DS3 Authentication Server

Error Codes

Version 4.2
29 March 2010
Prepared by: Andy Chua

2010 Data Security Systems Solutions Pte Ltd

Commercial-in-confidence

Contents
REVISION HISTORY ..................................................................................... 3
CONTACT ADDRESS AND NUMBERS ....................................................... 3
STATUS / ERROR CODES ........................................................................... 4
LDAP CONNECTION ERROR CODES....................................................... 19
CLIENTAPI ERROR CODES: ..................................................................... 20

Revision History
Date

Version

Description

Author

11 Dec 08

3.0

Updated Version

Andy Chua

07 April 09

4.0

07 Sep 09

4.1

29 March 10

4.2

Additional error codes for HSM

error
Additional error codes for
LDAP connection
ClientAPI Error Codes

Joshua Yeong

Andy Chua
Zhang Hong

Contact address and numbers

Data Security Systems Solutions Pte Ltd
11 Chang Charn Road #05-01, Shriro House
Singapore 159640
Support Tel: 6479 6698
Support HP: 9644 6090
Support Email: [email protected]
Please note that the above address and numbers, and all information in this
document, are correct at time of publishing of this document and may be
changed without prior notice.
When requesting for support regarding error codes, please have logs sent to
DSSS together with actions performed prior to getting the error.

Status / Error Codes

A description of the status / error codes is shown on the following table.

Status Code

Text

Description

Remedy

Cancel

Operation was cancelled

Try again.

Host Memory Error

System problem.

---

File System Error

System problem.

---

File Integrity Error

The keys used do not match.

Check module or password.

General Error

System problem.

Check with DSSS.

Function Failed Error

The function has not been implemented for

this version.

Check with DSSS.

Bad Arguments Error

System Problem.

Check with DSSS.

AS Daemon Error

Temporary resource problem.

Retry after 5 minutes.

Network Error

Network error.

Check cables or firewall setting.

10

Arguments too Long Error

The argument passed in is too long.

Enter fewer values.

11

Service Not Available

Service is offline or network error.

Check cables or firewall setting.

Ensure server is started successfully.

20

Invalid Data Error

Data provided is invalid

Check data.

21

Data Length Range Error

Data length provided is invalid.

Check data.

22

Data Exceeded Error

101

Invalid Domain Error

Domain indicated is invalid

Check domain.

102

Inactive Domain Error

Domain has not been activated.

Activate Domain or check domain.

201

Invalid Group Error

Group indicated is invalid

Check group name.

Status Code

Text

Description

Remedy

202

Group Not Exist Error

Group does not exist.

Check group name or create group.

203

Group Still Exist Error

Group still exists.

Delete or check group before

proceeding.

204

Group Already Exist Error

Group already exists.

Check name or create group with

other name.

301

Invalid User Error

User indicated is invalid

Check user name.

302

User Not Exist Error

User indicated does not exist.

Check user name or create user

before proceeding.

303

User Still Exist Error

User still exists.

Delete user before proceeding.

304

User Not Active Error

User is not in active mode.

Password not set.

305

User Already Exist Error

User already exists.

Create user with another name.

306

User Suspended Error

User is already suspended. No login is

allowed.

Administrator to set status back to

Active (1) or Pending (0).

307

User Revoked Error

User is already revoked. No login is allowed.

Administrator to set status back to

Active (1) or Pending (0).

308

User Not Pending Error

User has already set his password.

Administrator to reset password if

required.

309

User Not Logged In Error

User has not yet logged in.

Log in again.

310

User License Exceeded Error

The number of users in the system has

exceeded the license.

Contact DSSS to purchase licenses.

311

User Tokens Exceed Error

The user is holding too many tokens at one

time.

Remove tokens no longer required.

312

Media Destination Not Exist

Error

The media destination does not exist.

Check media name or create media

before proceeding.

313

User Exceed Session Time

User exceed session time in policy

Adjust policy or change group for

Status Code

Text

Description

Remedy
user.

314

Media Destination Already

Exist

Media destination already exists.

Create media with another name.

315

User Token Not Exist

User Token does not exist.

