527665-001C Troubleshooting Guide PDF

Troubleshooting Guide
Entrust Datacard® Adaptive Issuance™ Suite
June 2018
Part No. 527665-001 Rev. C

Notice
Please do not attempt to operate or repair this equipment without adequate training.
Any use, operation or repair you perform that is not in accordance with the information
contained in this documentation is at your own risk.
Trademark Acknowledgments
Entrust Datacard is a registered trademark and service mark of Entrust Entrust Datacard
Corporation in the United States and other countries.
Entrust is a registered trademark and service mark in the United States and other
countries.
MasterCard is a registered trademark of MasterCard International Incorporated.
Visa is a registered trademark of Visa International Service Association.
All other product names are the property of their respective owners.
Proprietary Notice
The design and information contained in these materials are protected by US and
international copyright laws.
All drawings and information herein are the property of Entrust Entrust Datacard
Corporation. All unauthorized use and reproduction is prohibited.
Entrust Entrust Datacard

1187 Park Place
Shakopee, MN 55379
Phone: 952-933-1223
Fax: 952-933-7971
www.entrustEntrust Datacard.com
Copyright © 2015 - 2018 Entrust Entrust Datacard Corporation. All rights

reserved.
ii
Revision Log
Troubleshooting Guide
Entrust Datacard Adaptive Issuance Suite
Revision Date Description of Changes
A January 2016 First release of this document
B May 2017 Updates for Key Manager Software 6.4.
C June 2018 Updates for Adaptive Issuance Suite 6.5.1.
iii
iv
Contents
Chapter 1: Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Audit Trail/Accept Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
DLL Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
System Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Low-level Driver Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
PC/SC Reader Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
SmartWare Reader Board Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
MX Series Reader Board Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
MLOS Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Chapter 2: Problem Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Trace Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Diagnostic Data Collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Key Manager Software Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
HSM Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuration Manager Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Problem: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Profiles and Scripting Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
One Step Issuance Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Problem Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Installation and Upgrading Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Failed Consistency Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Server Communicator CPU Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Adaptive Issuance Suite Services Fail to Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Socket Duplication Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Throughput Issue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Job Enable Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
DRM Does Not Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Remote Database Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
DE and E6 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Other Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
v
Chapter 1: Error Codes
This chapter lists the error codes returned by the various Adaptive
Issuance™ software components.
Errors
The following sections list the error codes returned by Adaptive Issuance components. Use these
error codes when investigating system issues.
Adaptive Issuance Troubleshooting Guide 1

Audit Trail/Accept Error Codes
Error Description Possible Solution
00 The product was successfully produced. N/A
01 The extension application returned an error Refer to the DLLERROR field for details.
code, but the product might be reusable.
A0 Attempted to run a Chip Interface or Data Obtain a certificate from the application
Access application that requires an application developer and register it using
certificate, but a certificate is not registered. Application Manager.
Contact Entrust Datacard if the

application developer cannot be reached
or does not have the capability to
generate a certificate.
A1 The certificate registered for a Chip Interface Obtain an updated certificate from the
or Data Access application does not match the application developer and use
application. Application Manager to replace the
currently registered certificate.
Contact Entrust Datacard if the

application developer cannot be reached
generate a certificate.
A2 The certificate registered for a Chip Interface Obtain an updated certificate from the
or Data Access application does not grant application developer and use
rights to run the application in the current Application Manager to replace the
context. For example, this error occurs if the currently registered certificate.
application certificate authorizes instant
issuance, but the application is being run in Contact Entrust Datacard if the
central issuance. application developer cannot be reached
generate a certificate with the required
authorization.
A3 An attempt to check out a license failed See the "Verify Existing License" section
because it has not been verified following of your product's Installation and
upgrade to Adaptive Issuance software. Administration Guide for instructions on
verifying your licenses.
2 Error Codes
A4 Application type is not supported. This error Use a supported application, such as
occurs for attempts to run a smart card Datacard® Adaptive Issuance™ EMV Data
application that was developed using older, Prep and Perso Software.
unsupported SDKs in a distributed issuance
environment, such as CardWizard.
C0 Smart card application cannot be run because If running a Chip Interface application,
the coupler is disabled; it is a Chip Interface verify that the smart card module is in
application, but an open coupler; or it is an managed mode. If running an Open Perso
Open Perso application, but a managed application, verify that the smart card
coupler. module is in unmanaged mode. Contact
your Entrust Datacard support
representative if these conditions are
satisfied.
C1 Parsing of SCPM format data failed. The most This error occurs if an application proxy
probable cause is an unrecognized/ used invalid SCPM format data. Verify
unsupported format identifier or an encoding that the input data is correct, the data
error. setup properly selects the smart card
data field, and SCPM format data is not
configured.
C2 An SCPM format data block can be parsed, but This error occurs if an application proxy
contains no smart card subfields (that is, the used invalid SCPM format data. Verify
overall length is zero). that the input data is correct, the data
setup properly selects the smart card
data field, and SCPM format data is not
configured.
C3 An application specified in an SCPM format This error occurs if an application proxy is

data block failed to initialize earlier in the used, the same smart card application
current production run. appears multiple times in the smart card
data field, and the application fails to
initialize.
C4 Automatic ISO-7816 reset failed. Possibly the If the chip is not ISO-7816 compliant,
chip is faulty or is not ISO-7816 compliant. make sure the reset chip setting is clear in
the product setup and make sure the
FFFFFFEB format identifier is specified (if
using SCPM format data). If the chip is
ISO-7186 compliant, determine if reset
failure is due to a chip problem or a
programming station problem.

C5 The connection to an Entrust Datacard- Verify the network connection between

managed programming station failed. Adaptive Issuance Suite and the
programming station. Contact your
Entrust Datacard support representative
if the condition persists.
C6 A smart card operation could not be started Verify the network connection between
on an Entrust Datacard-managed Adaptive Issuance Suite and the
programming station. programming station. Contact your
Entrust Datacard support representative
if the condition persists.
C7 Application instance initialization data or Contact your Entrust Datacard support

operation data contains name/value pairs, but representative.
the application does not support name/value
pairs.
C8 An operation cannot be performed because If running a Chip Interface application,

the associated service class is unavailable, verify that the Chip Interface software is
probably because it has not been installed. installed. If running an Open Perso
application, verify that the Open Perso
software is installed.
C9 The master application repository is not valid, Use Adaptive Issuance configuration to
probably because the configured path does verify that the master application
not exist or is not accessible. repository is properly configured. If the
master application repository is remote,
verify that the account configured for the
Datacard Adaptive Issuance
Communicator Controller service has
read access to the remote share.
D0 Extension application not found, or Verify that the extension application has
application not registered. been registered and that the job setups
identify the correct application.
D1 Failed to load extension application. Verify the validity of the extension

application or make sure all other files
that the extension application uses are
properly installed.
D2 Adaptive Issuance Suite does not recognize Verify that the application is a valid
the format of the extension application. application, or the application is
corrupted.
4 Error Codes
D5 An extension application operation has been Use Application Manager to check the
stopped because it did not proceed to the next extension application’s transaction time-
transaction in a period of time. out to ensure that it is sufficient for the
operation being completed. The default
time-out is 30 seconds. If you need more
time, increase the transaction time-out.
D8 Blank application name. Verify that the setups and the data file
have an extension application name or
that the equipment setups are correct.
DD Insufficient or invalid licensing information Verify that the Adaptive Issuance server is
connected to the appropriate license
server and that sufficient licenses are
installed.
DE Server Communicator timed out while waiting Contact your Entrust Datacard support
for a response from Host Communicator or representative.
Object Communicator.
DF An extension application could not be run Only Chip Interface applications can be
because the application type is not allowed for run on non-EDL machines.
a non-EDL machine.
E0 Data reference is not valid. System error. Contact your Entrust

Datacard support representative.
E1 A Resource Controller problem was Verify that the Datacard Adaptive

encountered. Issuance Resource Controller service is
running.
E3 The extension application threw an unhandled Debug the extension application to

exception. determine the cause of the exception.
E4 Failed to gain access to the key reader devices You might need more resources, or to
assigned to the virtual dedicated key card disable some programming stations.
resource (ETBP).
E5 The resources or response fields declared by Use Application Manager to re-register

an extension application do not match the the extension application.
configuration. This generally indicates that the
application DLL has been updated without
updating the configuration.

