require the target card to have a contactless component that has been previously imported.

Relates To

Credential Issuance

 

Error Code

9007101

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the system is not set up to issue this card.

Solution

The card is incompatible with MyID. If this is unexpected, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007102

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the required biometrics have expired.

Solution

Enroll new biometrics for the applicant and then try again.

Relates To

Credential Issuance

 

Error Code

9007103

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Card Applicant must have Facial Biometrics captured to receive the credential profile.

Solution

Enroll new facial biometrics for the applicant and then try again. Alternatively edit the credential profile to remove this requirement.

Relates To

Credential Issuance

 

Error Code

9007104

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Iris biometrics will expire within card lifetime.

Solution

Enroll new iris biometrics for the applicant and then try again.

Relates To

Credential Issuance

 

Error Code

9007105

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the required biometrics have expired.

Solution

Enroll new biometrics for the applicant and then try again.

Relates To

Credential Issuance

 

Error Code

9007106

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the content signer will expire during card lifetime.

Solution

This will prevent all PIV compatible issuance. Issue a new content singing certificate to continue to be able to issue cards.

Relates To

Credential Issuance

 

Error Code

9007107

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the Data Model failed validation.

Solution

If you are using custom data models, the data model you have chosen is invalid. If you are using MyID data models, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007108

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the card does not have GP key available.

Solution

Either configure the keys for this device in the Key Management workflow, or add an exclusion for this device in the Security Settings workflow.

Relates To

Credential Issuance

 

Error Code

9007109

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the device must be a proximity card.

Solution

Present an appropriate device and try again. See the product documentation for supported proximity devices.

Relates To

Credential Issuance

 

Error Code

9007110

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because it must be a contact chip card.

Solution

Present an appropriate device and try again. See the product documentation for supported smart cards.

Relates To

Credential Issuance

 

Error Code

9007111

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the job is expecting a different device.

Solution

Use the device specified at the time of the request and try again.

Relates To

Credential Issuance

 

Error Code

9007112

Text

This card cannot be used in its current state

Details

An attempt has been made to issue a credential. This issuance was prevented because the device type is inappropriate for the workflow.

Solution

Use an appropriate device and try again. For advice with issuance processes, contact customer support.

Relates To

Credential Issuance

 

Error Code

9007137

Text

The job is assigned to a card

Details

Credentials that are assigned to a specific card are not appropriate for batch issuance, and so the issuance of the credential has been prevented.

Solution

Use the Collect Card workflow for jobs that are assigned to a card.

Relates To

Credential Issuance

 

Error Code

9007138

Text

Device capacity exceed.

Details

An attempt has been made to issue a credential. This issuance was prevented because the number of certificates that is required to be written the device would have exceeded its capacity.

Solution

Reduce the number of certificates to be written or provide a different device.

Relates To

Credential Issuance

 

Error Code

9007146

Text

 The content signing certificate has not been configured

Details

An attempt has been made to issue a credential. This issuance was failed because the required content signing certificate has not been configured.

Solution

Configure the content signing certificate.

Relates To

Credential Issuance

 

Error Code

9007148

Text

The assisted activation card is assigned to the logged in operator

Details

Operator cannot activate cards that are assigned to themselves.

Solution

Ask another operator to carry out the assisted activation.

Relates To

Credential Issuance

 

Error Code

9007150

Text

Credential profile requisite data is not set.

Details

You have attempted to issue a credential to a user who does not pass the requisite data checks set up on the credential profile (for example, if the credential profile is designed for Windows logon, and the user does not have a UPN).

Solution

Ensure that the user has all the requisite data, or change the Requisite User Data criteria in the credential profile.

Relates To

Credential Issuance

 

Error Code

9007151

Text

An existing request or device exists with a different exclusive group

Details

You have attempted to collect a request for a device that has an exclusive group specified in its credential profile, but the target of the request already has a device, or a request for a device, that has a different exclusive group. You cannot have devices from different exclusive groups.

Solution

See the Exclusive Group section in the Administration Guide for details.

Relates To

Credential Issuance

 

Error Code

9007152

Text

The card suitability check has failed

Details

This error is displayed in the audit trail.

