Академический Документы
Профессиональный Документы
Культура Документы
June 2018
Trademark Acknowledgments
Entrust Datacard is a registered trademark and service mark of Entrust Entrust Datacard
Corporation in the United States and other countries.
Entrust is a registered trademark and service mark in the United States and other
countries.
All other product names are the property of their respective owners.
Proprietary Notice
The design and information contained in these materials are protected by US and
international copyright laws.
All drawings and information herein are the property of Entrust Entrust Datacard
Corporation. All unauthorized use and reproduction is prohibited.
ii
Revision Log
Troubleshooting Guide
Entrust Datacard Adaptive Issuance Suite
iii
iv
Contents
Chapter 1: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Audit Trail/Accept Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
DLL Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
System Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Low-level Driver Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
PC/SC Reader Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
SmartWare Reader Board Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
MX Series Reader Board Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
MLOS Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
v
Chapter 1: Error Codes
This chapter lists the error codes returned by the various Adaptive
Issuance™ software components.
Errors
The following sections list the error codes returned by Adaptive Issuance components. Use these
error codes when investigating system issues.
01 The extension application returned an error Refer to the DLLERROR field for details.
code, but the product might be reusable.
A0 Attempted to run a Chip Interface or Data Obtain a certificate from the application
Access application that requires an application developer and register it using
certificate, but a certificate is not registered. Application Manager.
A1 The certificate registered for a Chip Interface Obtain an updated certificate from the
or Data Access application does not match the application developer and use
application. Application Manager to replace the
currently registered certificate.
A2 The certificate registered for a Chip Interface Obtain an updated certificate from the
or Data Access application does not grant application developer and use
rights to run the application in the current Application Manager to replace the
context. For example, this error occurs if the currently registered certificate.
application certificate authorizes instant
issuance, but the application is being run in Contact Entrust Datacard if the
central issuance. application developer cannot be reached
or does not have the capability to
generate a certificate with the required
authorization.
A3 An attempt to check out a license failed See the "Verify Existing License" section
because it has not been verified following of your product's Installation and
upgrade to Adaptive Issuance software. Administration Guide for instructions on
verifying your licenses.
2 Error Codes
Error Description Possible Solution
A4 Application type is not supported. This error Use a supported application, such as
occurs for attempts to run a smart card Datacard® Adaptive Issuance™ EMV Data
application that was developed using older, Prep and Perso Software.
unsupported SDKs in a distributed issuance
environment, such as CardWizard.
C0 Smart card application cannot be run because If running a Chip Interface application,
the coupler is disabled; it is a Chip Interface verify that the smart card module is in
application, but an open coupler; or it is an managed mode. If running an Open Perso
Open Perso application, but a managed application, verify that the smart card
coupler. module is in unmanaged mode. Contact
your Entrust Datacard support
representative if these conditions are
satisfied.
C1 Parsing of SCPM format data failed. The most This error occurs if an application proxy
probable cause is an unrecognized/ used invalid SCPM format data. Verify
unsupported format identifier or an encoding that the input data is correct, the data
error. setup properly selects the smart card
data field, and SCPM format data is not
configured.
C2 An SCPM format data block can be parsed, but This error occurs if an application proxy
contains no smart card subfields (that is, the used invalid SCPM format data. Verify
overall length is zero). that the input data is correct, the data
setup properly selects the smart card
data field, and SCPM format data is not
configured.
C4 Automatic ISO-7816 reset failed. Possibly the If the chip is not ISO-7816 compliant,
chip is faulty or is not ISO-7816 compliant. make sure the reset chip setting is clear in
the product setup and make sure the
FFFFFFEB format identifier is specified (if
using SCPM format data). If the chip is
ISO-7186 compliant, determine if reset
failure is due to a chip problem or a
programming station problem.
C6 A smart card operation could not be started Verify the network connection between
on an Entrust Datacard-managed Adaptive Issuance Suite and the
programming station. programming station. Contact your
Entrust Datacard support representative
if the condition persists.
C9 The master application repository is not valid, Use Adaptive Issuance configuration to
probably because the configured path does verify that the master application
not exist or is not accessible. repository is properly configured. If the
master application repository is remote,
verify that the account configured for the
Datacard Adaptive Issuance
Communicator Controller service has
read access to the remote share.
D0 Extension application not found, or Verify that the extension application has
application not registered. been registered and that the job setups
identify the correct application.
D2 Adaptive Issuance Suite does not recognize Verify that the application is a valid
the format of the extension application. application, or the application is
corrupted.
4 Error Codes
Error Description Possible Solution
D5 An extension application operation has been Use Application Manager to check the
stopped because it did not proceed to the next extension application’s transaction time-
transaction in a period of time. out to ensure that it is sufficient for the
operation being completed. The default
time-out is 30 seconds. If you need more
time, increase the transaction time-out.
D8 Blank application name. Verify that the setups and the data file
have an extension application name or
that the equipment setups are correct.
DD Insufficient or invalid licensing information Verify that the Adaptive Issuance server is
connected to the appropriate license
server and that sufficient licenses are
installed.
DE Server Communicator timed out while waiting Contact your Entrust Datacard support
for a response from Host Communicator or representative.
Object Communicator.
DF An extension application could not be run Only Chip Interface applications can be
because the application type is not allowed for run on non-EDL machines.
a non-EDL machine.
E4 Failed to gain access to the key reader devices You might need more resources, or to
assigned to the virtual dedicated key card disable some programming stations.
resource (ETBP).
E8 The Host Communicator process unexpectedly Contact your Entrust Datacard support
terminated during handling of an operation. representative.