E6 An extension application could not be cached If the problem persists, use

for execution. This is most likely due to a Communicator Status to stop and restart
conflict with an existing file in the cache Communicator.
directory.
E7 An operation cannot be completed because a Refer to E3.

different call to an application entry point for
the same application instance had an
unhandled exception (E3 error). (Note that
when an E3 accept code occurs for an
application instance, all currently active
operations for that application return accept
code E7, and subsequent operations return
accept code EB.)
E8 The Host Communicator process unexpectedly Contact your Entrust Datacard support
terminated during handling of an operation. representative.
When E8 is returned, all subsequent
invocations of application instances active
during the termination result in accept code
EA.
E9 The Object Communicator process Contact your Entrust Datacard support

unexpectedly terminated during handling of representative.
an operation. When E9 is returned, all
subsequent invocations of application
instances active during the termination result
in accept code EA.
EA The invoked function cannot be performed Contact your Entrust Datacard support
because the Host or Object Communicator representative.
process that hosts the application instance has
terminated unexpectedly. (Note that E8 or E9
is returned for functions active when the
application host terminates, and EA is
returned for functions invoked after the
termination.)
EB The invoked function cannot be performed Refer to E3.

because the application instance has been
disabled due to a previous E3 error.
6 Error Codes
EC The Embedded Communicator process Contact your Entrust Datacard support

an operation. When EC is returned, all
in accept code EA.
ED The input data fields configured for a data Use Application Manager to re-register
access product operation do not match those the extension application, and review
declared by the application. your machine setups to verify that they
match the application properties.
EF The data access Communicator process Contact your Entrust Datacard support
an operation. When EF is returned, then all
in accept code EA.
FA Virtual dedicated key reader device conflict. Check application configurations to

ensure that the same physical key reader
is not being used as a virtual dedicated
key reader and as a shared key reader or
virtual dedicated key reader for a
different module.
FB An unexpected condition was encountered Contact your Entrust Datacard support

(internal error). representative.
FD A non-ASCII character was returned in the DLL Correct the extension application so that
error code. the DLL error codes it returns contain
only ASCII codes 0x20 - 0x7E.
FE The extension application returned an Correct the extension application so that

undefined accept code. it returns only accept codes CARD_
ACCEPTED, SCPM_PROCESSED_OK,
CARD_REUSABLE, CARD_FAILED, or
SCPM_JOB_CANCEL.
FF The extension application returned an error Check the DLLERROR field for more
code. The operation failed and the product details.
might not be reusable.

DLL Error Codes
ERROR Used for all errors returned by Communicator Refer to the actual accept code.
with the exception of E3.
EXCPT Used for E3 accept code. Refer to accept code E3.
Codes detected by the APM/SCPM standard application template return DLL errors in Snnnn
format where nnnn represent the last 2 bytes of the System error codes. The error codes are
defined in “System Error Codes” on page 8.
System Error Codes

This section lists the error codes defined by Adaptive Issuance system components. System error
codes can be returned through the extension application API, as specified in the SDK
documentation, can be logged in the Adaptive Issuance system trace log and/or event log, or can
be displayed in the user interface. Generally speaking, system error codes are associated with
specific Adaptive Issuance system components based on the ranges shown in the following table.
Error Code Range Source Component
0x0000 Globally used to indicate success
0x0001 – 0x008F Communicator/API
0x0090 – 0x0104 Database Resource Manager (DRM)
0x0105 – 0x0FFF General system error used by multiple components
0x1000 – 0x2FFF Communicator/API
0x3000 – 0x37FF Tracing and Trace Viewer
0x3800 – 0x3FFF RFU
0x4000 – 0x47FF Application Manager
0x4800 – 0x48FF Configuration
0x4900 – 0x5FFF RFU
0x6000 – 0x7FFF Reserved for extension applications
0x8000 – 0xFFFF RFU
8 Error Codes
When reported in the trace log, event log, or user interface, errors are often formatted in one of
the following ways:
Format Example Description
[xxxx-xxxxxxxx] [4004-41430008] In this form, the first four-digit value is the hexadecimal error
code (0x4004 in the example). This is followed by an eight-
character “support code” which can be used by Entrust
Datacard support engineers to diagnose a problem. When
reporting a problem, be sure to provide the full error and
support code when available.
[xxxx] [4004] This form provides the hexadecimal error code without a
support code.
0x0000xxxx 0x00004004 or This form provides the hexadecimal error code without a
0x4004 support code.
The system error codes are listed in the following table. In many cases, specific diagnostic
information is included in the trace log when an error is recorded.
Error Code Description Possible Cause or Solution
0x0000 No error detected.
0x0001 Time-out occurred while waiting for a Error condition at the programming
response from a smart card programming station.
station. Network communication error.
The time-out specified by the extension
application is too short.
0x0002 Time-out occurred while waiting to obtain The time-out specified by the extension
access to a resource. application is too short.
0x0090 The requested object was not found in the No object matches the search criteria
database. specified in the query.
0x0092 The requested database object has An object matches the search criteria
expired. specified in a query, but the expiration
date has passed.
If appropriate, use General Object
Loader to update the expiration date of a
general object.
0x0094 The value of a database object query field Correct the query values.
is invalid.

0x0095 The value of a date field is invalid. Dates in database queries must be in the
YYYYMMDD format.
0x0096 Object insert failed because it already One or more object values specified in
exists in the database. the insert violates a unique key
restriction.
0x00A0 An error prevented access to the database. Contact your Entrust Datacard support
representative.
0x00A2 A database query returned multiple Refine the query values so that only one
objects when only one was expected. database object matches.
0x00A3 An internal error prevented access to a Contact your Entrust Datacard support
database table. representative.
0x00A4 The database experienced a memory Contact your Entrust Datacard support
allocation error. representative.
0x00A5 The key number field of a general object is The key number must be an integer >= 0.
invalid.
0x00A6 The value field of a general object is empty. When inserting a general object, the
value field cannot be empty (null).
0x00A7 A key number is required but was not Modify the database request to include a
supplied. key number.
0x00AB The record version provided in a database Indicates that the database object has
query does not match the actual record changed since it was queried.
version.
0x00AE A database connection lock could not be This might indicate that too few
acquired. database connections exist for the
number of clients or level of activity.
0x00AF No query information was provided in a Modify the query to set one or more
request for an object. query field values.
0x00DE An attempt to read a configuration Contact your Entrust Datacard support

property value failed. representative.
0x00DF An attempt to set a configuration property Contact your Entrust Datacard support
value failed. representative.
10 Error Codes
0x00F0 The database could not be accessed due to Consult “Problem Resolution” on
a communication problem. page 33 to resolve database
communication issues.
0x00F2 A database record could not be accessed Only one database client can modify a
because it is locked. record at one time.
0x00F5 A database query failed due to an invalid Contact your Entrust Datacard support
SQL expression. representative.
0x0100 Invalid handle passed to an API method. Must be corrected in the extension
application code.
0x0101 An internal error occurred. Contact your Entrust Datacard support

representative.
0x0102 General object pointer is NULL. Must be corrected in the extension

application code.
0x0103 An attempt was made to update a general Must be corrected in the extension
object without having first retrieved it. application code.
0x0104 The database experienced an Contact your Entrust Datacard support

uncategorized internal error. representative.
0x0105 TCP/IP server application error.
0x0106 Connection ended abnormally due to an

error.
0x0107 Unexpected condition encountered.
0x0108 Message protocol error. Verify that compatible controller,

machine and Adaptive Issuance
components are installed. Contact your
Entrust Datacard support representative.
0x0109 Unable to connect to Resource Controller. Verify that the Datacard Adaptive
Issuance Resource Controller service is
running. Also, refer to the Problem
Resolution section of this document.