The message displayed for this error number depends on the response returned from the card suitability check web service; this may provide a reason why the card is not suitable for use.

If the message is "Suitability check failure" then this means that MyID was unable to contact the card suitability check web service.

Solution

See the Using the card suitability service section in the Administration Guide for details.

Relates To

Credential Issuance

 

Error Code

9008041

Text

Card was imported and cannot be used for this operation

Details

An attempt is being made to manage a device that was imported into MyID.

MyID can only manage devices issued by MyID

Solution

The operation cannot continue. Manage the device on the system that issued

it.

Relates To

Credential Issuance

 

Error Code

9008105

Text

The device is not ready for activation

Details

An attempt has been made to activate a device that does not have activation job.

Solution

Ensure that all the pre-activation stages has been completed before attempting to activate the device.

Relates To

Authentication

 

Error Code

9008106

Text

The device is already activated

Details

An attempt has been made to activate a device that has already been activated.

Solution

Ensure that the correct device has been presented for activation.

Relates To

Authentication

 

Error Code

9008107

Text

The device has not been configured for activation

Details

An attempt has been made to activate a device that was issued without the requirement for activation.

Solution

Ensure that the correct device has been presented for activation.

Relates To

Authentication

 

Error Code

9008108

Text

Cannot use device for signing

Details

The device has not been configured to allow the device to be used for signing.

Solution

Provide a suitable device for signing. Alternatively, update the credential profile to support signing and then update the device before trying again.

Relates To

Credential Issuance

 

Error Code

9008109

Text

Cannot use device for signing

Details

The device cannot be used for signing as the device has been disabled.

Solution

Enable the device and then try again or present a suitable device for signing.

Relates To

Credential Issuance

 

Error Code

9008110

Text

Cannot use device for signing

Details

The device cannot be used for signing as it has been issued to a different user or an activation job is not present.

Solution

Ensure that the correct device is presented for activation.

Relates To

Authentication

 

Error Code

9008111

Text

Cannot use device for signing

Details

The device cannot be used for signing as the user account has been disabled.

Solution

Re-enable the user account before trying again.

Relates To

Credential Issuance

 

Error Code

9008112

Text

Reset PIN is not available for this device.

Details

You have attempted to reset the PIN for a device that does not support this operation.

Solution

Select a different device and try again.

Relates To

Credential Issuance

 

Error Code

9008113

Text

The device cannot be activated as the device is not pending activation

Details

An attempt has been made to activate a device but failed as the device is not pending activation.

Solution

This may occur if the device is being issued with two stage activation but the first stage has not been completed. Ensure that all the pre-activation stages have been completed before trying again.

Relates To

Credential Issuance

 

Error Code

9008114

Text

Update job not available for the device

Details

An attempt has been made to update a device but failed as the update job was not found. This may be due to the update job being deleted or suspended in-between the update job notification and the attempt to collect the updates.

Solution

If the update job has been suspended, unsuspend the job and then try again. Where the update job has been deleted, re-request the update job before trying again.

Relates To

Credential Issuance

 

Error Code

9008115

Text

Card cannot be updated as content signer will expire during card lifetime

Details

The content signing certificate is nearing its expiry date, and the card lifetime is longer than the remaining lifetime of the certificate.

Solution

Renew the content signing certificate and try again.

Relates To

Credential Issuance

 

Error Code

9008116

Text

User's fingerprint enrollment data too old

Details

An attempt was made to issue a device but failed as the age of the fingerprint data exceeds the maximum biometric sample age.

Solution

Re-enroll the user's fingerprint before re-issuing the device.

Relates To

Credential Issuance

 

Error Code

9008117

Text

User's biometric data too old

Details

An attempt was made to issue a device but failed as the age of the biometric data exceeds the maximum biometric sample age.

Solution

Re-enroll the user's biometrics before re-issuing the device.

Relates To

Credential Issuance

 

Error Code

9008118

Text

Enrollment data has not been validated within the last 24 hours

Details

Your system had been configured to require you to activate this device within 24 hours of validating the enrollment data.