When E8 is returned, all subsequent
invocations of application instances active
during the termination result in accept code
EA.
EA The invoked function cannot be performed Contact your Entrust Datacard support
because the Host or Object Communicator representative.
process that hosts the application instance has
terminated unexpectedly. (Note that E8 or E9
is returned for functions active when the
application host terminates, and EA is
returned for functions invoked after the
termination.)
6 Error Codes
Error Description Possible Solution
ED The input data fields configured for a data Use Application Manager to re-register
access product operation do not match those the extension application, and review
declared by the application. your machine setups to verify that they
match the application properties.
EF The data access Communicator process Contact your Entrust Datacard support
unexpectedly terminated during handling of representative.
an operation. When EF is returned, then all
subsequent invocations of application
instances active during the termination result
in accept code EA.
FD A non-ASCII character was returned in the DLL Correct the extension application so that
error code. the DLL error codes it returns contain
only ASCII codes 0x20 - 0x7E.
FF The extension application returned an error Check the DLLERROR field for more
code. The operation failed and the product details.
might not be reusable.
ERROR Used for all errors returned by Communicator Refer to the actual accept code.
with the exception of E3.
Codes detected by the APM/SCPM standard application template return DLL errors in Snnnn
format where nnnn represent the last 2 bytes of the System error codes. The error codes are
defined in “System Error Codes” on page 8.
8 Error Codes
When reported in the trace log, event log, or user interface, errors are often formatted in one of
the following ways:
[xxxx-xxxxxxxx] [4004-41430008] In this form, the first four-digit value is the hexadecimal error
code (0x4004 in the example). This is followed by an eight-
character “support code” which can be used by Entrust
Datacard support engineers to diagnose a problem. When
reporting a problem, be sure to provide the full error and
support code when available.
[xxxx] [4004] This form provides the hexadecimal error code without a
support code.
0x0000xxxx 0x00004004 or This form provides the hexadecimal error code without a
0x4004 support code.
The system error codes are listed in the following table. In many cases, specific diagnostic
information is included in the trace log when an error is recorded.
0x0001 Time-out occurred while waiting for a Error condition at the programming
response from a smart card programming station.
station. Network communication error.
The time-out specified by the extension
application is too short.
0x0002 Time-out occurred while waiting to obtain The time-out specified by the extension
access to a resource. application is too short.
0x0090 The requested object was not found in the No object matches the search criteria
database. specified in the query.
0x0092 The requested database object has An object matches the search criteria
expired. specified in a query, but the expiration
date has passed.
If appropriate, use General Object
Loader to update the expiration date of a
general object.
0x0094 The value of a database object query field Correct the query values.
is invalid.
0x0095 The value of a date field is invalid. Dates in database queries must be in the
YYYYMMDD format.
0x0096 Object insert failed because it already One or more object values specified in
exists in the database. the insert violates a unique key
restriction.
0x00A0 An error prevented access to the database. Contact your Entrust Datacard support
representative.
0x00A2 A database query returned multiple Refine the query values so that only one
objects when only one was expected. database object matches.
0x00A3 An internal error prevented access to a Contact your Entrust Datacard support
database table. representative.
0x00A4 The database experienced a memory Contact your Entrust Datacard support
allocation error. representative.
0x00A5 The key number field of a general object is The key number must be an integer >= 0.
invalid.
0x00A6 The value field of a general object is empty. When inserting a general object, the
value field cannot be empty (null).
0x00A7 A key number is required but was not Modify the database request to include a
supplied. key number.
0x00AB The record version provided in a database Indicates that the database object has
query does not match the actual record changed since it was queried.
version.
0x00AE A database connection lock could not be This might indicate that too few
acquired. database connections exist for the
number of clients or level of activity.
0x00AF No query information was provided in a Modify the query to set one or more
request for an object. query field values.
0x00DF An attempt to set a configuration property Contact your Entrust Datacard support
value failed. representative.
10 Error Codes
Error Code Description Possible Cause or Solution
0x00F0 The database could not be accessed due to Consult “Problem Resolution” on
a communication problem. page 33 to resolve database
communication issues.
0x00F2 A database record could not be accessed Only one database client can modify a
because it is locked. record at one time.
0x00F5 A database query failed due to an invalid Contact your Entrust Datacard support
SQL expression. representative.
0x0100 Invalid handle passed to an API method. Must be corrected in the extension
application code.
0x0103 An attempt was made to update a general Must be corrected in the extension
object without having first retrieved it. application code.
0x0109 Unable to connect to Resource Controller. Verify that the Datacard Adaptive
Issuance Resource Controller service is
running. Also, refer to the Problem
Resolution section of this document.
0x010A The configuration file cannot be found. The configuration file does not exist at
the expected location, or the logged in
user does not have rights to access the
configuration file.
Normally the configuration file path is
specified by the SCS_CONFIG_FILE
environment variable.
0x010C The command line arguments supplied to Refer to the user documentation for a
the program are invalid. description of the valid command line
arguments.
0x010D Thread could not be started due to a This error might be caused by lack of
system error. system resources, such as memory.
Contact your Entrust Datacard support
representative for assistance.
0x010E A TCP/IP server could not be started. Contact your Entrust Datacard support
representative.
0x010F An attempt to connect to License Server Verify that the network configuration
failed. correctly addresses your license server.
Run NetConfig to test the license server
connection.
0x0110 The connection to License Server was Verify that License Server is started and
unexpectedly closed. is not reporting errors, and verify that
the network connection to License
Server.
0x0112 A time-out occurred in a job enable This might be an error caused by the job
application. enable application. Verify that the job
enable application is functioning
properly. Contact your Entrust Datacard
support representative for further
assistance.