0x010A The configuration file cannot be found. The configuration file does not exist at
the expected location, or the logged in
user does not have rights to access the
configuration file.
Normally the configuration file path is
specified by the SCS_CONFIG_FILE
environment variable.
0x010B Unhandled exception error. An unanticipated error was trapped by a

top-level error handler. Send this error
information to Entrust Datacard support
for analysis.
0x010C The command line arguments supplied to Refer to the user documentation for a
the program are invalid. description of the valid command line
arguments.
0x010D Thread could not be started due to a This error might be caused by lack of
system error. system resources, such as memory.
Contact your Entrust Datacard support
representative for assistance.
0x010E A TCP/IP server could not be started. Contact your Entrust Datacard support
representative.
0x010F An attempt to connect to License Server Verify that the network configuration
failed. correctly addresses your license server.
Run NetConfig to test the license server
connection.
0x0110 The connection to License Server was Verify that License Server is started and
unexpectedly closed. is not reporting errors, and verify that
the network connection to License
Server.
0x0111 A configuration setting prevented proper This error indicates a configuration

execution. setting is incorrect, preventing proper
execution. Examine the configuration
file.
0x0112 A time-out occurred in a job enable This might be an error caused by the job
application. enable application. Verify that the job
enable application is functioning
properly. Contact your Entrust Datacard
support representative for further
assistance.
12 Error Codes
0x0113 An attempt to unload an application This error occurs if an extension

domain failed. application remains running at the end
of a production run. If new production
runs cannot be started, use
Communicator Status to restart
Communicator. Contact your Entrust
Datacard support representative if the
problem persists.
0x0114 The requested modular interface is not The personalization system supports an
supported. older modular interface version than is
supported by the installed Adaptive
Issuance software. The personalization
system must be upgraded if the
requested modular interface version is
required.
0x0115 The specified message is not supported by The installed Adaptive Issuance software
this connection. supports an older modular interface
version than is supported by the
personalization system. Adaptive
Issuance Suite must be upgraded if the
requested moduler interface version is
required.
0x1000 A key card or HSM resource name is This error occurs if an extension
unknown. application tries to use a key card or HSM
that has not been declared in its
manifest, or has not been configured for
use with the current application
instance.
0x1001 An invalid Vcc value was passed to an API Must be corrected in the extension
method. application code.
0x1002 An invalid baud rate was passed to an API

method.
0x1003 An invalid frequency (clock speed) was

passed to an API method.
0x1004 Invalid APDU case was passed to an API

method.

0x1005 Invalid APDU passed to an API method. The APDU format does not correspond
to the specified case. Must be corrected
in the extension application code.
0x1006 Invalid accept code passed to an API Must be corrected in the extension
method. application code.
0x1009 Attempt to use more than one port within

a single bulk command.
0x100A A null object was passed for a method

argument that must be non-null.
0x100B An unexpected error condition was Contact your Entrust Datacard support
encountered. representative.
0x100C The execution thread has been stopped. Communicator is stopped while an
operation is active.
0x1011 Invalid APDU passed to an API method. The APDU format does not correspond
to the specified case. Must be corrected
in the extension application code.
0x1012 Smart card coupler timed out while Possibly due to a bad chip.
waiting for a response from the chip or For contactless, verify that the power
from the serial port. level is appropriate for the chip and the
antenna has been tuned.
0x1013 A communication message does not Verify the compatibility of the installed
conform to internal expectations. machine software components and
Adaptive Issuance Suite. Contact Entrust
Datacard support.
14 Error Codes
0x1015 API method is available only during Must be corrected in the extension
initialization. application code.
0x1016 API method is available only during chip

processing.
0x1017 API method is available only during

termination.
0x1022 Invalid value type passed to an API

method.
0x1024 An attempt to get or set a global

application value or to get a station value
failed because the value does not exist.
0x1026 Invalid variable name passed to an API

method.
0x1027 A buffer provided by the extension

application is not large enough.
0x1029 Invalid baud rate passed to an API method.
0x1030 Invalid parity passed to an API method.
0x1031 Invalid data bit passed to an API method.
0x1032 Invalid stop bit passed to an API method.
0x1033 Invalid flow control passed to an API

method.
0x1034 API method is not available during chip

processing.

0x1036 An attempt to get a global value as a string Must be corrected in the extension
or integer failed because the actual type is application code.
a byte collection.
0x1037 An attempt to get a global value as a byte

collection failed because the actual type is
string.
0x1038 An attempt to get a global value as a byte

collection or string failed because the
actual type is integer.
0x103A An attempt to get a global value as a byte

collection, string, or integer failed because
the actual type is incompatible.
0x1041 The value supplied for an index argument

is out of range.
0x1042 The length of an argument passed to an

API method is invalid.
0x1043 Value cannot be converted because it is

too large.
0x1045 A string passed to an API method contains

an invalid character.
0x1047 Invalid station number passed to an API Station number must be between 1 and
method. the number of stations in the module.
Must be corrected in the extension
application code.
0x1048 Smart card coupler driver returned a low- Consult the Low-Level Error Codes
level error code. The actual error is section of this document.
specified by the driver response code.
0x1049 Invalid Vpp passed to an API method. Must be corrected in the extension
application code.
0x104A An invalid attribute value was passed to an Must be corrected in the extension
API method. application code.
0x104B An invalid ISO-7816 Fi or Di parameter Must be corrected in the extension

value was passed to an API method. application code.
16 Error Codes
0x104C The smart card coupler does not support Verify that the operation is assigned to
the capability required to perform the the intended smart card module. Verify
requested action. that the module is properly configured.
0x104D An invalid ISO-7816 protocol parameter Must be corrected in the extension

value was passed to an API method. application code.
0x1200 The audit data buffer is not large enough

to complete the requested operation.
0x1201 An attempt was made to set a response

field value that has not been declared in
the extension application manifest.
0x2000 Out of memory error. Verify that the system resources meet
the minimum requirements.
0x2001 The requested function is not Contact your Entrust Datacard support
implemented. representative.
0x2037 Internal error.
0x203A API method called by an unauthorized Must be corrected in the extension

thread. application code.
0x2103 An attempt to access a key card or HSM Modify the setups to assign a device to
resource failed because a physical device is the resource.
not configured.
0x2111 Unable to connect to or send data to a Verify that the physical device is
physical device associated with a logical functional and properly configured for
resource. use. For a key reader, verify that the key
card is properly coupled and is
responsive.
0x2124 A key reader has returned an error Verify that the key reader is properly
response to a command. configured and is running compatible
system components.
0x2125 Attempt to use dedicated key reader when Modify the setups to assign key reader
not present. device(s) to the ETBP resource.

0x2127 An error condition prevented successful Verify the integrity of network

processing of a controller message communication between Adaptive
request. Issuance Suite and the controller.
0x2200 An unexpected communication error Contact your Entrust Datacard support

prevented access to a key card or HSM representative.
resource.
0x2203 An unexpected internal error prevented Contact your Entrust Datacard support
access to a key card or HSM resource. representative.
0x2204 A time-out occurred while waiting for a Error condition at the key reader or HSM.
response from a key reader or HSM. Network communication error.
The time-out specified by the extension
application is too short.
0x2220 Attempt to add a response field to an Must be corrected in the extension

extension application manifest when a application code.
response field with the same name has
already been added.
0x2221 Attempt to add a resource to an extension

application manifest when a resource with
the same name as already been added.
0x2222 Resource cannot be added to an extension

application manifest because the name is
reserved for use by the system.
0x2223 Attempt to add a response field using a

reserved name.
0x2300 Invalid check flag passed to an API method.
0x2301 Command cannot be buffered because it is The maximum buffer size varies by
longer than the remaining available coupler type.
command buffer space. Must be corrected in the extension
application code.
18 Error Codes
0x2302 Invalid index number passed to an API Must be corrected in the extension
method for retrieving bulk command application code.
response.
0x2303 Extension application attempted to

process an empty bulk command buffer.
0x2304 Attempt to run a bulk command that has

already been run.
0x2305 The chip subtype passed to an API method Verify that the operation is assigned to
is either invalid for the particular method the intended smart card module. Verify
or is not supported by the smart card that the module is properly configured.
coupler. Might require a correction to the
extension application code.
0x2306 Command requires chip type MIFARE. Must be corrected in the extension
application code.
0x2307 Command requires chip type FeliCa.
0x2308 An invalid DRI or DSI value was passed to

an API method.
0x2309 An invalid PICC power level was passed to

an API method.
0x230A The actual response to a buffered This error occurs when a buffered (bulk)
command does not match the expected command specifies an expected
response. response, but the actual response is
different. Examine the actual response
for information about the failure.
0x2404 Too little data supplied for the command. Must be corrected in the extension
application code.
0x2405 Too much data supplied for the command. Must be corrected in the extension
application code.
0x2406 A memory chip operation could not be The wrong command interpreter is
performed. loaded at the programming station, or
the requested operation is not
supported for the selected chip type.