Solution

Validate the enrollment data and make sure you attempt to activate the device within 24 hours.

Relates To

Credential Issuance

 

Error Code

9008120

Text

Cannot be a known Dual-Interface Card

Details

Your system has been configured to prevent the issuance of dual interface cards for this type of credential.

Solution

Select a different device and try again.

Relates To

Credential Issuance

 

Error Code

80072002

Text

User has no finger prints

Details

Biometric authentication is required to continue with the process, but the user has no biometrics captured.

Solution

Biometric data can either be captured using the Enroll Applicant workflow, or imported using the Lifecycle API. Alternatively, if biometrics are not required for credential issuance, you can use the Credential Profiles workflow to remove this restriction.

Relates To

Authentication

 

Error Code

80072003

Text

Unable to create an instance of bio authentication device

Details

The libraries for biometric matching on the server have failed to load.

Solution

Ensure the software is installed and the correct library selected in the Operation Settings workflow. Details for each supported biometric matching library are available in the Integration Guides provided with MyID.

Relates To

Authentication

 

Error Code

80072101

Text

Device has no Auth Code requested

Details

An authentication code is required, but there are no authentication codes assigned to the device.

Solution

Authentication codes are requested using the Request Auth Code workflow. Alternatively, if they are not required, the need for an authentication code can be controlled using the Credential Profiles workflow.

Relates To

Authentication

 

Error Code

80072104

Text

Invalid Authentication Code provided. No attempts remaining

Details

An authentication code has been entered incorrectly too many times and the process has been terminated.

Solution

Check that the code was entered correctly. The input device may have caps lock enabled, or be set to an incorrect region. A new authentication code can be requested using the Request Auth Code workflow.

Relates To

Authentication

 

Error Code

80072105

Text

No Authentication Code available

Details

An authentication code is required, but there are no authentication codes assigned to the device.

Solution

Authentication codes are requested using the Request Auth Code workflow. Alternatively, if they are not required, the need for an authentication code can be controlled using the Credential Profiles workflow.

Relates To

Authentication

 

Error Code

80072106

Text

Authentication Code error occurred

Details

An error has occurred validating the Authentication Code

Solution

Repeat the process with a new authentication code. If this problem persists, contact Intercede Support.

Relates To

Authentication

 

Error Code

90200006

Text

Session timed out

Details

The action cannot be completed because the user's session has timed out.

Solution

Ask the user to log into MyID again and repeat the action. The timeout duration can be managed using IIS.

Relates To

All

 

Error Code

90200052

Text

Invalid OTP.

Details

An incorrect authentication code has been entered too many times while provisioning an Identity Agent, and so the process has been aborted.

Solution

Check that the code was entered correctly. The input device may have caps lock enabled, or be set to an incorrect region. The request can be retried. The authentication code is only invalidated then the process completes.

Relates To

Identity Agent Provisioning

 

Error Code

90200053

Text

Unable to enroll identity agent.

Details

There has been an error starting the Identity Agent issuance process.

Solution

Check the Audit Reporting workflow for details of the error, and the Troubleshooting section in the Mobile Identity Management document. If the problem persists, contact Intercede Support.

Relates To

Identity Agent Provisioning

 

Error Code

90200054

Text

The mobile is not the one specified in the job.

Details

A user is attempting to collect an Identity agent provisioning from an incorrect device.

Solution

Either use the correct device, or request an Identity Agent provisioning for the users current phone using the Request ID workflow.

Relates To

Identity Agent Provisioning

 

Error Code

90200055

Text

The job has already been collected.

Details

The mobile device job you are attempting to collect has already been collected.

Solution

If you are following the link from an email ensure you are not looking at an old email; otherwise, request a new credential.

Relates To

Identity Agent Provisioning

 

Error Code

90200056

Text

This mobile device has already been issued.

Details

The mobile device job you are attempting to collect is for a device which has already been issued.

Solution

If you want to issue the mobile device again, use Cancel Credentials to cancel the current issuance, then collect the new job.

Relates To

Identity Agent Provisioning

 

Error Code

90200062

Text

You are not able to collect this credential.