Check token name or assign token

before proceeding.

316

No More Users

No more users.

Create user before proceeding.

317

User Token Still Exist

User token still exist.

Remove any assigned token.

318

User Token Invalid

Invalid User Token.

Check token serial number.

319

Token Assignment Invalid

Token Assignment Invalid

Check token serial number.

320

Media Destination Still Exist

Media Destination still exists.

Remove any media destination.

321

Token License Exceeded

The number of tokens in the system has

exceeded the license.

Contact DSSS to purchase licenses.

351

Client Invalid Error

Client indicated is invalid.

Check client name.

352

Client Not Exist Error

Client indicated does not exist.

Check client name or create client.

353

Client Still Exist Error

Client still exists.

Delete client before proceeding.

354

Client Already Exist Error

Client already exists.

Create client with another name.

355

Client IP Already Exist Error

Client IP address already exists.

Create client with another IP address.

356

Client No Def Auth Domain

Authentication domain not defined for client.

Check group assigned to client.

357

Client IP No Exist

Client IP does not exist.

Check IP address or create client

before proceeding.

401

Invalid Mask Error

Mask indicated is invalid.

Check mask.

402

Mask No Access Error

User / Client not authorised to perform this

function.

Log in as user with correct access or

change users group.

501

Invalid Media Error

Media indicated is invalid

Check media.

Status Code

Text

Description

Remedy

502

Media Tag Length Error

Media Tag Length should be 1

Check tag length.

503

Invalid Media Type Error

Media Type should be a single character

Check entry.

504

Media Type Not Exist Error

Media Type not found in database

Create media or check media.

505

Media Maximum Users Error

The number of users allowed for the media

has been reached.

Increase this in the Manage Media

page depending on limitations.

506

Media Already Exist Error

Media already exists.

Create media with another name.

507

Media Not Found

Media is not added

Create media before proceeding.

508

Media Status Invalid

Media status is invalid

Check media.

509

No available Media Found

No media available

Check media.

601

Invalid Key Index Error

Key index is invalid.

Ensure Key index is between 0 to 9

602

Invalid Key Type Error

Key type is invalid.

Ensure Key Types are DES, 3DES or

RSA.

603

Invalid Key Part Error

Key part is invalid.

Ensure Key index is between 0 to 9

604

Invalid Key Lock Error

Key lock type is invalid.

Ensure Key Lock status are clear or

encrypted

605

Key Extract Failed Error

Key could not be extracted.

Try again or check key.

606

Key Not Found Error

Key could not be found.

Check Key name or create Key.

607

Key Already Exist Error

Key already exists.

Create Key with other name.

608

Invalid Key Operation Error

Operations supported are Encrypt/Decrypt,

Sign/Verify

Check attempted operation.

609

Key Op Verify Failure Error

610

Key Slot Not Available Error

Key slot is not available.

Check Key slot number.

701

Invalid Auth Data Error

The Encrypted block passed in is invalid.

Check that your RSA keys are set

correctly.

Status Code

Text

Description

Remedy

702

Missing Auth Data Error

Encrypted block passed in does not contain

the required authentication information.

Check encrypted block or keys.

703

Invalid Auth PIN Error

1st factor Password error

Check password entered.

704

Auth Verify Failed Error

2nd factor Password error

Check 2FA device or try again.

705

Auth User Password

Exceeded Error

User has exceeded the maximum password

count for 1st factor password

Administrator to reset password if

required.

706

Auth Token Password

Exceeded Error

User has exceeded the maximum password

count for 2nd factor password

Administrator to reset password if

required or check 2FA device.

707

Auth User Password Expired

Error

User 1st factor password has expired

Change password.

708

Auth Type Invalid

Authentication Type Invalid

Check log in credentials.

709

Auth 2Factor Success

Successful 2 Factor Authentication

---

801

Maximum Password Change

Exceeded Error

User has exceeded the maximum number of

password changes in 1 day

Change password the next day.

802

Password Recently Used Error

The password is still exists in the password

history

Change to a password not recently

used.

803

Password Forced Change

Error

User is enforced to change password to

prevent this error

Change password.