0x240C The machine returned an error to the Examine the error details for the
calling API method. machine-specific error information.
Consult the machine documentation for
an explanation of the error.
0x240D Operation could not be performed because The machine is not connected, the
the required machine connection does not required service class is not properly
exist. initialized, or a license might be required.
0x240E Machine did not respond to a message Indicates that the machine has become
within the expected time. unresponsive; there is a network
communication issue, or too many
messages are queued.
0x240F Operation failed because initialization did Indicates that an initialization sequence
not occur properly. did not complete properly. Ensure that
the extension application is being
properly initialized.
0x2410 A connection to a server could not be Might be received by a job enable

established. application if a connection to
Communicator cannot be established.
Verify that Server Communicator is
running.
0x2411 Returned on an attempt to add an input Must be corrected in the extension

data field to a manifest when an input data application code.
field with the same name has already been
added.
0x2412 The requested feature is not supported. The extension application has attempted
to use a feature that is not supported by
the installed version of Adaptive
Issuance software, or the personalization
system. The system must be updated if
the feature is required.
0x2413 The requested information is not available. The extension application has requested
chip information that is not available
from the smart card programming
station. This happens if the programming
station does not support this feature or if
it is not applicable to the selected chip
type.
20 Error Codes
0x2414 Personalization has abnormally An error within the operation’s

terminated. application or within the Object
Communicator process caused the
operation’s personalization phase to
terminate prematurely. Known causes
are D5 and C5 errors.
0x2800 Time-out occurred while waiting for a It is possible that the process did start,
Communicator process to signal that it has but it took longer than expected. If
started. Communicator Status shows that the
process is running, increase the start up
time-out configuration setting.
Otherwise, contact your Entrust
Datacard support representative.
0x2801 An error occurred while attempting to start Contact your Entrust Datacard support
a Communicator process. representative.
0x2802 Time-out occurred while waiting for a It is possible that the process did stop,
Communicator process to stop. but it took longer than expected. If
Communicator Status shows that the
process is not running, increase the stop
time-out configuration setting.
Otherwise, manually stop the process by
using the Windows Task Manager.
0x2803 An error occurred while attempting to stop Contact your Entrust Datacard support
a Communicator process. representative.
0x2804 Execution of an extension application entry This error is associated with return of a
point failed. non-zero accept code. Analyze the
specific accept code and additional error
information to determine the nature of
the error.
0x2807 Unexpected transaction ID in received Contact your Entrust Datacard support

Communicator protocol message. representative.
0x280D An attempt was made to cache data using Contact your Entrust Datacard support
a key value already in use. representative.
0x280E Resource Controller returned an error. Analyze the additional information

associated with the error.

0x280F Multiple machines share the same name Each machine served by a single
or IP address. Communicator must be uniquely named,
and each machine must have a unique IP
address.
0x2810 No response received from a job enable An unexpected communication error

application after a command was sent to it. was detected by the job enable server
API. Make sure the job enable
application is running and is responding
properly.
0x2811 A job enable application is not running and The system configuration settings specify
the system is configured to require a job whether or not a job enable application
enable application to execute production is required. This error occurs if a job
runs. enable application is required, but is not
currently running or is not connected.
0x2812 An action could not be performed because Contact your Entrust Datacard support
a production run is not currently active for representative.
the machine.
0x2813 An application instance has been disabled An application instance is disabled when
and no data caching or chip processing it throws an unhandled exception (E3
operation can be performed. accept code). No data caching or chip
operations are performed for a disabled
application instance.
0x2814 The connection to a programming station This is an abnormal error that indicates a
was closed while handling a smart card system issue, such as a time-out
operation. condition or a network failure.
0x2815 An extension application thread could not In case of this error, it might be
be aborted. necessary to use Communicator Status
to stop and restart Communicator. Make
sure that all jobs are stopped before
stopping Communicator.
0x2817 An extension application returned an error This error code is used for extension
from the PostProcess entry point. application types where termination
status is not returned to the controller,
such as data access applications. Consult
the application documentation or
developer for information about the
error returned by the application.
22 Error Codes
0x4000 The application repository does not exist. Verify that the InstallDir configuration
setting accurately indicates the
installation folder, and that the
application repository exists at that
location. If a remote repository is used,
verify that the MasterAppRepositoryPath
configuration accurately identifies its
location.
0x4001 Application ID does not exist in the If recorded during execution of a job, this
application repository. indicates that the application ID
identified by the job setups does not
correspond to any registered extension
application.
If this error occurs while using
Application Manager, Contact your
Entrust Datacard support representative.
0x4002 Application ID already exists in the Each registered application must have a
application repository. unique application ID.
0x4003 Device ID does not exist in the device If this error occurs while using
catalog. Application Manager to configure an
application, delete and re-register the
application.
If this error occurs during execution of a
job, Contact your Entrust Datacard
support representative.
0x4004 Application configuration is invalid. Use Application manager to delete and

re-register the application with the
invalid configuration.
0x4005 Application resource does not exist. This error might occur if an extension
application changes its resource
declarations, and the application DLL is
updated in the application repository
without re-registering. To correct the
error, use Application Manager to delete
and re-register the application.

0x4006 Device address already exists in the device Each IP-addressable device in the device
catalog. catalog must have a unique IP
address:port. Each PC/SC reader in the
device catalog must have a unique host
name:reader name. This prevents the
same physical device from being
cataloged multiple times.
0x4007 Device name already exists in the device Each device in the device catalog must
catalog. have a unique name.
0x4008 An application repository create/update An extension application DLL,

operation failed because it is read-only. supplementary file, or configuration file
is read-only, preventing its update.
Inspect the application repository files
and remove the read-only property
where found.
Low-level Driver Error Codes

The following sections list the error codes returned by low-level functions running on PC/SC
readers used as key readers or simulated programming stations. Follow guidelines for error
handling as described in the Adaptive Issuance Suite Developer’s Guide for the application you
are using.
PC/SC Reader Error Codes
Not all PC/SC readers work with a particular product. It is possible that the chip and
the PC/SC reader are not compatible.
Error Code Description Possible Explanation/Resolution
0x45 Driver error When a 1.x application calls a command and a

low-level error is returned as a number that is
larger than 255, 0x45 is returned and the actual
low-level error is recorded in the Adaptive
Issuance event log.
0x88 Destination is invalid for the Contact your Entrust Datacard support
product type or hardware type. representative.
0x89 Data could not be decoded. Contact your Entrust Datacard support
representative.
24 Error Codes
Error Code Description Possible Explanation/Resolution
0x90 Unexpected data was received Check that the chip is compatible with the
from the chip. application.
Contact your Entrust Datacard support
representative.
0x91 The requested operation is not Returned for commands that are not supported
supported. by PC/SC readers.
0xF0000000 Incomplete response from reader Verify that the contactless PC/SC reader is
command. functioning normally.
0xF0000001 Block number is too great, or key Fix the application to either load a longer key set,
length is insufficient. or to authenticate with only lower block
numbers.
0xF0000002 Did not receive 16 data bytes When the card type is MIFARE and the reader
expected for pending write. receives a \xA0\xnn command, it expects the next
“command” to be the 16 bytes of data to be
written to block nn. Change the application to
comply with this expectation.
0xF0000003 Invalid or unsupported command When the card type is MIFARE, the only
received. commands supported are write (\xA0\xnn), read
(\x30\xnn), and the 16-byte data block following
a write command. Change the application to send
only those commands.
0xF0000004 Keys have not been set. Change the application to call
ScpmMifareLoadKey before calling
ScpmMifareAuthenticate.
0xF100xxxx The contactless reader returned Check for chip compatibility with the reader.
status word xxxx indicating an Make sure the type of contactless chip matches
error. what the application is expecting.
In addition, Adaptive Issuance Suite returns the “native” 4-byte PC/SC error code. Contact your
PC/SC reader manufacturer for the meaning of error codes returned.
SmartWare Reader Board Errors
The following table lists the low-level error codes returned by the Adaptive Issuance interface to
the SmartWare readers used as programming stations or key readers.

0x45 Driver error When a 1.x application calls a command and a low-
(69) level error is returned as a number that is larger
than 255, 0x45 is returned and the actual low-level
error is recorded in the Adaptive Issuance event
log.
0x352A Command format not valid Possible software version mismatch. Contact your
(13610) Entrust Datacard support representative with the
Adaptive Issuance trace file.
0x352B Command not valid
(13611)
0x352C Header mismatch

(13612)
0x352D Subcommand not valid or not

(13613) supported
0x3548 Driver response might be

(13640) corrupted
0x3549 Unexpected Transaction ID/ Contact your Entrust Datacard support

(13641) step received representative with the Adaptive Issuance file.
0x354A Communication time-out Possible network communication problem.

(13642)
0x3552 Checksum not valid Possible software version mismatch. Contact your
0x3553 Communication initialization Possible network communication problem.