12 Error Codes
Error Code Description Possible Cause or Solution
0x0114 The requested modular interface is not The personalization system supports an
supported. older modular interface version than is
supported by the installed Adaptive
Issuance software. The personalization
system must be upgraded if the
requested modular interface version is
required.
0x0115 The specified message is not supported by The installed Adaptive Issuance software
this connection. supports an older modular interface
version than is supported by the
personalization system. Adaptive
Issuance Suite must be upgraded if the
requested moduler interface version is
required.
0x1000 A key card or HSM resource name is This error occurs if an extension
unknown. application tries to use a key card or HSM
that has not been declared in its
manifest, or has not been configured for
use with the current application
instance.
0x1001 An invalid Vcc value was passed to an API Must be corrected in the extension
method. application code.
0x1005 Invalid APDU passed to an API method. The APDU format does not correspond
to the specified case. Must be corrected
in the extension application code.
0x1006 Invalid accept code passed to an API Must be corrected in the extension
method. application code.
0x100B An unexpected error condition was Contact your Entrust Datacard support
encountered. representative.
0x100C The execution thread has been stopped. Communicator is stopped while an
operation is active.
0x1011 Invalid APDU passed to an API method. The APDU format does not correspond
to the specified case. Must be corrected
in the extension application code.
0x1012 Smart card coupler timed out while Possibly due to a bad chip.
waiting for a response from the chip or For contactless, verify that the power
from the serial port. level is appropriate for the chip and the
antenna has been tuned.
0x1013 A communication message does not Verify the compatibility of the installed
conform to internal expectations. machine software components and
Adaptive Issuance Suite. Contact Entrust
Datacard support.
14 Error Codes
Error Code Description Possible Cause or Solution
0x1015 API method is available only during Must be corrected in the extension
initialization. application code.
0x1036 An attempt to get a global value as a string Must be corrected in the extension
or integer failed because the actual type is application code.
a byte collection.
0x1047 Invalid station number passed to an API Station number must be between 1 and
method. the number of stations in the module.
Must be corrected in the extension
application code.
0x1048 Smart card coupler driver returned a low- Consult the Low-Level Error Codes
level error code. The actual error is section of this document.
specified by the driver response code.
0x1049 Invalid Vpp passed to an API method. Must be corrected in the extension
application code.
0x104A An invalid attribute value was passed to an Must be corrected in the extension
API method. application code.
16 Error Codes
Error Code Description Possible Cause or Solution
0x104C The smart card coupler does not support Verify that the operation is assigned to
the capability required to perform the the intended smart card module. Verify
requested action. that the module is properly configured.
0x2000 Out of memory error. Verify that the system resources meet
the minimum requirements.
0x2001 The requested function is not Contact your Entrust Datacard support
implemented. representative.
0x2103 An attempt to access a key card or HSM Modify the setups to assign a device to
resource failed because a physical device is the resource.
not configured.
0x2111 Unable to connect to or send data to a Verify that the physical device is
physical device associated with a logical functional and properly configured for
resource. use. For a key reader, verify that the key
card is properly coupled and is
responsive.
0x2124 A key reader has returned an error Verify that the key reader is properly
response to a command. configured and is running compatible
system components.
0x2125 Attempt to use dedicated key reader when Modify the setups to assign key reader
not present. device(s) to the ETBP resource.
0x2203 An unexpected internal error prevented Contact your Entrust Datacard support
access to a key card or HSM resource. representative.
0x2204 A time-out occurred while waiting for a Error condition at the key reader or HSM.
response from a key reader or HSM. Network communication error.
The time-out specified by the extension
application is too short.
0x2301 Command cannot be buffered because it is The maximum buffer size varies by
longer than the remaining available coupler type.
command buffer space. Must be corrected in the extension
application code.
18 Error Codes
Error Code Description Possible Cause or Solution
0x2302 Invalid index number passed to an API Must be corrected in the extension
method for retrieving bulk command application code.
response.
0x2305 The chip subtype passed to an API method Verify that the operation is assigned to
is either invalid for the particular method the intended smart card module. Verify
or is not supported by the smart card that the module is properly configured.
coupler. Might require a correction to the
extension application code.
0x2306 Command requires chip type MIFARE. Must be corrected in the extension
application code.
0x2307 Command requires chip type FeliCa.
0x230A The actual response to a buffered This error occurs when a buffered (bulk)
command does not match the expected command specifies an expected
response. response, but the actual response is
different. Examine the actual response
for information about the failure.
0x2404 Too little data supplied for the command. Must be corrected in the extension
application code.
0x2405 Too much data supplied for the command. Must be corrected in the extension
application code.
0x2406 A memory chip operation could not be The wrong command interpreter is
performed. loaded at the programming station, or
the requested operation is not
supported for the selected chip type.
0x240C The machine returned an error to the Examine the error details for the
calling API method. machine-specific error information.
Consult the machine documentation for
an explanation of the error.
0x240D Operation could not be performed because The machine is not connected, the
the required machine connection does not required service class is not properly
exist. initialized, or a license might be required.
0x240E Machine did not respond to a message Indicates that the machine has become
within the expected time. unresponsive; there is a network
communication issue, or too many
messages are queued.
0x240F Operation failed because initialization did Indicates that an initialization sequence
not occur properly. did not complete properly. Ensure that
the extension application is being
properly initialized.
0x2412 The requested feature is not supported. The extension application has attempted
to use a feature that is not supported by
the installed version of Adaptive
Issuance software, or the personalization
system. The system must be updated if
the feature is required.