901

Invalid Session Error

Session is invalid.

Login again.

902

Session Timeout Error

Session has timed out.

Login again.

903

Too Many Sessions Error

User has exceeded the number of allowed

concurrent sessions.

Wait for sessions to timeout before relogin or increase maximum.

1001

HA Stream Invalid Error

HA Stream Invalid Error.

Check stream name.

1002

HA Stream Not Exist Error

HA Stream Not Exist Error.

Create stream or check stream name.

1003

HA Stream Still Active Error

HA Stream Still Active Error.

Disable stream prior to edit.

Status Code

Text

Description

Remedy

1004

HA Stream Not Active Error

HA Stream Not Active Error.

Enable stream.

1005

HA Stream Already Exist Error

HA Stream Already Exist Error

Change stream name.

1006

HA Stream Already Activated

Error

HA Stream Already Activated Error.

---

1007

HA Stream Already
Deactivated Error

HA Stream Already Deactivated Error.

---

1008

HA Parameter Incorrect Error

HA Parameter Incorrect Error.

Check HA Parameter.

1009

HA Parameter Conflict Error

HA Parameter Conflict Error.

Check HA Parameter.

1010

HA Cannot Connect Error

HA Cannot Connect Error.

Check HA settings.

1011

HA Partner Not Set Error

HA Partner Not Set Error.

Check HA settings.

1012

HA Partner Invalid Error

HA Partner Invalid Error.

Check HA settings.

1013

HA Stream IP Already Exist

Stream IP Address Already Exist.

Change IP and create again.

1014

HA Block Already Activated

Incoming RMI Client Blocked

Check HA settings.

1015

HA Block Already Deactivated

Incoming RMI Client Allowed

Check HA settings.

1016

HA Sync Lapse

HA Synchronization Error

Check cable or HA settings.

1101

LB CORBA Exception

LB CORBA Error

Check LB settings.

1102

LB Function Failed

LB Function failed.

Check LB settings.

1103

LB Data Node Unavailable

LB data node not available

Check LB settings.

1104

LB Data Sync Error

LB Data Synchronization Error

Check cable or LB settings.

2001

RADIUS Parameter Invalid

Error

RADIUS Parameter Invalid Error.

Check parameter.

2002

RADIUS Not Active Error

RADIUS Not Active Error.

Enable RADIUS.

2003

RADIUS Protocol Not Allowed

RADIUS Protocol Not Allowed Error.

Check RADIUS Settings.

Status Code

Text

Description

Remedy

Error
2004

RADIUS Protocol Not

Supported Error

RADIUS Protocol Not Supported Error.

Change RADIUS Protocol.

2005

RADIUS Client Not Exist Error

RADIUS Client Not Exist Error.

Create RADIUS Client

2006

RADIUS Client Already Exist

Error

RADIUS Client Already Exist Error.

Check Client name.

2007

RADIUS No Default Realm

Error

RADIUS No Default Realm Error.

Set default realm if required.

2008

RADIUS Default Realm Exist

Error

RADIUS Default Realm Exist Error.

Only one realm can be set as default.

2009

RADIUS Realm Not Exist Error RADIUS Realm Not Exist Error.

Create realm.

2010

RADIUS Realm Already Exist

Error

RADIUS Realm Already Exist Error.

Change realm name.

2011

RADIUS Pkt Sig Invalid

Tempered or corrupted signature of RADIUS

Accounting Packet

Try again.

2012

RADIUS IP Pool Already Exist

IP Pool Already exist

Check IP address.

2013

RADIUS IP Pool Exist

IP Pool exists

Check IP address.

2014

RADIUS Duplicate IP Address

Duplicate IP address specified.

Check IP address.

2015

RADIUS IP Status Assigned

IP assigned

Check IP address.

2016

RADIUS IP Status Unassigned

IP not assigned

Check IP address.

2017

RADIUS IP Status Excluded

IP excluded from assign

Check IP address.

2018

RADIUS No Free IP Address

All IP address used.

Check IP address.

2019

RADIUS IP Not Exist

IP not exists.

Check IP address.