(13651) failed
0x3555 Communication send failed

(13653)
0x3556 Communication receive failed

(13654)
0x3557 Communication health check

(13655) failed
0x3558 Communication already Communication has been initialized. No new

(13656) initialized communication possible.
26 Error Codes
0x355C Card reset failed The product is bad.

(13660)
0x355D Card eject failed Contact your Entrust Datacard support

(13661) representative with the Adaptive Issuance trace
file.
0x3566 Coupler not initialized Contact your Entrust Datacard support

(13670) representative.
0x3567 Invalid or unsupported Possible software version mismatch. Contact your

(13671) operation received Entrust Datacard support representative with the
0x3568 Destination port is not valid or
(13672) is not supported
0x3569 Driver is not selected

(13673)
0x3571 Fatal internal error Unexpected system failure occurred. Contact your
(13681) Entrust Datacard support representative.
0x3572 Format ID is not valid or is not Possible software version mismatch. Contact your
(13682) supported Entrust Datacard support representative with the
0x3573 Invalid contactless tune value Use valid Tune value supported by station
(13683) hardware.
0x3574 Invalid contactless power Use valid Power value supported by station
(13684) value hardware.
0x3575 Get pass through mode failed Possible software version mismatch. Contact your
0x3576 CH Initialized Coupler/scips not initialized. Contact your Entrust

(13686) Datacard support representative.
0x3577 Coupler not configured Coupler not initialized properly. Contact your
0x3578 Diag Not Initialized Coupler not initialized properly. Contact your
0x3579 Invalid Carrier Frequency Contact your Entrust Datacard support

(13689) value representative.

0x357A DLM Failure DLM failed to download the application. Contact

(13690) your Entrust Datacard support representative.
0x357C Module ID sent in start Contact your Entrust Datacard support

(13692) operation command does not representative.
match coupler module ID
0x357D Station ID sent in start

(13693) operation command does not
match coupler station ID
0x357E Unknown reset operation

(13694) type in start operation
command
0x357F Coupler hardware type is not

(13695) defined
MX Series Reader Board Errors

The following table lists the low-level error codes returned by the Adaptive Issuance interface to
the MX Series readers used as programming stations.
0x45 Driver error When a 1.x application calls a command and a

(69) low-level error is returned as a number that is
larger than 255, 0x45 is returned and the actual
low-level error is recorded in the Adaptive
Issuance event log.
28 Error Codes
0x3390 855t to w77e58 fifo checksum error Contact your Entrust Datacard support
0x3391 Expecting RESET sub command

(13201)
0x3392 Expecting ISO_CARD_DATA sub

(13202) command
0x3394 No socket connection on ethernet

(13204) send
0x3395 General error in EnetTx subroutine

(13205)
0x3397 Unknown command from 8240

(13207)
0x3398 Ethernet socket subroutine failure

(13208)
0x339C FIFO send timeout between 855t and

(13212) w77e58
0x339D FIFO send timeout between 855t and

(13213) w77e58
0x3459 Unknown low level command Unexpected driver error occurred.

(13401)
0x345A Low level FIFO checksum error Contact your Entrust Datacard support
0x345B Product not present

(13403)
0x345C Unknown chip card oscillator

(13404) frequency
0x345D Unknown first byte in ATR Possible product or system hardware failure.
(13405)

0x345E T=1 ATR checksum problem Contact your Entrust Datacard support
0x3460 Unsupported protocol type from ISO

(13408) data
0x3462 No response timeout from product

(13410)
0x3463 Error in ISO direct parity on receive

(13411)
0x3464 Inverse parity error on receive

(13412)
0x3465 Received wrong sequence bit from I

(13413) BLOCK
0x3466 Expecting an R BLOCK

(13414)
0x3467 Received wrong sequence bit from R

(13415) BLOCK
0x3468 Wasn't supposed to receive an R

(13416) BLOCK
0x3469 Resynch can only be sent by IFD

(13417)
0x346B ICC sends VPP ERR so set error and

(13419) get out
0x346C Unknown S BLOCK PCB byte

(13420)
0x346D Unknown BLOCK type, !R !S !I BLOCK

(13421)
0x3470 Bad RX LRC from ICC

(13424)
0x3471 Bad RX CRC from ICC

(13425)
0x3474 Product is not reset and active

(13428)
30 Error Codes
0x352A Command format not valid Correct header format.

(13610)
0x352B Command not valid Possible software version mismatch. Contact

(13611) your Entrust Datacard support representative
with the Adaptive Issuance trace file.
0x352C Header mismatch Contact your Entrust Datacard support

0x3552 Checksum not valid

(13650)
0x3556 Communication receive failed

(13654)
0x3566 Coupler not initialized

(13670)
0x3568 Destination port is not valid or is

(13672) unsupported
0x3571 Fatal internal error

(13681)
0x3573 Invalid contactless tune value

(13683)
0x3574 Invalid contactless power value

(13684)
0x3575 Get pass through mode key failed

(13685)
0x3579 Invalid Carrier Frequency value

(13689)
0x357C Module Id sent in start operation

(13692) command does not match coupler
module id
0x357D Station Id sent in start operation

(13693) command does not match coupler
station id
0x357E Unknown reset operation type in start

(13694) operation command

0x357F Coupler hardware type is not defined Contact your Entrust Datacard support
MLOS Error Codes

Refer to SmartWare documentation for a list of low-level error codes returned by MLOS, the
operating system on the SmartWare coupler.
32 Error Codes
Chapter 2: Problem
Resolution
This chapter identifies problems that might be encountered while

working with Adaptive Issuance Suite software, and provides suggestions
for recovery.
Troubleshooting Tools
Adaptive Issuance software and the Software Development Kits (SDKs) include a number of
features to help you isolate problems in your development and production environments.
Trace Viewer
Trace Viewer lets you work with diagnostic trace information recorded by various Adaptive
Issuance components. This option is useful for debugging and testing.
The Trace format is proprietary.
Adaptive Issuance Suite Help contains more information about Trace Viewer, including
descriptions of the various options available when using this feature.
Event Log
Adaptive Issuance Administrator keeps a log of all events in the system. If you contact your
Entrust Datacard support representative, you might be asked to send a copy of the event log.
Follow this procedure:
1. Select Start > All Programs > Datacard > Adaptive Issuance Suite> Administrator. The
Administrator window opens.
2. Select File > Export All Events to File. A Save As dialog box displays.
3. Navigate to the location where you want the log saved, enter a file name, and then click Save.
The log is saved as you specified.
Adaptive Issuance Help contains more information about the event log, including procedures for
filtering the events that are displayed, and for deleting old events.

Diagnostic Data Collector
This utility is useful for collecting information to be sent to Entrust Datacard support for analysis.
Refer to the Help for instructions for use. You can access the utility as follows:
Start > All Programs > Datacard > Adaptive Issuance Suite > Diagnostic Data Collector
Key Manager Software Problems
Problem Suggested Solution
When installing Key Manager software, the Click Cancel to stop the installation. Uninstall the
following message displays: existing version. Restart the computer and run the
Service ‘<service name>’ could not be installed. installation program.
Verify that you have sufficient privileges to
install system services.
Key Manager Home page (Token Explorer) is Select other pages, and then return to the Home
blank. page.
0x000000B6 - CKR_SESSION_EXISTS Possible Cause: An exclusive session is required for

this action and other sessions exist.
Possible Solution: Shut down Key Manager

Software and then reset the HSM. From the
Command Prompt (running As Administrator), enter
hsmreset and then enter y to reset the HSM.
0x00000101 - CKR_USER_NOT_LOGGED_IN Log in to the token as User(s).
0x80000106 - CKR_SO_NOT_LOGGED_IN Log in to the token as Security Officer(s).
0x00000110 - CKR_WRAPPED_KEY_INVALID Possible Cause: The import or unwrap key being

used for the requested action is the wrong one or
the wrong type.
Possible Solution: Select the appropriate key and try

the function again.
0x000000D1 - CKR_TEMPLATE_INCONSISTENT Possible Cause: A usage has been defined that is not
allowed by a template, such as one defined by an
Unwrap mask.
Possible Solution: Unwrap the key using an unwrap

key with a mask that allows the required action to
be performed.
34 Problem Resolution
0xC000000A - CKR_DECIMALIZATION_TABLE_ Make sure that the desired decimalization table is

NOT_FOUND created and identified appropriately.
0xC000000B - CKR_WEAK_PIN_LIST_NOT_ Make sure that the desired weak PIN list is created
FOUND and identified appropriately.
0xC000000C - CKR_MULTIPLE_ Make sure that the desired decimalization table is

DECIMALIZATION_TABLES_FOUND identified uniquely.
0xC0000015 - CKR_EKS_THROWABLE_ERROR This error is related to unwrapping objects from the

database to the HSM, and updating an existing
object in the database. Look for stack traces in the
HSM server log.
0xC0000016 - CKR_EKS_OBJECT_NOT_ The cryptographic object cannot be deleted.

