3 MyID Identity Agent error codes
This section contains the list of errors that may occur when using Identity Agent. If an error occurs that is not listed in this table, or a remedy for an error cannot be found, contact customer support, quoting the error number and reference SUP-207.
Note: Where the error code or details specify "Identity Agent", this is also applicable for the Identity Agent Framework.
Error Code |
IA10001 IA10002 IA10003 IA10004 IA10005 |
Text |
SOAP request failed |
Details |
Error Code |
IA10006 |
Text |
SOAP request failed |
Details |
This error has occurred during the first communication for the provisioning process to retrieve the PFX. This may be caused by exceeding the configured value for Maximum Session Count – this option determines the number of concurrent mobile issuance and update sessions are allowed by the server. See the Maximum session count section in the Mobile Identity Management document for details. If this error consistently occurs when attempting to provision with Identity Agent, there is most likely a network misconfiguration; for example, with the firewall. In this case, the problem is with accessing the ProcessDriver.asmx service. For intermittent occurrence of this error, see section 3.1, Troubleshooting network connectivity. |
Error Code |
IA10007 IA10008 IA10009 IA10010 IA10011 IA10012 IA10013 IA10014 IA10015 |
Text |
SOAP request failed |
Details |
Error Code |
IA10016 |
Text |
SOAP request failed |
Details |
If this error consistently occurs, it may be due to a misconfigured Image Upload Server setting within MyID. Make sure that the value configured in MyID for the Image Upload Server configuration option is resolvable from the server hosting the MyID web services. For more information, see the Configuring the image location section in the Administration Guide. For intermittent occurrence of this error, see section 3.1, Troubleshooting network connectivity. |
Error Code |
IA10017 IA10018 IA10019 IA10020 IA10021 IA10022 IA10023 IA10024 IA10025 IA10026 IA10027 IA10028 IA10029 IA10030 IA10031 IA10032 IA10033 IA10034 |
Text |
SOAP request failed |
Details |
Error Code |
IA10035 |
Text |
SOAP request failed |
Details |
This error has occurred when there has been a failure in the communications to report that a certificate has been collected. If this error consistently occurs when attempting to provision with Identity Agent, there is most likely a network misconfiguration; for example, with the firewall. In this case, the problem is with accessing the ProcessCard.asmx service. |
Error Code |
IA10036 IA10037 IA10038 IA10039 IA10040 IA10041 IA10042 IA10043 IA10044 |
Text |
SOAP request failed |
Details |
Error Code |
IA10046 |
Text |
The root certificate needs to be installed and trusted on the device |
Details |
Your system is configured for HTTPS, but Identity Agent cannot find the root certificate. Make sure that the root certificate is installed and trusted on the device. |
Error Code |
IA12001 |
Text |
Pin Blocked |
Details |
The user's PIN has become blocked. They should follow the unlock workflow for the key store in question. |
Error Code |
IA12002 |
Text |
Decryption failure |
Details |
This error may occur during mobile credential issuance when using the MWS web service when you have the Envelope Transport Key Algorithm is set to AES. To resolve the issue, either configure the system for REST-based mobile provisioning (preferred), or change the Envelope Transport Key Algorithm setting to 3DES. |
Error Code |
IA12011 |
Text |
Failed to install the certificate |
Details |
A likely cause of this error is when the time on the mobile device is set to before the 'enabled from' time of the certificate. Make sure the time on the mobile device is aligned with the time on the server. |
Error Code |
IA14001 IA14002 IA14003 IA14004 IA14005 |
Text |
Failed to open a session to the smart card |
Details |
If the app is intended to be used with a physical smart card, ensure that a card reader is attached to the mobile device and a smart card correctly inserted. |
Error Code |
IA15004 |
Text |
The OTP has been entered incorrectly too many times |
Details |
The user must close the Identity Agent, then click the link in the email to launch the process again. |
Error Code |
IA15005 |
Text |
The provisioning attempt failed due to an incorrect OTP being provided |
Details |
The OTP has been entered incorrectly. The user must attempt to provide the OTP again. |
Error Code |
IA16002 |
Text |
A signing operation has failed |
Details |
The most likely cause of this error is that the time on the mobile device is set to before the time from which the certificate is enabled. In this case, set the time to the correct value, and the issue disappears. |
Error Code |
IA17002 |
Text |
Pin Blocked |
Details |
The user's PIN has become blocked. They should follow the unlock workflow for the key store in question. |
Error Code |
IA17003 |
Text |
One or more certificates not allowed to be stored on this type of storage device. |
Details |
The certificate policy configuration on the MyID server does not have the correct hard or soft storage configuration for the device that is collecting the identity. Amend the certificate policy configuration, or collect the identity on a suitable device. |
Error Code |
IA17004 |
Text |
Failed to write card layout data |
Details |
The MyID Identity Agent app had a problem when writing the card layout information. A reprovision may be attempted after ensuring that the device has permission and access and enough space on the device to store information. |
Error Code |
IA17009 |
Text |
User aborted new pin entry |
Details |
The user canceled the PIN setting dialog during the workflow. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel. |
Error Code |
IA17010 |
Text |
Non-archived certificate request fail |
Details |
A certificate has failed to issue. Ensure that the Certificate Authority is running and has connectivity to the MyID system. Check the certificate policy configuration on the MyID server for the non-archived certificates in the provisioning profile. Look for problems such as invalid key size. If the issue cannot be resolved, contact customer support. |