0x2413 The requested information is not available. The extension application has requested
chip information that is not available
from the smart card programming
station. This happens if the programming
station does not support this feature or if
it is not applicable to the selected chip
type.
20 Error Codes
Error Code Description Possible Cause or Solution
0x2800 Time-out occurred while waiting for a It is possible that the process did start,
Communicator process to signal that it has but it took longer than expected. If
started. Communicator Status shows that the
process is running, increase the start up
time-out configuration setting.
Otherwise, contact your Entrust
Datacard support representative.
0x2801 An error occurred while attempting to start Contact your Entrust Datacard support
a Communicator process. representative.
0x2802 Time-out occurred while waiting for a It is possible that the process did stop,
Communicator process to stop. but it took longer than expected. If
Communicator Status shows that the
process is not running, increase the stop
time-out configuration setting.
Otherwise, manually stop the process by
using the Windows Task Manager.
0x2803 An error occurred while attempting to stop Contact your Entrust Datacard support
a Communicator process. representative.
0x2804 Execution of an extension application entry This error is associated with return of a
point failed. non-zero accept code. Analyze the
specific accept code and additional error
information to determine the nature of
the error.
0x280D An attempt was made to cache data using Contact your Entrust Datacard support
a key value already in use. representative.
0x280F Multiple machines share the same name Each machine served by a single
or IP address. Communicator must be uniquely named,
and each machine must have a unique IP
address.
0x2811 A job enable application is not running and The system configuration settings specify
the system is configured to require a job whether or not a job enable application
enable application to execute production is required. This error occurs if a job
runs. enable application is required, but is not
currently running or is not connected.
0x2812 An action could not be performed because Contact your Entrust Datacard support
a production run is not currently active for representative.
the machine.
0x2813 An application instance has been disabled An application instance is disabled when
and no data caching or chip processing it throws an unhandled exception (E3
operation can be performed. accept code). No data caching or chip
operations are performed for a disabled
application instance.
0x2814 The connection to a programming station This is an abnormal error that indicates a
was closed while handling a smart card system issue, such as a time-out
operation. condition or a network failure.
0x2815 An extension application thread could not In case of this error, it might be
be aborted. necessary to use Communicator Status
to stop and restart Communicator. Make
sure that all jobs are stopped before
stopping Communicator.
0x2817 An extension application returned an error This error code is used for extension
from the PostProcess entry point. application types where termination
status is not returned to the controller,
such as data access applications. Consult
the application documentation or
developer for information about the
error returned by the application.
22 Error Codes
Error Code Description Possible Cause or Solution
0x4000 The application repository does not exist. Verify that the InstallDir configuration
setting accurately indicates the
installation folder, and that the
application repository exists at that
location. If a remote repository is used,
verify that the MasterAppRepositoryPath
configuration accurately identifies its
location.
0x4001 Application ID does not exist in the If recorded during execution of a job, this
application repository. indicates that the application ID
identified by the job setups does not
correspond to any registered extension
application.
If this error occurs while using
Application Manager, Contact your
Entrust Datacard support representative.
0x4002 Application ID already exists in the Each registered application must have a
application repository. unique application ID.
0x4003 Device ID does not exist in the device If this error occurs while using
catalog. Application Manager to configure an
application, delete and re-register the
application.
If this error occurs during execution of a
job, Contact your Entrust Datacard
support representative.
0x4005 Application resource does not exist. This error might occur if an extension
application changes its resource
declarations, and the application DLL is
updated in the application repository
without re-registering. To correct the
error, use Application Manager to delete
and re-register the application.
0x4006 Device address already exists in the device Each IP-addressable device in the device
catalog. catalog must have a unique IP
address:port. Each PC/SC reader in the
device catalog must have a unique host
name:reader name. This prevents the
same physical device from being
cataloged multiple times.
0x4007 Device name already exists in the device Each device in the device catalog must
catalog. have a unique name.
Not all PC/SC readers work with a particular product. It is possible that the chip and
the PC/SC reader are not compatible.
0x88 Destination is invalid for the Contact your Entrust Datacard support
product type or hardware type. representative.
0x89 Data could not be decoded. Contact your Entrust Datacard support
representative.
24 Error Codes
Error Code Description Possible Explanation/Resolution
0x90 Unexpected data was received Check that the chip is compatible with the
from the chip. application.
Contact your Entrust Datacard support
representative.
0x91 The requested operation is not Returned for commands that are not supported
supported. by PC/SC readers.
0xF0000000 Incomplete response from reader Verify that the contactless PC/SC reader is
command. functioning normally.
0xF0000001 Block number is too great, or key Fix the application to either load a longer key set,
length is insufficient. or to authenticate with only lower block
numbers.
0xF0000002 Did not receive 16 data bytes When the card type is MIFARE and the reader
expected for pending write. receives a \xA0\xnn command, it expects the next
“command” to be the 16 bytes of data to be
written to block nn. Change the application to
comply with this expectation.
0xF0000003 Invalid or unsupported command When the card type is MIFARE, the only
received. commands supported are write (\xA0\xnn), read
(\x30\xnn), and the 16-byte data block following
a write command. Change the application to send
only those commands.
0xF0000004 Keys have not been set. Change the application to call
ScpmMifareLoadKey before calling
ScpmMifareAuthenticate.
0xF100xxxx The contactless reader returned Check for chip compatibility with the reader.
status word xxxx indicating an Make sure the type of contactless chip matches
error. what the application is expecting.
In addition, Adaptive Issuance Suite returns the “native” 4-byte PC/SC error code. Contact your
PC/SC reader manufacturer for the meaning of error codes returned.