DELETABLE
0xC0000017 - CKR_EKS_PERMISSION_DENIED Make sure that the database for Key Manager
software has been created.
Make sure that the Key Manager Server and HSM
Server services have appropriate permissions to
access the database.
0xC0000018 - CKR_EKS_DATA_ACCESS_ Make sure that the correct SQL Server instance is
RESOURCE_FAILS running and reachable from the HSM Server service.
0xC0000019 - CKR_EKS_DATA_INTEGRITY_ Contact Entrust Datacard Support.

VIOLATION
0xC000001A - CKR_EKS_GENERAL_DATA_ Contact Entrust Datacard Support.

ACCESS_ERROR
0xC000001B - CKR_EKS_EMPTY_RESULT_ Make sure that all cryptographic objects that have
DATA_ACCESS been referenced are created with the necessary
identifying attributes.

0xC0000041 - CKR_MDR_NOT_INITIALIZED The adapter process under HSM Server

automatically attempts to reconnect. Retry the
0xC0000043 - CKR_MDR_INVALID_ command. If errors persist, make sure that the HSM
PARAMETER is working and can be reached from HSM Server.
0xC0000044 - CKR_MDR_INVALID_HSM_INDEX
0xC0000046 - CKR_MDR_INSUFFICIENT_
RESOURCES
0xC0000048 - CKR_MDR_OPERATION_
CANCELLED
0xC0000049 - CKR_MDR_HSM_RESET
0xC000004B - CKR_MDR_UNSUCCESSFUL
0xC000004C - CKR_MDR_INTERNAL_ERROR
0xC000004D - CKR_MDR_OPERATION_NOT_
ALLOWED
0xC000004A - CKR_MDR_FM_NOT_AVAILABLE Attempt to reset the HSM.

It might be possible to reload the Key Manager
firmware through SafeNet command line tools if the
HSM was previously initialized.
If the error persists, delete the HSM registration in
Key Manager, tamper the HSM, and reregister it
within Key Manager Software.
0xC0000050 - CKR_FM_MSG_CMD_ERROR Make sure that the firmware version on the HSM is
compatible with the version of HSM Server
installed.
If developing or running a custom application that
uses HSM Client, examine failing commands for
potential inconsistencies.
0xC0000051 - CKR_FM_MSG_RSP_ERROR Make sure that the firmware version on the HSM is
compatible with the version of HSM Server
installed.
uses HSM Client, examine failing commands for
potential inconsistencies.
0xC0000053 - CKR_CACHE_SLOT_FULL Wait for sessions on other database tokens to close

and thus free up space in the cache. If cache space
does not free up and no cryptographic sessions are
active, reset the HSM.
0xC0000056 - CKR_HASHMAP_FAILED Retry the command/operation again. If the error

persists, reset the HSM.
0xC0000057 - CKR_SLOT_DATA_ERROR Restart the HSM Server service. If the error persists,
reset the HSM.
0xC0000059 - CKR_DMKID_INVALID Make sure that all HSMs that are registered to Key
Manager software have the correct DMK under
which the cryptographic objects in the database are
encrypted. If errors persist, contact Entrust
Datacard Support.
0xC000005B - CKR_BLOB_INVALID_HEADER Delete the object and recreate it.
0xC0000103 - CKR_GRID_INIT_ERROR Make sure that all properties are correct in the
configuration files listed below.
 C:\ProgramData\Datacard\Adaptive Issuance
Suite\Key Manager\HSM Server\hsm-
service.properties
 C:\ProgramData\Datacard\Adaptive Issuance
Suite\Key Manager\keymanager.ini
Make sure that the correct database instance is
accessible from HSM Server service. If the error
persists, run the Key Manager installer and choose
the repair option to ensure that all dependencies
are appropriately placed and configured.
0xC0000104 - CKR_ADAPTER_ADDRESS_ Enter a valid address for the HSM.

INVALID
0xC0000105 - CKR_ADAPTER_INIT_ERROR Make sure that the HSM is working and reachable
from HSM Server.
If an HSM registration entry exists in Key Manager,
delete it and reregister the HSM.
Run the Key Manager installer and choose the repair
option to make sure that all dependencies are
appropriately placed and configured.

0xC0000106 - CKR_ADAPTER_INVALID_ Retry the command or operation. If developing or

PROTOBUF_ERROR running a custom application that uses HSM Client,
0xC0000107 - CKR_ADAPTER_INVALID_ examine failing commands for potential
PROTOBUF_MSG_ERROR inconsistencies.
0xC0000108 - CKR_ADAPTER_THROWABLE_ Search the HSM Server log for a stack trace
ERROR containing the CKR_ADAPTER_THROWABLE_ERROR
error code. It should contain a reference to the
underlying exception that was thrown.
0xC0000109 - CKR_FM_SOFT_DLL_ERROR Make sure that HSM Server has access to the <AIS_
KMS_HOME>\jni\ directory. Run the Key Manager
installer and choose the repair option to ensure that
all dependencies are appropriately placed and
configured.
0xC000010A - CKR_HSM_RESET_TIMEOUT The HSM reset timeout value can be lengthened by

creating the environment variable “AIS_HSM_
RESET_TIMEOUT” with an integer value denoting
the number of seconds to wait. The default value is
60 seconds. If setting this environment variable,
make sure to restart the HSM Server service. If
lengthening this timeout, you might need to
lengthen the “requestTimeout” property in the
<AIS_KMS_HOME>\HSM Server\hsm-
service.properties file.
0xC0003010 - CKR_HSM_CLIENT_CONSTRUCT_ Make sure that HSM Client is correctly configured

HTTPS_TRANSPORT_ERROR with special attention to key store file and key store
password.
The key store file and key store password are
configured in the hsmclient.properties file under the
directory %AIS_KMS_HOME%\HSM Client\. The
keystoreFile property points to the location of the
key store file. The keystorePass property is the
password to the key store.
0xC0003000 - CKR_HSM_CLIENT_HTTP_400_ Make sure that the version of HSM Client in use is
BAD_REQUEST compatible with the version of HSM Server that is
0xC0003001 - CKR_HSM_CLIENT_HTTP_401_ installed.
UNAUTHORIZED Make sure that HSM Client is configured to reach
the desired HSM Server, and that the desired HSM
0xC0003002 - CKR_HSM_CLIENT_HTTP_403_
Server is reachable.
FORBIDDEN
0xC0003003 - CKR_HSM_CLIENT_HTTP_404_ uses HSM Client, examine failing commands for
NOT_FOUND potential inconsistencies.
REQUEST_TIMEOUT
0xC0003005 - CKR_HSM_CLIENT_HTTP_500_ Make sure that HSM Server is configured correctly
INTERNAL_SERVER_ERROR and running. If a specific operation is failing, check
0xC0003006 - CKR_HSM_CLIENT_HTTP_502_ the HSM Server log for errors that may correspond.
Restarting the HSM Server service might help to
BAD_GATEWAY
alleviate any errors. If developing or running a
0xC0003007 - CKR_HSM_CLIENT_HTTP_503_ custom application that uses HSM Client, examine
SERVICE_UNAVAILABLE failing commands for potential inconsistencies.
GATEWAY_TIMEOUT
0xC0003009 - CKR_HSM_CLIENT_HTTP_ See actions for CKR_HSM_CLIENT_HTTP… error
DEFAULT codes.
0xC0003011 - CKR_HSM_CLIENT_ Make sure that HSM Client is configured to point to

THROWABLE_ERROR a valid HSM Server instance, and that the HSM
Server instance is reachable. If developing or
running a custom application that uses HSM Client,
examine failing commands for potential
inconsistencies.
0xC0003012 - CKR_HSM_CLIENT_INVALID_ Make sure that the version of HSM Client in use is
PROTOBUFF_ERROR compatible with the version of HSM Server that is
0xC0003014 - CKR_HSM_CLIENT_INVALID_ installed. If developing or running a custom
application that uses HSM Client, examine failing
PROTOBUF_MSG_ERROR
commands for potential inconsistencies.
0xC0003013 - CKR_HSM_CLIENT_ Make sure that HSM Client is configured to point to

CONNECTION_REFUSED a valid HSM Server instance, and that the HSM
Server instance is reachable.