2020

RADIUS State Not Match

Invalid user state for RADIUS

Check user state.

Status Code

Text

Description

Remedy

2021

RADIUS Access Challenge

RADIUS sending ACCESS-CHALLENGE packet

---

2022

RADIUS OTIP Transmission

OTIP Transmission request

---

3001

Policy Does Not Exist

Policy not created

Create policy.

3002

Group Policy Already

Assigned

Policy already assigned to group

Check policy.

3003

Group Policy Not Assigned

Policy not assigned to group

Check policy.

3004

Group Policy Not Matched

Policy not matched.

Check policy.

3005

Group Policy Still Exist

Policy assigned to group still exists

Check policy.

3006

Policy Type Invalid

Policy Type is invalid

Check policy.

01000000

SQL Data Error

Data required cannot be found.

Please contact DSSS.

Error codes which begin with the following pattern are considered serious errors and should be reported to DSSS immediately.
Status Code

Text

Description/Remedy

01000001 and above

SQL Error

SQL Error. Please check with DSSS.

02000002

CKR_HOST_MEMORY

Memory in HSM invalid

02000003

CKR_SLOT_ID_INVALID

Invalid slot number in HSM

02000005

CKR_GENERAL_ERROR

General HSM error

02000006

CKR_FUNCTION_FAILED

Function failed when executing in HSM

02000007

CKR_ARGUMENTS_BAD

Bad arguments passed into HSM function

02000008

CKR_NO_EVENT

No such indicated HSM event

02000009

CKR_NEED_TO_CREATE_THREADS

Failed to create threads in HSM

0200000A

CKR_CANT_LOCK

Unable to lock key in HSM

02000010

CKR_ATTRIBUTE_READ_ONLY

Attribute in HSM is in read only state

02000011

CKR_ATTRIBUTE_SENSITIVE

Attribute in HSM is sensitive

02000012

CKR_ATTRIBUTE_TYPE_INVALID

Attribute type in HSM is invalid

02000013

CKR_ATTRIBUTE_VALUE_INVALID

Attribute value in HSM is invalid

02000020

CKR_DATA_INVALID

Data passed into HSM is invalid

02000021

CKR_DATA_LEN_RANGE

Length of data passed into HSM is invalid

02000030

CKR_DEVICE_ERROR

HSM device error

02000031

CKR_DEVICE_MEMORY

Error in memory of HSM device

02000032

CKR_DEVICE_REMOVED

HSM device is removed

02000040

CKR_ENCRYPTED_DATA_INVALID

Encrypted block passed into HSM is invalid

Status Code

Text

Description/Remedy

02000041

CKR_ENCRYPTED_DATA_LEN_RANGE

Length of encrypted block passed into HSM

is invalid

02000050

CKR_FUNCTION_CANCELED

HSM function execution cancelled

02000051

CKR_FUNCTION_NOT_PARALLEL

HSM function not executing in parallel

02000054

CKR_FUNCTION_NOT_SUPPORTED

Function called not supported in HSM

02000060

CKR_KEY_HANDLE_INVALID

Invalid key handle passed into HSM

02000062

CKR_KEY_SIZE_RANGE

Key size range indicated is invalid in HSM

function

02000063

CKR_KEY_TYPE_INCONSISTENT

Indicated key type is not consistent in HSM

function

02000064

CKR_KEY_NOT_NEEDED

Key is not needed in HSM function

02000065

CKR_KEY_CHANGED

Key changed in HSM

02000066

CKR_KEY_NEEDED

Key required in HSM function

02000067

CKR_KEY_INDIGESTIBLE

Indigestible key detected in HSM function

02000068

CKR_KEY_FUNCTION_NOT_PERMITTED

Key function is not permitted to be executed

for HSM

02000069

CKR_KEY_NOT_WRAPPABLE

Indicated key is unable to wrap in HSM

0200006A

CKR_KEY_UNEXTRACTABLE

Indicated key is unextractable in HSM

02000070

CKR_MECHANISM_INVALID

Mechanism used is not valid in HSM

02000071

CKR_MECHANISM_PARAM_INVALID

Parameter of mechanism is not valid in HSM

02000082

CKR_OBJECT_HANDLE_INVALID

Object handle passed into HSM function is

invalid

Status Code

Text

Description/Remedy

02000090