SmartWare Reader Board Errors
The following table lists the low-level error codes returned by the Adaptive Issuance interface to
the SmartWare readers used as programming stations or key readers.
0x45 Driver error When a 1.x application calls a command and a low-
(69) level error is returned as a number that is larger
than 255, 0x45 is returned and the actual low-level
error is recorded in the Adaptive Issuance event
log.
0x352A Command format not valid Possible software version mismatch. Contact your
(13610) Entrust Datacard support representative with the
Adaptive Issuance trace file.
0x352B Command not valid
(13611)
0x3552 Checksum not valid Possible software version mismatch. Contact your
(13650) Entrust Datacard support representative with the
Adaptive Issuance trace file.
26 Error Codes
Error Description Possible Solution
0x3571 Fatal internal error Unexpected system failure occurred. Contact your
(13681) Entrust Datacard support representative.
0x3572 Format ID is not valid or is not Possible software version mismatch. Contact your
(13682) supported Entrust Datacard support representative with the
Adaptive Issuance trace file.
0x3573 Invalid contactless tune value Use valid Tune value supported by station
(13683) hardware.
0x3574 Invalid contactless power Use valid Power value supported by station
(13684) value hardware.
0x3575 Get pass through mode failed Possible software version mismatch. Contact your
(13685) Entrust Datacard support representative with the
Adaptive Issuance trace file.
0x3577 Coupler not configured Coupler not initialized properly. Contact your
(13687) Entrust Datacard support representative.
0x3578 Diag Not Initialized Coupler not initialized properly. Contact your
(13688) Entrust Datacard support representative.
28 Error Codes
Error Description Possible Solution
0x3390 855t to w77e58 fifo checksum error Contact your Entrust Datacard support
(13200) representative.
0x345A Low level FIFO checksum error Contact your Entrust Datacard support
(13402) representative.
0x345D Unknown first byte in ATR Possible product or system hardware failure.
(13405)
0x345E T=1 ATR checksum problem Contact your Entrust Datacard support
(13406) representative.
30 Error Codes
Error Description Possible Solution
0x357F Coupler hardware type is not defined Contact your Entrust Datacard support
(13695) representative.
32 Error Codes
Chapter 2: Problem
Resolution
Troubleshooting Tools
Adaptive Issuance software and the Software Development Kits (SDKs) include a number of
features to help you isolate problems in your development and production environments.
Trace Viewer
Trace Viewer lets you work with diagnostic trace information recorded by various Adaptive
Issuance components. This option is useful for debugging and testing.
Adaptive Issuance Suite Help contains more information about Trace Viewer, including
descriptions of the various options available when using this feature.
Event Log
Adaptive Issuance Administrator keeps a log of all events in the system. If you contact your
Entrust Datacard support representative, you might be asked to send a copy of the event log.
Follow this procedure:
1. Select Start > All Programs > Datacard > Adaptive Issuance Suite> Administrator. The
Administrator window opens.
2. Select File > Export All Events to File. A Save As dialog box displays.
3. Navigate to the location where you want the log saved, enter a file name, and then click Save.
The log is saved as you specified.
Adaptive Issuance Help contains more information about the event log, including procedures for
filtering the events that are displayed, and for deleting old events.
When installing Key Manager software, the Click Cancel to stop the installation. Uninstall the
following message displays: existing version. Restart the computer and run the
Service ‘<service name>’ could not be installed. installation program.
Verify that you have sufficient privileges to
install system services.
Key Manager Home page (Token Explorer) is Select other pages, and then return to the Home
blank. page.
0x000000D1 - CKR_TEMPLATE_INCONSISTENT Possible Cause: A usage has been defined that is not
allowed by a template, such as one defined by an
Unwrap mask.
34 Problem Resolution
Problem Suggested Solution
0xC000000B - CKR_WEAK_PIN_LIST_NOT_ Make sure that the desired weak PIN list is created
FOUND and identified appropriately.
0xC0000017 - CKR_EKS_PERMISSION_DENIED Make sure that the database for Key Manager
software has been created.
Make sure that the Key Manager Server and HSM
Server services have appropriate permissions to
access the database.
0xC0000018 - CKR_EKS_DATA_ACCESS_ Make sure that the correct SQL Server instance is
RESOURCE_FAILS running and reachable from the HSM Server service.
0xC000001B - CKR_EKS_EMPTY_RESULT_ Make sure that all cryptographic objects that have
DATA_ACCESS been referenced are created with the necessary
identifying attributes.
0xC0000044 - CKR_MDR_INVALID_HSM_INDEX
0xC0000046 - CKR_MDR_INSUFFICIENT_
RESOURCES
0xC0000048 - CKR_MDR_OPERATION_
CANCELLED
0xC0000049 - CKR_MDR_HSM_RESET
0xC000004B - CKR_MDR_UNSUCCESSFUL
0xC000004C - CKR_MDR_INTERNAL_ERROR
0xC000004D - CKR_MDR_OPERATION_NOT_
ALLOWED
0xC0000050 - CKR_FM_MSG_CMD_ERROR Make sure that the firmware version on the HSM is
compatible with the version of HSM Server
installed.
If developing or running a custom application that
uses HSM Client, examine failing commands for
potential inconsistencies.
0xC0000051 - CKR_FM_MSG_RSP_ERROR Make sure that the firmware version on the HSM is
compatible with the version of HSM Server
installed.
If developing or running a custom application that
uses HSM Client, examine failing commands for
potential inconsistencies.