Details

An attempt has been made to request a derived credential for which the user is not permitted or configured correctly.

Solution

The audit will contain additional information regarding the underlying issue. See The audit trail section in the Administration Guide for further details.

Relates To

Derived Credentials

 

Error Code

90200063

Text

MyID is not configured for this credential profile.

Details

An attempt has been made to request a derived credential for which MyID is not configured correctly.

Solution

Check that the credential profile has been set up correctly.

Also, if you are using logon codes (for example, when collecting derived credentials onto a VSC using the Self-Service App), make sure that the Allow Logon Codes configuration option is set to Yes.

The audit will contain additional information regarding the underlying issue. See The audit trail section in the Administration Guide for further details.

Relates To

Derived Credentials

 

Error Code

90200593

Text

Configuration Error: Certificate storage incompatible with device

Details

An attempt has been made to issue a certificate to an unsuitable keystore.

Solution

Use the Certificate Authorities workflow to configure the storage mechanism for the policy that is being issued. Most mobile platforms implement a "software" keystore.

Relates To

Identity Agent Provisioning

 

Error Code

90200595

Text

An unexpected error has occurred

Details

The credential profile is set up for more historic certificates than the credential can hold.

Solution

Edit the credential profile to reduce the number of historic certificates.

Relates To

Credential Issuance

 

Error Code

90202843

Text

Certificate validation failed.

Details

An attempt was made to validate a credentials certificate during a derived credential request. The required certificate was either revoked or missing.

Solution

Full details of the invalid certificate can be found in the Audit Reporting workflow. The credential is not suitable for requesting Derived Credentials.

Relates To

Derived Credential Issuance

 

Error Code

90202847

Text

User is not valid for issuing a derived credential.

Details

Something about the user makes the account unsuitable for use. It may be that they lack the required PIV extensions in their card, that the agency check has failed or that no suitable credential profiles have been configured.

Solution

Details of the missing data will be available in the Audit Reporting workflow.

Relates To

Authentication

 

Error Code

90202848

Text

Configuration Error: Archive Certificate Policy does not match an allowed policy

Details

There is a configuration error when attempting to import a certificate as part of a derived credential request. It does not match an available policy.

Solution

Certificate policies are listed in the Certificate Authorities workflow. Contact Intercede Support if further assistance is required to configure this feature.

Relates To

Credential Issuance

 

Error Code

90202849

Text

Archived Certificate Import Configuration Error

Details

There is a configuration error when attempting to import a certificate as part of a derived credential request.

Solution

Certificate policies are listed in the Certificate Authorities workflow. Contact Intercede Support if further assistance is required to configure this feature.

Relates To

Credential Issuance

 

Error Code

90202907

Text

You do not have permissions to cancel this device.

Details

An attempt has been made to cancel a device that the authenticated user does not have control over.

Solution

If it is appropriate for the user to cancel the device, their scope can be changed in the Edit Person workflow.

Relates To

Credential Termination

 

Error Code

90202908

Text

An asset must be specified.

Details

The current stage requires that an asset was selected in a previous stage. It was not.

Solution

Correct the workflow to include an asset selection stage before the CancelDevice stage and retry the process. For further details, contact Intercede customer support.

Relates To

Credential Termination

 

Error Code

90300005

Text

You do not have sufficient privileges to perform this operation. Please contact your administrator

Details

The operator is attempting to use a workflow that requires the authentication of the target user. The operator lacks permissions to all authentication mechanisms.

Solution

Use the Edit Roles workflow to assign the operator at least one authentication mechanism for the workflow. If target user authentication is not required, assign the operator the Bypass Authentication item.

Relates To

Authentication

 

Error Code

99300010

Text

User not found.

Details

An error was encountered importing a user into MyID from an LDAP.

Solution

The System Events workflow may give further advice.

Relates To

Find Person

 

Error Code

99300102

Text

The type specified is not valid.

Details

A problem has been encountered identifying workflows that are suitable for a chosen object.

Solution

Details of the missing data will be available in the Audit Reporting and System Events workflows. If the problem persists, contact Intercede customer support.

Relates To

Launch Workflow