CKR_OPERATION_ACTIVE

Operation is active in HSM

02000091

CKR_OPERATION_NOT_INITIALIZED

Operation is not initialized in HSM

020000A0

CKR_PIN_INCORRECT

PIN entered into HSM is wrong

020000A1

CKR_PIN_INVALID

PIN entered into HSM is invalid

020000A2

CKR_PIN_LEN_RANGE

Length of PIN entered into HSM is out of

range

020000A3

CKR_PIN_EXPIRED

PIN entered into HSM into HSM is expired

020000A4

CKR_PIN_LOCKED

PIN entered into HSM is locked

020000B0

CKR_SESSION_CLOSED

Session is closed in HSM

020000B1

CKR_SESSION_COUNT

Session count is invalid in HSM

020000B3

CKR_SESSION_HANDLE_INVALID

Session handle passed into HSM function is

invalid

020000B4

CKR_SESSION_PARALLEL_NOT_SUPPORTED

Session running in parallel is not supported

in HSM

020000B5

CKR_SESSION_READ_ONLY

Session started to HSM is in read only state

020000B6

CKR_SESSION_EXISTS

Session already exists in HSM

020000B7

CKR_SESSION_READ_ONLY_EXISTS

Existing session in HSM is in read only state

020000B8

CKR_SESSION_READ_WRITE_SO_EXISTS

Existing session in HSM is in read/write

state

020000C0

CKR_SIGNATURE_INVALID

Digital signature passed into HSM is invalid

020000C1

CKR_SIGNATURE_LEN_RANGE

Length of digital signature passed into HSM

function is invalid

Status Code

Text

Description/Remedy

020000D0

CKR_TEMPLATE_INCOMPLETE

Template of HSM function is incomplete

020000D1

CKR_TEMPLATE_INCONSISTENT

Template of HSM function is inconsistent

020000E0

CKR_TOKEN_NOT_PRESENT

Indicated PKCS#11 token is not present in

HSM

020000E1

CKR_TOKEN_NOT_RECOGNIZED

Indicated PKCS#11 token is not recognized

in HSM

020000E2

CKR_TOKEN_WRITE_PROTECTED

Indicated PKCS#11 token is write protected

in HSM

020000F0

CKR_UNWRAPPING_KEY_HANDLE_INVALID

Indicated unwrapping key handle is invalid

in HSM function

020000F1

CKR_UNWRAPPING_KEY_SIZE_RANGE

Indicated unwrapping key size range is

invalid in HSM function

020000F2

CKR_UNWRAPPING_KEY_TYPE_INCONSISTEN
T

Indicated unwrapping key type in HSM

function is inconsistent

02000100

CKR_USER_ALREADY_LOGGED_IN

PKCS#11 user already logged into HSM

02000101

CKR_USER_NOT_LOGGED_IN

PKCS#11 user not logged into HSM

02000102

CKR_USER_PIN_NOT_INITIALIZED

PIN of PKCS#11 user is not initialized in

HSM

02000103

CKR_USER_TYPE_INVALID

PKCS#11 user type is invalid in HSM

02000104

CKR_USER_ANOTHER_ALREADY_LOGGED_IN

A different PKCS#11 user already logged

into HSM

02000105

CKR_USER_TOO_MANY_TYPES

Indicated PKCS#11 user has too many

types defined in HSM

Status Code

Text

Description/Remedy

02000110

CKR_WRAPPED_KEY_INVALID

Indicated wrapped key is invalid in HSM

function

02000112

CKR_WRAPPED_KEY_LEN_RANGE

Length of wrapped key is out of range in

HSM function

02000113

CKR_WRAPPING_KEY_HANDLE_INVALID

Indicated wrapping key handle is invalid in

HSM function

02000114

CKR_WRAPPING_KEY_SIZE_RANGE

Indicated wrapping key size is out of range

in HSM function

02000115

CKR_WRAPPING_KEY_TYPE_INCONSISTENT

Indicated wrapping key type is inconsistent

in HSM function

02000120

CKR_RANDOM_SEED_NOT_SUPPORTED

Random seed generated is not supported in

HSM function

02000121

CKR_RANDOM_NO_RNG

Random number is not randomly generated

in HSM

02000130

CKR_DOMAIN_PARAMS_INVALID

PKCS#11 domain parameters are invalid in

HSM function

02000150

CKR_BUFFER_TOO_SMALL

Buffer defined in HSM function is too small

02000160

CKR_SAVED_STATE_INVALID

Saved state in HSM function is invalid

02000170

CKR_INFORMATION_SENSITIVE