36 Problem Resolution
Problem Suggested Solution
0xC0000057 - CKR_SLOT_DATA_ERROR Restart the HSM Server service. If the error persists,
reset the HSM.
0xC0000059 - CKR_DMKID_INVALID Make sure that all HSMs that are registered to Key
Manager software have the correct DMK under
which the cryptographic objects in the database are
encrypted. If errors persist, contact Entrust
Datacard Support.
0xC0000103 - CKR_GRID_INIT_ERROR Make sure that all properties are correct in the
configuration files listed below.
C:\ProgramData\Datacard\Adaptive Issuance
Suite\Key Manager\HSM Server\hsm-
service.properties
C:\ProgramData\Datacard\Adaptive Issuance
Suite\Key Manager\keymanager.ini
Make sure that the correct database instance is
accessible from HSM Server service. If the error
persists, run the Key Manager installer and choose
the repair option to ensure that all dependencies
are appropriately placed and configured.
0xC0000105 - CKR_ADAPTER_INIT_ERROR Make sure that the HSM is working and reachable
from HSM Server.
If an HSM registration entry exists in Key Manager,
delete it and reregister the HSM.
Run the Key Manager installer and choose the repair
option to make sure that all dependencies are
appropriately placed and configured.
0xC0000108 - CKR_ADAPTER_THROWABLE_ Search the HSM Server log for a stack trace
ERROR containing the CKR_ADAPTER_THROWABLE_ERROR
error code. It should contain a reference to the
underlying exception that was thrown.
0xC0000109 - CKR_FM_SOFT_DLL_ERROR Make sure that HSM Server has access to the <AIS_
KMS_HOME>\jni\ directory. Run the Key Manager
installer and choose the repair option to ensure that
all dependencies are appropriately placed and
configured.
38 Problem Resolution
Problem Suggested Solution
0xC0003000 - CKR_HSM_CLIENT_HTTP_400_ Make sure that the version of HSM Client in use is
BAD_REQUEST compatible with the version of HSM Server that is
0xC0003001 - CKR_HSM_CLIENT_HTTP_401_ installed.
UNAUTHORIZED Make sure that HSM Client is configured to reach
the desired HSM Server, and that the desired HSM
0xC0003002 - CKR_HSM_CLIENT_HTTP_403_
Server is reachable.
FORBIDDEN
If developing or running a custom application that
0xC0003003 - CKR_HSM_CLIENT_HTTP_404_ uses HSM Client, examine failing commands for
NOT_FOUND potential inconsistencies.
0xC0003004 - CKR_HSM_CLIENT_HTTP_408_
REQUEST_TIMEOUT
0xC0003005 - CKR_HSM_CLIENT_HTTP_500_ Make sure that HSM Server is configured correctly
INTERNAL_SERVER_ERROR and running. If a specific operation is failing, check
0xC0003006 - CKR_HSM_CLIENT_HTTP_502_ the HSM Server log for errors that may correspond.
Restarting the HSM Server service might help to
BAD_GATEWAY
alleviate any errors. If developing or running a
0xC0003007 - CKR_HSM_CLIENT_HTTP_503_ custom application that uses HSM Client, examine
SERVICE_UNAVAILABLE failing commands for potential inconsistencies.
0xC0003008 - CKR_HSM_CLIENT_HTTP_504_
GATEWAY_TIMEOUT
0xC0003009 - CKR_HSM_CLIENT_HTTP_ See actions for CKR_HSM_CLIENT_HTTP… error
DEFAULT codes.
0xC0003012 - CKR_HSM_CLIENT_INVALID_ Make sure that the version of HSM Client in use is
PROTOBUFF_ERROR compatible with the version of HSM Server that is
0xC0003014 - CKR_HSM_CLIENT_INVALID_ installed. If developing or running a custom
application that uses HSM Client, examine failing
PROTOBUF_MSG_ERROR
commands for potential inconsistencies.
When attempting to start Configuration Possible Cause: You must be a member of the ADP_
Manager, the error message “Unauthorized Administrator, ADP_Supervisor, or ADP_Operator
Access – You are not authorized to run group, or running as Administrator to run
Configuration Manager” displays. Configuration Manager.
When attempting to import files, the following Possible Cause: You are using a named instance of
error message is returned: “java.SQLException: SQL Server and the SQL Server Browser service is
Unable to get information from SQL Server: not running. For example, your SQL Server instance
ComputerName” name is ComputerName\SQLEXPRESS.
40 Problem Resolution
Problem:
When attempting to import a script, the error “Error occurred during insert/update of profile”
displays and/or when attempting to create a profile, Blank or Database error
If the error occurs when importing a script, the Windows Event Viewer under shows: Unexpected
error occurred: System.Exception: Error occurred during insert/update of profile: Profile:
profile oid: Oid: 0x2B0601040181900D88100501
profile type: Key
Possible Cause: TCP/IP is not enabled in Protocols for SQL Server 20xx Network Configuration and
Client Protocols.
1. Select Start > Programs > Microsoft SQL Server 20xx > Configuration Tools > SQL Server
Configuration Manager.
2. Expand SQL Server 20xx Network Configuration and Protocols for <your SQL instance>.
4. Expand SQL Native Client Configuration, enable TCP/IP, and make it first in Order.
42 Problem Resolution
Profiles and Scripting Problems
Problem Suggested Solution
Fail to locate Key [Issuer_PK, 424777, 01] Possible Cause: The key Name, Owner, or Version
was entered incorrectly in the Key Manager
Software.
com. Datacard.pkcs.pkcs11.wrapper Possible Cause: The key usage in the Key Manager
.PKCS11Exception: 0x00000068 - CKR_KEY_ Software might not allow the requested action to be
FUNCTION_NOT_PERMITTED performed.
com. Datacard.pkcs.pkcs11.wrapper Possible Cause: The GP key profile for a key might
.PKCS11Exception: 0x00000013 - CKR_ not allow the requested action to be performed.
