3 MyID Identity Agent error codes

IA10001

IA10002

IA10003

IA10004

IA10005

SOAP request failed

See section 3.1, Troubleshooting network connectivity.

IA10006

SOAP request failed

This error has occurred during the first communication for the provisioning process to retrieve the PFX.

This may be caused by exceeding the configured value for Maximum Session Count – this option determines the number of concurrent mobile issuance and update sessions are allowed by the server. See the Maximum session count section in the Mobile Identity Management document for details.

If this error consistently occurs when attempting to provision with Identity Agent, there is most likely a network misconfiguration; for example, with the firewall. In this case, the problem is with accessing the ProcessDriver.asmx service.

For intermittent occurrence of this error, see section 3.1, Troubleshooting network connectivity.

IA10007

IA10008

IA10009

IA10010

IA10011

IA10012

IA10013

IA10014

IA10015

SOAP request failed

See section 3.1, Troubleshooting network connectivity.

IA10016

SOAP request failed

If this error consistently occurs, it may be due to a misconfigured Image Upload Server setting within MyID.

Make sure that the value configured in MyID for the Image Upload Server configuration option is resolvable from the server hosting the MyID web services.

For more information, see the Configuring the image location section in the Administration Guide.

For intermittent occurrence of this error, see section 3.1, Troubleshooting network connectivity.

IA10017

IA10018

IA10019

IA10020

IA10021

IA10022

IA10023

IA10024

IA10025

IA10026

IA10027

IA10028

IA10029

IA10030

IA10031

IA10032

IA10033

IA10034

SOAP request failed

See section 3.1, Troubleshooting network connectivity.

IA10035

SOAP request failed

This error has occurred when there has been a failure in the communications to report that a certificate has been collected.

If this error consistently occurs when attempting to provision with Identity Agent, there is most likely a network misconfiguration; for example, with the firewall. In this case, the problem is with accessing the ProcessCard.asmx service.

See also section 3.1, Troubleshooting network connectivity.

IA10036

IA10037

IA10038

IA10039

IA10040

IA10041

IA10042

IA10043

IA10044

SOAP request failed

See section 3.1, Troubleshooting network connectivity.

IA10046

The root certificate needs to be installed and trusted on the device

Your system is configured for HTTPS, but Identity Agent cannot find the root certificate. Make sure that the root certificate is installed and trusted on the device.

IA12001

Pin Blocked

The user's PIN has become blocked. They should follow the unlock workflow for the key store in question.

IA12002

Decryption failure

This error may occur during mobile credential issuance when using the MWS web service when you have the Envelope Transport Key Algorithm is set to AES. To resolve the issue, either configure the system for REST-based mobile provisioning (preferred), or change the Envelope Transport Key Algorithm setting to 3DES.

IA12011

Failed to install the certificate

A likely cause of this error is when the time on the mobile device is set to before the 'enabled from' time of the certificate. Make sure the time on the mobile device is aligned with the time on the server.

IA14001

IA14002

IA14003

IA14004

IA14005

Failed to open a session to the smart card

If the app is intended to be used with a physical smart card, ensure that a card reader is attached to the mobile device and a smart card correctly inserted.

IA15004

The OTP has been entered incorrectly too many times

The user must close the Identity Agent, then click the link in the email to launch the process again.

IA15005

The provisioning attempt failed due to an incorrect OTP being provided

The OTP has been entered incorrectly. The user must attempt to provide the OTP again.

IA16002

A signing operation has failed

The most likely cause of this error is that the time on the mobile device is set to before the time from which the certificate is enabled.

In this case, set the time to the correct value, and the issue disappears.

IA17002

Pin Blocked

The user's PIN has become blocked. They should follow the unlock workflow for the key store in question.

IA17003

One or more certificates not allowed to be stored on this type of storage device.

The certificate policy configuration on the MyID server does not have the correct hard or soft storage configuration for the device that is collecting the identity. Amend the certificate policy configuration, or collect the identity on a suitable device.

IA17004

Failed to write card layout data

The MyID Identity Agent app had a problem when writing the card layout information. A reprovision may be attempted after ensuring that the device has permission and access and enough space on the device to store information.

IA17009

User aborted new pin entry

The user canceled the PIN setting dialog during the workflow. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel.