Information passed into HSM function is

sensitive

02000180

CKR_STATE_UNSAVEABLE

Unable to save current state in HSM

02000190

CKR_CRYPTOKI_NOT_INITIALIZED

PKCS#11 toolkit is unable to be initialized

02000191

CKR_CRYPTOKI_ALREADY_INITIALIZED

PKCS#11 toolkit is already initialized

Status Code

Text

Description/Remedy

020001A0

CKR_MUTEX_BAD

Mutex passed into HSM function is invalid

020001A1

CKR_MUTEX_NOT_LOCKED

Mutex passed into HSM function is not

locked

82000140

Symmetric Key Parity Error in HSM

DES/3DES key defined in HSM function is

odd-parity. DES/3DES key defined in HSM
function should be even parity

82000384

Communication Error in HSM device

Unable to communicate between HSM and

HSM device drivers

82000386

HSM Reset

HSM device resettingss

04000000 and above

FASTCopy Error

FASTCopy Error. Please check with DSSS.

11500000

Smart Key Error

Smart Key Error. Please check with DSSS.

08501001

Vasco Invalid Init Key Error

Vasco Invalid Init Key Error. Please check

with DSSS.

08501002

Vasco Invalid App Error

Vasco Invalid Application Error. Please

check with DSSS.

08600000

ACE Token Error

ACE Token Error. Please check with DSSS.

086008A7

ACE Token Already Assigned

ACE Token Already Assigned. Please check

with DSSS.

08610000

ACE Token unassigned

ACE Token Unassigned. Please check with

DSSS.

08610001

ACE Token is used

ACE Token is used. Please check with

DSSS.

08710000

LDAP Init Failed

LDAP Init Failed. Please check with DSSS.

Status Code

Text

Description/Remedy

10000000 and above

True Random Number Generator Error

Hardware Error. Please check with DSSS

LDAP Connection Error Codes

Status Code

Text

Description

Remedy

525

User not found

User name not found

Check User ID. LDAP is not casesensitive.

52e

Invalid credentials

Wrong password.

Check password.

530

Not permitted to logon at this time

User unable to log in at this

time

Check with administrator or try later

531

Not permitted to logon at this workstation

User unable to long in from

this PC/laptop.

Check with administrator or try again

from another PC

532

Password expired

Password expired. Please

change LDAP password.

Check with administrator or change

password.

533

Account disabled

Account disabled.

Check with administrator.

701

Account expired

Account expired.

Check with administrator.

773

User must reset password

Password must be reset.

Check with administrator or change

password.

775

User account locked

User account locked.

Check with administrator.

Please note that the error message will appear as follows and error code is in bold:
<date of entry>;<time of entry>;verifyClearStatic_int;ldapAuthenticateUser Error: 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece;5
<date of entry>;<time of entry>;verifyClearStatic_int;ldapAuthenticateUser Error: 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 52e, vece;5

ClientAPI Error Codes:

Status Code (hexStr)
fffffc18

Text

Description

Remedy

String is null

String used is null in ClientAPI

Check all of the String parameters

fffffc17

Unmatched byte[] length

The length of byte[] is not

equal to the length which is
passed in as byte[] length

Check the byte[] parameters and its

length

fffffc16

byte[] is null

fffffc15

String is too large

String is too large, should less

than 256.

Check the length of String

fffffc14

byte[] is too long

byte[] is too large, its length

should less than 102400.

Check the length of byte[]

null byte[]

Check the byte[] parameters