ATTRIBUTE_VALUE_INVALID
Possible Solution: Modify the key profile to allow
the required usage and reload the key profile using
Configuration Manager.
Card fails: If using the Chip Interface Simulator, Check the Windows Event Viewer under
an error message displays. If using a high- Datacard Affina for errors.
capacity personalization system, an error dialog
box displays if your system is so configured.
Possible Cause: If the message in Event Viewer is:
Failed to Load Object <nnnnnnnn>, then Object
<nnnnnnnn> is missing from Configuration Manager
or specified incorrectly in the Data Setup Script
constant.
Job fails to run Check the Windows Event Viewer under Datacard
Affina for errors.
Possible Cause: If the message in Event Viewer is:
Failed to locate Key (Key name), then the (Key name)
listed is not in Key Manager Software.
Possible Solution: Add the missing key to Key
Manager Software. Refer to procedures for
importing and generating keys in the Key Manager
Help.
Problem Scenarios
Installation and Upgrading Issues
Problem Suggested Solution
When upgrading from SCPM 1.x, application Before upgrading, ensure that any application
configurations that have no assigned devices configurations that you want to convert have
might not be properly converted to work with devices assigned.
Adaptive Issuance Suite.
44 Problem Resolution
Failed Consistency Check
Problem Suggested Solution
In some cases, encrypted key values entered as Verify that the encrypted key value is entered in the
general objects are invalid if the ASCII encoded correct case.
hex value contains lowercase letters. For
example:
01AB...EF would be valid, but
01ab...ef would be invalid
An invalid key fails the consistency check.
Server Communicator process constantly uses Verify that Microsoft .NET Framework Version 4.0
100% of the CPU. SP2 or later is installed. An installer is included in the
dotnetfx folder of your Adaptive Issuance
installation disk.
The Datacard Adaptive Issuance PC/SC Key Verify that the Smart Card service is enabled and is
Reader Server service or the Datacard Adaptive configured to start automatically.
Issuance Communicator Controller service or
both services fail to start.
Object Communicator reports the error, Possible Cause: This problem occurs if Object
“Socket duplication failed with error code Communicator is manually started (that is, not
0x272608.” started using Communicator Status) and the logged-
in user is different than the user configured for the
Datacard Adaptive Issuance Communicator
Controller service.
Possible Solution: Start Communicator using
Communicator Status or change the Datacard
Adaptive Issuance Communicator Controller service
properties to use the same user account as used to
run Object Communicator.
Throughput Issue
Problem Suggested Solution
Throughput is lower than required. Under heavy load, tracing of transactions might
reduce throughput. Use the Trace Viewer's Edit
Settings function to turn off transaction tracing.
A job enable application is not getting machine Examine the Communicator Status to determine if
or job state changes from the machine, but the Job Enable licenses are available. If so, initiate a “List
Controller is running. Machines” type command from the job enable
application, request a license from License Server,
after which the machine is reported.
If Communicator Status indicates no licenses are
available, verify that you have installed a Job Enable
license on License Server and that License Server is
connected and working properly.
46 Problem Resolution
DRM Does Not Start
Problem Suggested Solution
DRM does not start. The sysconfig.ini file does Edit the sysconfig.ini file to add the instance name.
not have an instance name identified. Save the file and restart the Datacard Adaptive
Issuance services.
1 While trying to run General Object Loader, Most likely, the remote Database Server name
Adaptive Issuance Suite Administrator, or that was entered in Adaptive Issuance Suite
another extension application, you receive Configuration is not available or not found.
the message “The DRM Server is not Check Adaptive Issuance Suite Configuration to
available” (0x00010003). make sure the configuration is correct. Ping the
When attempting to open an Adaptive Database Server (using the computer name
Issuance application, an error message with defined in Adaptive Issuance Suite
error code 0x00010003 is displayed. Configuration) to verify that it exists and can be
seen by the Adaptive Issuance Suite Server.
Other possibilities:
Windows Firewall is blocking DCOM traffic. On
the Database Server, go to Adaptive Issuance
Suite Configuration and click Enable DCOM.
Another Firewall is blocking DCOM. Manually
enable DCOM (Port 135) and allow
SCPMDRMService.exe and
ObjectCommunicator.exe.
2 While trying to run General Object Loader, Check the Event Viewer on Database Server for
Adaptive Issuance Suite Administrator, or messages. Compare what you find in Event
another extension application, you receive Server to 2A, 2B, 2C, and 2D of this table for
the message “DRM failed to initialize: Access resolution paths.
to the DRM server was denied; it might not
be installed correctly; group ‘Everyone’ not
given COM access permissions”
(0x00010009).
2A If you received the error message in (2) Verify that you have entered a valid Database
and the Event Server contains no new Server name in Adaptive Issuance Suite
messages; Configuration on the Adaptive Issuance server PC.
-or- Make sure that the Adaptive Issuance server user is
The Event Server contains either of the also a valid user on the database server with the
following two messages: same password.
The machine wide limit settings do not
grant Remote Access permission for COM
Server applications to the user NT
AUTHORITY\ANONYMOUS LOGON SID
(…). This security permission can be
modified using the Component Services
administrative tool.