IA17010

Non-archived certificate request fail

A certificate has failed to issue. Ensure that the Certificate Authority is running and has connectivity to the MyID system. Check the certificate policy configuration on the MyID server for the non-archived certificates in the provisioning profile. Look for problems such as invalid key size.

If the issue cannot be resolved, contact customer support.

IA17011

Failed to write certificate

Ensure that at least the following versions of Identity Agent are being used:

iOS – 3.11

Android – 3.11

Windows – 2.10.1

IA17012

The user canceled the dialog

The user canceled the dialog during a remote PIN unlock workflow. The user can try again, without canceling the process part way through.

IA17014

Pin Blocked

The user's PIN has become blocked. They should follow the unlock workflow for the key store in question.

IA17015

Archived certificate creation fail

A certificate has failed to issue. Ensure that the Certificate Authority is running and has connectivity to the MyID system. Check the certificate policy configuration on the MyID server for the archived certificates in the provisioning profile. Look for problems such as invalid key size.

IA17016

Failed to verify user pin

The user's PIN could not be verified. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel.

IA17017

Failed to verify user pin

The user's PIN could not be verified. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel.

IA17018

Please check the time on your device is correct and try again.

Appears during a provision if there is more than a 10 minute time difference between the mobile device and the MyID web services server.

IA17019

Please check the time on your device is correct and try again.

Appears during a renewal if there is more than a 10 minute time difference between the mobile device and the MyID web services server.

IA17021

Invalid password algorithm specified.

During the online unlock, the replies to the security questions are encoded with a server-specified algorithm. This error occurs when the required algorithm is not supported by the Identity Agent. To address this issue, check whether a newer version of the Identity Agent is available with additional algorithm support.

IA80003

Problem starting provisioning

This error may occur on iOS and Android phones when the job details supplied for a provisioning job are incorrect. Ensure that the supplied server URL matches that of the MyID server.

IA80010

Problem initializing the key store

This error may occur on iOS and Android phones when the SOPIN in MyID does not match the SOPIN on the device. If this is the case, use the Remove Identity function from within Identity Agent on the device and then reissue the identity from MyID.

This error may also occur if the Envelope Transport Key Algorithm configuration option (on the Server page of the Security Settings workflow) is not set to 3DES.

IA80020

The correct OTP was not supplied by the user

The user should check that the OTP being used is the one that was communicated to them. If provisioning still cannot be completed then the job should be canceled and a new one raised.

REST001

The network has failed, please check connectivity

The mobile device is unable to connect reliably to the MyID Server. Check the device's Wi-Fi connection is operating normally; alternatively, if using cellular mobile data, check you are not in an area with poor signal reception.

REST002

The user aborted the operation

At some point during provisioning the user selected abort/cancel. If they want to try again, they need to obtain a new provisioning link/QR code for the new attempt.

REST003

Failed to get authorization

Trying to get authorization from the MyID Server to perform a provision has not been granted. Try with a different provisioning link/QR code to see if that fixes the issue.

REST004

The MyID Server is busy. Please try again later

The provision attempt is valid but the MyID Server is too busy at this time to perform the provisioning. Try again later, at a time when there is less load on the server.

REST005

The information provided in the provisioning link is not valid

Acquire a new provisioning link/QR code and attempt to provision with that instead.

REST006

The URL is malformed

The server URL specified in the provisioning link/QR code is not valid. Try with a different provisioning link/QR code to see if that fixes the issue.

REST007

Unrecoverable error has occurred

The framework/app is unable to continue with the provisioning process. Check the logs to see if troubleshooting information is available.

This may occur after failing to collect a REST provision using the authenticator app; subsequent attempts to collect the provision fail with this error. As a workaround, you are recommended to set the Issue over Existing Credential option in the credential profile; if the device is already issued to the target user, it is automatically canceled and then the new device issued.

This may also occur when issuing a mobile device with MDM restrictions and the MDM system does not recognize the mobile device as valid (for example, it is not registered, or does not have the required MDM attributes).

This may also occur when issuing a mobile identity document where the document format has mandatory attributes (for example, a user photograph) that the recipient does not have. Check the audit to determine which attributes are missing.

REST008

Unrecoverable error has occurred

The framework/app is unable to continue with the provisioning process. Check the logs to see if troubleshooting information is available.