Error Code |
IA17011 |
Text |
Failed to write certificate |
Details |
Ensure that at least the following versions of Identity Agent are being used: iOS – 3.11 Android – 3.11 Windows – 2.10.1 |
Error Code |
IA17012 |
Text |
The user canceled the dialog |
Details |
The user canceled the dialog during a remote PIN unlock workflow. The user can try again, without canceling the process part way through. |
Error Code |
IA17014 |
Text |
Pin Blocked |
Details |
The user's PIN has become blocked. They should follow the unlock workflow for the key store in question. |
Error Code |
IA17015 |
Text |
Archived certificate creation fail |
Details |
A certificate has failed to issue. Ensure that the Certificate Authority is running and has connectivity to the MyID system. Check the certificate policy configuration on the MyID server for the archived certificates in the provisioning profile. Look for problems such as invalid key size. |
Error Code |
IA17016 |
Text |
Failed to verify user pin |
Details |
The user's PIN could not be verified. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel. |
Error Code |
IA17017 |
Text |
Failed to verify user pin |
Details |
The user's PIN could not be verified. The process must be restarted by the user on their mobile and the PIN setting completed without hitting cancel. |
Error Code |
IA17018 |
Text |
Please check the time on your device is correct and try again. |
Details |
Appears during a provision if there is more than a 10 minute time difference between the mobile device and the MyID web services server. |
Error Code |
IA17019 |
Text |
Please check the time on your device is correct and try again. |
Details |
Appears during a renewal if there is more than a 10 minute time difference between the mobile device and the MyID web services server. |
Error Code |
IA17021 |
Text |
Invalid password algorithm specified. |
Details |
During the online unlock, the replies to the security questions are encoded with a server-specified algorithm. This error occurs when the required algorithm is not supported by the Identity Agent. To address this issue, check whether a newer version of the Identity Agent is available with additional algorithm support. |
Error Code |
IA80003 |
Text |
Problem starting provisioning |
Details |
This error may occur on iOS and Android phones when the job details supplied for a provisioning job are incorrect. Ensure that the supplied server URL matches that of the MyID server. |
Error Code |
IA80010 |
Text |
Problem initializing the key store |
Details |
This error may occur on iOS and Android phones when the SOPIN in MyID does not match the SOPIN on the device. If this is the case, use the Remove Identity function from within Identity Agent on the device and then reissue the identity from MyID. This error may also occur if the Envelope Transport Key Algorithm configuration option (on the Server page of the Security Settings workflow) is not set to 3DES. |
Error Code |
IA80020 |
Text |
The correct OTP was not supplied by the user |
Details |
The user should check that the OTP being used is the one that was communicated to them. If provisioning still cannot be completed then the job should be canceled and a new one raised. |
Error Code |
REST001 |
Text |
The network has failed, please check connectivity |
Details |
The mobile device is unable to connect reliably to the MyID Server. Check the device's Wi-Fi connection is operating normally; alternatively, if using cellular mobile data, check you are not in an area with poor signal reception. |
Error Code |
REST002 |
Text |
The user aborted the operation |
Details |
At some point during provisioning the user selected abort/cancel. If they want to try again, they need to obtain a new provisioning link/QR code for the new attempt. |
Error Code |
REST003 |
Text |
Failed to get authorization |
Details |
Trying to get authorization from the MyID Server to perform a provision has not been granted. Try with a different provisioning link/QR code to see if that fixes the issue. |
Error Code |
REST004 |
Text |
The MyID Server is busy. Please try again later |
Details |
The provision attempt is valid but the MyID Server is too busy at this time to perform the provisioning. Try again later, at a time when there is less load on the server. |
Error Code |
REST005 |
Text |
The information provided in the provisioning link is not valid |
Details |
Acquire a new provisioning link/QR code and attempt to provision with that instead. |
Error Code |
REST006 |
Text |
The URL is malformed |
Details |
The server URL specified in the provisioning link/QR code is not valid. Try with a different provisioning link/QR code to see if that fixes the issue. |
Error Code |
REST007 |
Text |
Unrecoverable error has occurred |
Details |
The framework/app is unable to continue with the provisioning process. Check the logs to see if troubleshooting information is available. This may occur after failing to collect a REST provision using the authenticator app; subsequent attempts to collect the provision fail with this error. As a workaround, you are recommended to set the Issue over Existing Credential option in the credential profile; if the device is already issued to the target user, it is automatically canceled and then the new device issued. This may also occur when issuing a mobile device with MDM restrictions and the MDM system does not recognize the mobile device as valid (for example, it is not registered, or does not have the required MDM attributes). This may also occur when issuing a mobile identity document where the document format has mandatory attributes (for example, a user photograph) that the recipient does not have. Check the audit to determine which attributes are missing. |
Error Code |
REST008 |
Text |
Unrecoverable error has occurred |
Details |
The framework/app is unable to continue with the provisioning process. Check the logs to see if troubleshooting information is available. |