HSM Problems
HSM battery condition Refer to the SafeNet Installation Guide for

information about determining the battery
condition and replacement procedures.
Configuration Manager Problems

When attempting to start Configuration Possible Cause: You must be a member of the ADP_
Manager, the error message “Unauthorized Administrator, ADP_Supervisor, or ADP_Operator
Access – You are not authorized to run group, or running as Administrator to run
Configuration Manager” displays. Configuration Manager.
Possible Solution: Add the user to one of the groups

listed above.
When attempting to import files, the following Possible Cause: You are using a named instance of
error message is returned: “java.SQLException: SQL Server and the SQL Server Browser service is
Unable to get information from SQL Server: not running. For example, your SQL Server instance
ComputerName” name is ComputerName\SQLEXPRESS.
Possible Solution: Refer to “Enable SQL Server

Browser Service” in the Chip Interface Software
Installation and Administration Guide.
Problem:
When attempting to import a script, the error “Error occurred during insert/update of profile”
displays and/or when attempting to create a profile, Blank or Database error
If the error occurs when importing a script, the Windows Event Viewer under shows: Unexpected
error occurred: System.Exception: Error occurred during insert/update of profile: Profile:
profile oid: Oid: 0x2B0601040181900D88100501
profile type: Key
Possible Cause: TCP/IP is not enabled in Protocols for SQL Server 20xx Network Configuration and
Client Protocols.
Possible Solution: Enable TCP/IP:
1. Select Start > Programs > Microsoft SQL Server 20xx > Configuration Tools > SQL Server
Configuration Manager.
2. Expand SQL Server 20xx Network Configuration and Protocols for <your SQL instance>.
3. Right-click TCP/IP and select Enabled.
4. Expand SQL Native Client Configuration, enable TCP/IP, and make it first in Order.

5. Restart the SQL Server 20xx services. Make sure SQL Server and the SQL Server Browser
service is running.
Profiles and Scripting Problems
Fail to locate Key [Issuer_PK, 424777, 01] Possible Cause: The key Name, Owner, or Version
was entered incorrectly in the Key Manager
Software.
Possible Solution: Verify that the key Name, Owner,

and Version match the expected values. If not, edit
them so that they match.
Possible Cause: The key does not exist in the

requested token.
Possible Solution: Create the key.
com. Datacard.pkcs.pkcs11.wrapper Possible Cause: The key usage in the Key Manager
.PKCS11Exception: 0x00000068 - CKR_KEY_ Software might not allow the requested action to be
FUNCTION_NOT_PERMITTED performed.
Possible Solution: If the key is modifiable, edit the

key usage in Key Manager Software. If not, recreate
the key with the required usage.
com. Datacard.pkcs.pkcs11.wrapper Possible Cause: The GP key profile for a key might
.PKCS11Exception: 0x00000013 - CKR_ not allow the requested action to be performed.
ATTRIBUTE_VALUE_INVALID
Possible Solution: Modify the key profile to allow
the required usage and reload the key profile using
Configuration Manager.

One Step Issuance Problems
Card fails: If using the Chip Interface Simulator, Check the Windows Event Viewer under
an error message displays. If using a high- Datacard Affina for errors.
capacity personalization system, an error dialog
box displays if your system is so configured.
Possible Cause: If the message in Event Viewer is:
Failed to Load Object <nnnnnnnn>, then Object
<nnnnnnnn> is missing from Configuration Manager
or specified incorrectly in the Data Setup Script
constant.
Possible Solution: Correct the Data Setup Script

constant.
Job fails to run Check the Windows Event Viewer under Datacard
Affina for errors.
Possible Cause: If the message in Event Viewer is:
Failed to locate Key (Key name), then the (Key name)
listed is not in Key Manager Software.
Possible Solution: Add the missing key to Key
Manager Software. Refer to procedures for
importing and generating keys in the Key Manager
Help.
Problem Scenarios
Installation and Upgrading Issues
When upgrading from SCPM 1.x, application Before upgrading, ensure that any application
configurations that have no assigned devices configurations that you want to convert have
might not be properly converted to work with devices assigned.
Adaptive Issuance Suite.
Failed Consistency Check
In some cases, encrypted key values entered as Verify that the encrypted key value is entered in the
general objects are invalid if the ASCII encoded correct case.
hex value contains lowercase letters. For
example:
01AB...EF would be valid, but
01ab...ef would be invalid
An invalid key fails the consistency check.
Server Communicator CPU Utilization

Server Communicator process constantly uses Verify that Microsoft .NET Framework Version 4.0
100% of the CPU. SP2 or later is installed. An installer is included in the
dotnetfx folder of your Adaptive Issuance
installation disk.
Adaptive Issuance Suite Services Fail to Start

The Datacard Adaptive Issuance PC/SC Key Verify that the Smart Card service is enabled and is
Reader Server service or the Datacard Adaptive configured to start automatically.
Issuance Communicator Controller service or
both services fail to start.

Socket Duplication Failure
Object Communicator reports the error, Possible Cause: This problem occurs if Object
“Socket duplication failed with error code Communicator is manually started (that is, not
0x272608.” started using Communicator Status) and the logged-
in user is different than the user configured for the
Datacard Adaptive Issuance Communicator
Controller service.
Possible Solution: Start Communicator using
Communicator Status or change the Datacard
Adaptive Issuance Communicator Controller service
properties to use the same user account as used to
run Object Communicator.
Throughput Issue
Throughput is lower than required. Under heavy load, tracing of transactions might
reduce throughput. Use the Trace Viewer's Edit
Settings function to turn off transaction tracing.
Job Enable Applications

A job enable application is not getting machine Examine the Communicator Status to determine if
or job state changes from the machine, but the Job Enable licenses are available. If so, initiate a “List
Controller is running. Machines” type command from the job enable
application, request a license from License Server,
after which the machine is reported.
If Communicator Status indicates no licenses are
available, verify that you have installed a Job Enable
license on License Server and that License Server is
connected and working properly.
DRM Does Not Start
DRM does not start. The sysconfig.ini file does Edit the sysconfig.ini file to add the instance name.
not have an instance name identified. Save the file and restart the Datacard Adaptive
Issuance services.
Remote Database Connectivity

For connectivity problems, first check the System and Application Event Log for errors with a
source of DCOM. For additional assistance in determining the recovery path, refer to the table
below.
# Problem Suggested Solution(s)
1 While trying to run General Object Loader, Most likely, the remote Database Server name
Adaptive Issuance Suite Administrator, or that was entered in Adaptive Issuance Suite
another extension application, you receive Configuration is not available or not found.
the message “The DRM Server is not Check Adaptive Issuance Suite Configuration to
available” (0x00010003). make sure the configuration is correct. Ping the
When attempting to open an Adaptive Database Server (using the computer name
Issuance application, an error message with defined in Adaptive Issuance Suite
error code 0x00010003 is displayed. Configuration) to verify that it exists and can be
seen by the Adaptive Issuance Suite Server.
Other possibilities:
Windows Firewall is blocking DCOM traffic. On
the Database Server, go to Adaptive Issuance
Suite Configuration and click Enable DCOM.
Another Firewall is blocking DCOM. Manually
enable DCOM (Port 135) and allow
SCPMDRMService.exe and
ObjectCommunicator.exe.
2 While trying to run General Object Loader, Check the Event Viewer on Database Server for
Adaptive Issuance Suite Administrator, or messages. Compare what you find in Event
another extension application, you receive Server to 2A, 2B, 2C, and 2D of this table for
the message “DRM failed to initialize: Access resolution paths.
to the DRM server was denied; it might not
be installed correctly; group ‘Everyone’ not
given COM access permissions”
(0x00010009).