-or-
The machine-default permission settings
do not grant Remote Activation
permission for the COM Server
application with CLSID {16CBBE9D-E79B-
459A-B23E-8AD8EF59FA4C} to the user
NT AUTHORITY\ANONYMOUS LOGON
SID (…). This security permission can be
modified using the Component Services
administrative tool.
2B If you received the error message in (2) The Database Server has not been set up to accept
and the Event Server contains the the DCOM connection from a remote user. On the
following messages: database server, run dcomcnfg.exe to verify that
The machine wide limit settings do not DCOM is enabled in the Default Properties tab.
grant Remote Access permission for COM Follow the Set Up User Permissions for DCOM
Server applications to the user DCC6764\ procedure in the Adaptive Issuance Suite
<user> SID (…). This security permission Installation and Configuration Guide to allow
can be modified using the Component access for <user> remote users.
Services administrative tool.
48 Problem Resolution
# Problem Suggested Solution(s)
2C While trying to run General Object The Database Server has not been set up to accept
Loader, Adaptive Issuance Suite the DCOM connection from a remote user. This
Administrator, or another extension security permission can be modified using the
application, you receive the message Component Services administrative tool. Refer to
“DRM failed to initialize: Access to the “Configure the Database Server” in the Datacard
DRM server was denied; it might not be Installation and Administration Guide for your
installed correctly; group ‘Everyone’ not product.
given COM access permissions”
(0x00010009).
Message in Event Viewer on Database
Server:
The machine wide limit settings do not
grant Remote Access permission for COM
Server applications to the user
<computer name>\<user> SID (…).
2D While trying to run Adaptive Issuance Add the database server’s computer name and IP
Suite Administrator or another extension address to the server’s host file.
application, you receive the message
“Database Resource Manager (DRM) on
remote server <servername> failed to
initialize. DRM Error: The DRM server is
unavailable (1722): 0x0001003.
DRM errors occur if the Adaptive
Issuance server PC is not able to resolve
the name of the computer entered for
the database server in Adaptive Issuance
Suite Configuration.
2E A DRM error similar to the following Ensure that any enabled NIC on the Adaptive
occurs for running various extension Issuance PC that is set up to use a DHCP IP address
applications: is correctly connected to the DHCP server and then
“General network error in the connection restart the system.
between the ODBC driver and the DB
server: 0x000000F5”.
This problem is believed to be caused
when a DHCP assigned address for a NIC
on the Adaptive Issuance PC is not
assigned correctly.
3 The Resource Controller or Object If no message occurs in the event viewer, verify that
Communicator services do not start or you have entered a valid Database Server name in
do not stay running on your Adaptive Adaptive Issuance Suite Configuration on the
Issuance server, and/or you receive Adaptive Issuance server PC. Run Adaptive Issuance
either of the following messages in Event Suite Administrator to get more error information.
Viewer on the database server: Otherwise:
The machine-default permission settings The Database Server has not been set up to accept
do not grant Remote Activation the DCOM connection from a remote user. On the
permission for the COM Server database server, run dcomcnfg.exe to verify that
application with CLSID {16CBBE9D-E79B- DCOM is enabled in the Default Properties tab.
459A-B23E-8AD8EF59FA4C} to the user Follow the Set Up User Permissions for DCOM
NT AUTHORITY\ANONYMOUS LOGON procedure in the Adaptive Issuance Suite
SID (S-1-5-7). This security permission Installation and Configuration Guide to allow
can be modified using the Component access for remote users.
Services administrative tool. If it still fails:
-or- Click the Security tab and set the Launch and
Message in event viewer on Database Activation Permissions and Access Permissions to
Server: allow Anonymous Logon remote access to the
The machine wide limit settings do not component.
grant Remote Access permission for COM
Server applications to the user NT
AUTHORITY\ANONYMOUS LOGON SID
(...). This security permission can be
modified using the Component Services
administrative tool.
4 The following error message displays If the Windows Firewall on the Database Server is
when using the Group Membership enabled, check to make sure that the “File and
button from Adaptive Issuance Suite Printer Sharing” exception is enabled.
Administrator on an Adaptive Issuance Verify that the user name and password on the
server PC: database PC matches the logged on user on the
Unable to retrieve your group remote PC.
membership on remote server Verify that the logged on user is a member of the
‘<computer name>’. Please check Group Windows Administrators users group.
Membership on the remote server. Error:
The network path was not found.
5 The following error message displays: From Microsoft SQL Server Management Studio,
KMS error on “Connect to Database...”, right-click Properties, go to Security, and then
Unable to get database connection.” verify that Server Authentication is set for “SQL
Server and Windows Authentication mode.”
50 Problem Resolution
DE and E6 Errors
Problem Suggested Solution
Adaptive Issuance system is reporting DE or E6 Apply the following settings to the [application
errors when running Chip Interface runtime] section of the Adaptive Issuance
applications using the “standard” or configuration file (normally SysConfig.ini). These
“professional” templates. errors have been known to occur if an operation has
terminated abnormally during the personalization
phase.
MaxNumberAppHosts=0
RestartObjCommunicatorBetweenRuns=true
threadHandlingMode=1
These settings force Object Communicator to be restarted with each production run, and if an
operation’s personalization phase has terminated abnormally, report the error code 0x2414
(Personalization has been terminated).
Other Issues
Problem Suggested Solution
Adaptive Issuance Configuration displays an Open the computer’s local users and groups tool
“unable to change password” error when and inspect the ObjectServer user’s properties.
attempting to change the password for a DB2 Ensure that User cannot change password is not
database. selected.
Cannot see the MULTOS folder In General Object Loader select Tools > Setup, select
Show the MULTOS Folder, and then click OK.