2A If you received the error message in (2) Verify that you have entered a valid Database
and the Event Server contains no new Server name in Adaptive Issuance Suite
messages; Configuration on the Adaptive Issuance server PC.
-or- Make sure that the Adaptive Issuance server user is
The Event Server contains either of the also a valid user on the database server with the
following two messages: same password.
The machine wide limit settings do not
grant Remote Access permission for COM
Server applications to the user NT
AUTHORITY\ANONYMOUS LOGON SID
(…). This security permission can be
modified using the Component Services
administrative tool.
-or-
The machine-default permission settings
do not grant Remote Activation
permission for the COM Server
application with CLSID {16CBBE9D-E79B-
459A-B23E-8AD8EF59FA4C} to the user
NT AUTHORITY\ANONYMOUS LOGON
SID (…). This security permission can be
2B If you received the error message in (2) The Database Server has not been set up to accept
and the Event Server contains the the DCOM connection from a remote user. On the
following messages: database server, run dcomcnfg.exe to verify that
The machine wide limit settings do not DCOM is enabled in the Default Properties tab.
grant Remote Access permission for COM Follow the Set Up User Permissions for DCOM
Server applications to the user DCC6764\ procedure in the Adaptive Issuance Suite
<user> SID (…). This security permission Installation and Configuration Guide to allow
can be modified using the Component access for <user> remote users.
Services administrative tool.
2C While trying to run General Object The Database Server has not been set up to accept
Loader, Adaptive Issuance Suite the DCOM connection from a remote user. This
Administrator, or another extension security permission can be modified using the
application, you receive the message Component Services administrative tool. Refer to
“DRM failed to initialize: Access to the “Configure the Database Server” in the Datacard
DRM server was denied; it might not be Installation and Administration Guide for your
installed correctly; group ‘Everyone’ not product.
given COM access permissions”
(0x00010009).
Message in Event Viewer on Database
Server:
The machine wide limit settings do not
Server applications to the user
<computer name>\<user> SID (…).
2D While trying to run Adaptive Issuance Add the database server’s computer name and IP
Suite Administrator or another extension address to the server’s host file.
application, you receive the message
“Database Resource Manager (DRM) on
remote server <servername> failed to
initialize. DRM Error: The DRM server is
unavailable (1722): 0x0001003.
DRM errors occur if the Adaptive
Issuance server PC is not able to resolve
the name of the computer entered for
the database server in Adaptive Issuance
Suite Configuration.
2E A DRM error similar to the following Ensure that any enabled NIC on the Adaptive
occurs for running various extension Issuance PC that is set up to use a DHCP IP address
applications: is correctly connected to the DHCP server and then
“General network error in the connection restart the system.
between the ODBC driver and the DB
server: 0x000000F5”.
This problem is believed to be caused
when a DHCP assigned address for a NIC
on the Adaptive Issuance PC is not
assigned correctly.

3 The Resource Controller or Object If no message occurs in the event viewer, verify that
Communicator services do not start or you have entered a valid Database Server name in
do not stay running on your Adaptive Adaptive Issuance Suite Configuration on the
Issuance server, and/or you receive Adaptive Issuance server PC. Run Adaptive Issuance
either of the following messages in Event Suite Administrator to get more error information.
Viewer on the database server: Otherwise:
The machine-default permission settings The Database Server has not been set up to accept
do not grant Remote Activation the DCOM connection from a remote user. On the
permission for the COM Server database server, run dcomcnfg.exe to verify that
application with CLSID {16CBBE9D-E79B- DCOM is enabled in the Default Properties tab.
459A-B23E-8AD8EF59FA4C} to the user Follow the Set Up User Permissions for DCOM
NT AUTHORITY\ANONYMOUS LOGON procedure in the Adaptive Issuance Suite
SID (S-1-5-7). This security permission Installation and Configuration Guide to allow
can be modified using the Component access for remote users.
Services administrative tool. If it still fails:
-or- Click the Security tab and set the Launch and
Message in event viewer on Database Activation Permissions and Access Permissions to
Server: allow Anonymous Logon remote access to the
The machine wide limit settings do not component.
Server applications to the user NT
AUTHORITY\ANONYMOUS LOGON SID
(...). This security permission can be
4 The following error message displays If the Windows Firewall on the Database Server is
when using the Group Membership enabled, check to make sure that the “File and
button from Adaptive Issuance Suite Printer Sharing” exception is enabled.
Administrator on an Adaptive Issuance Verify that the user name and password on the
server PC: database PC matches the logged on user on the
Unable to retrieve your group remote PC.
membership on remote server Verify that the logged on user is a member of the
‘<computer name>’. Please check Group Windows Administrators users group.
Membership on the remote server. Error:
The network path was not found.
5 The following error message displays: From Microsoft SQL Server Management Studio,
KMS error on “Connect to Database...”, right-click Properties, go to Security, and then
Unable to get database connection.” verify that Server Authentication is set for “SQL
Server and Windows Authentication mode.”
DE and E6 Errors
Adaptive Issuance system is reporting DE or E6 Apply the following settings to the [application
errors when running Chip Interface runtime] section of the Adaptive Issuance
applications using the “standard” or configuration file (normally SysConfig.ini). These
“professional” templates. errors have been known to occur if an operation has
terminated abnormally during the personalization
phase.
MaxNumberAppHosts=0
RestartObjCommunicatorBetweenRuns=true
threadHandlingMode=1
These settings force Object Communicator to be restarted with each production run, and if an
operation’s personalization phase has terminated abnormally, report the error code 0x2414
(Personalization has been terminated).
Other Issues
Adaptive Issuance Configuration displays an Open the computer’s local users and groups tool
“unable to change password” error when and inspect the ObjectServer user’s properties.
attempting to change the password for a DB2 Ensure that User cannot change password is not
database. selected.
Cannot see the MULTOS folder In General Object Loader select Tools > Setup, select
Show the MULTOS Folder, and then click OK.


527665-001C Troubleshooting Guide PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

527665-001C Troubleshooting Guide PDF

Загружено:

Авторское право:

Доступные форматы

Troubleshooting Guide

Entrust Datacard® Adaptive Issuance™ Suite

Part No. 527665-001 Rev. C

MasterCard is a registered trademark of MasterCard International Incorporated.

Visa is a registered trademark of Visa International Service Association.

Entrust Entrust Datacard

Copyright © 2015 - 2018 Entrust Entrust Datacard Corporation. All rights

Revision Date Description of Changes

A January 2016 First release of this document

B May 2017 Updates for Key Manager Software 6.4.

C June 2018 Updates for Adaptive Issuance Suite 6.5.1.

Chapter 2: Problem Resolution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Adaptive Issuance Troubleshooting Guide 1

00 The product was successfully produced. N/A

Contact Entrust Datacard if the

Contact Entrust Datacard if the

C3 An application specified in an SCPM format This error occurs if an application proxy is

Adaptive Issuance Troubleshooting Guide 3

C5 The connection to an Entrust Datacard- Verify the network connection between

C7 Application instance initialization data or Contact your Entrust Datacard support

C8 An operation cannot be performed because If running a Chip Interface application,

D1 Failed to load extension application. Verify the validity of the extension

E0 Data reference is not valid. System error. Contact your Entrust

E1 A Resource Controller problem was Verify that the Datacard Adaptive

E3 The extension application threw an unhandled Debug the extension application to

E5 The resources or response fields declared by Use Application Manager to re-register

Adaptive Issuance Troubleshooting Guide 5

E6 An extension application could not be cached If the problem persists, use

E7 An operation cannot be completed because a Refer to E3.

E9 The Object Communicator process Contact your Entrust Datacard support

EB The invoked function cannot be performed Refer to E3.

EC The Embedded Communicator process Contact your Entrust Datacard support

FA Virtual dedicated key reader device conflict. Check application configurations to

FB An unexpected condition was encountered Contact your Entrust Datacard support

FE The extension application returned an Correct the extension application so that

Adaptive Issuance Troubleshooting Guide 7

EXCPT Used for E3 accept code. Refer to accept code E3.

System Error Codes

Error Code Range Source Component

0x0000 Globally used to indicate success

0x0001 – 0x008F Communicator/API

0x0090 – 0x0104 Database Resource Manager (DRM)

0x0105 – 0x0FFF General system error used by multiple components

0x1000 – 0x2FFF Communicator/API

0x3000 – 0x37FF Tracing and Trace Viewer

0x3800 – 0x3FFF RFU

0x4000 – 0x47FF Application Manager

0x4800 – 0x48FF Configuration

0x4900 – 0x5FFF RFU

0x6000 – 0x7FFF Reserved for extension applications

0x8000 – 0xFFFF RFU

Format Example Description

Error Code Description Possible Cause or Solution

0x0000 No error detected.

Adaptive Issuance Troubleshooting Guide 9

0x00DE An attempt to read a configuration Contact your Entrust Datacard support

0x0101 An internal error occurred. Contact your Entrust Datacard support

0x0102 General object pointer is NULL. Must be corrected in the extension

0x0104 The database experienced an Contact your Entrust Datacard support

0x0105 TCP/IP server application error.

0x0106 Connection ended abnormally due to an

0x0107 Unexpected condition encountered.

0x0108 Message protocol error. Verify that compatible controller,