Home Screen

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated

Introduction

The Home screen of the Operator Console (OC) is displayed when an operator logs onto vSEC:CMS. From the Home screen information on the license, the number of credentials managed by vSEC:CMS, system information, supported credentials, pending task and system status is presented.

License Information

Information regarding who the license was issued to as well as the maximum amount of credentials that can be managed with vSEC:CMS is displayed. The screen also shows how many credentials have already been issued/registered and how many more cards can be issued/registered.

Pending Tasks

A link to the pending tasks page, if any exist, will be available from here.

System Information

Information about the version of vSEC:CMS is provided here along with advanced details on the current logged on operator token. Additionally, you can view the software license agreement from here.

Installed Credential Drivers

All available installed credential drivers on the host that the OC is running on will be listed here.

System Status

The health state of vSEC:CMS can be in three states as indicated by color:

Green: System health: OK

Yellow: System health: Warning(s)

Red: System health: Error(s)

If the circle is showing as yellow or red then it will be possible to open a dialog by clicking on the circle icon. The dialog presented will describe what settings need action.

On opening this dialog, select an entry and click the Details button for more detailed information.

Click the Acknowledge button, if enabled, to remove the message from the system.

The following health checks will be performed by the vSEC:CMS:

Note
The ID as shown in the table corresponds to the ID as shown in the System Status dialog.

ID

System Health Message

Detailed description

Status

001

Backup failed.

Reports problems when scheduled backup fails.

Tip: Check the Options – Settings – Backup Settings to ensure configuration is correct.

Red

002

No Operator Service Card available.

If the keystore operator is configured, but the OSC is not functioning.

Tip: Check the Options – Operators page to ensure the keystore operator is available and activated.

Yellow

003

No automatic backup.

If backup is enabled but no backup folder configured.

Tip: Check the Options – Settings – Backup Settings to ensure configuration is correct

Red

004

Pending certificate revocation requests.

There are pending revocation requests in the application cache.

Tip: Check the Options – Connections page and in the Certificate Authorities section click the link for Number of certificates to revoke. Also check that connectivity to the CA is functioning.

Yellow

005

Pending data export records.

There are pending data export requests in the application cache.

Tip: Check the Options – Connections page and in the Data Export section click the link for Number of pending requests.

Yellow

006

Pending events.

There are pending Window events that exist in the application cache.

Tip: Check the Options – Connections page and in the External Trace section click the link for Pending packages.

Yellow

007

Photo capturing not configured.

Check all card templates available for the current logged on operator. If there are templates which do contain photo capturing but there is no photo capture device configured for the current client machine.

Tip: Check the Options – Connections page and click the Configure button for Photo Capture from where the photo capture device can be configured.

Yellow

008

Enrollment agent certificate problem.

Checks all card templates available for the current logged on operator. If there are templates which are configured to do certificate enrollment using MS CA with signed requests but the configured EA certificate cannot be found and/or is not on current operator token.

Tip: Check the Options – Connections page and click the Configure button for Certificate Authorities. Select the CA template and ensure that an EA certificate is configured in the Enrollment Agent section.

Yellow

009

Smart card printer not configured.

Checks all card templates available for the current logged on operator. If there are templates which are configured for card printing but there is no printer configured and/or online for the current client machine.

Tip: Check the Options – Connections page and click the Configure button for Smart Card Printer and ensure that the configuration is correct.

Yellow

010

User license low

If the user license count is less than 10% this will be flagged as a warning to the operator.

Tip: Purchase additional user licenses if required.

Yellow

011

License problem.

If the user license count is zero this will be flagged as an error to the operator.

Tip: It will not be possible to manage any additional smart card tokens when in this state. It will be necessary to purchase additional user licenses.

Red

012

Operator license low

If the operator license count is less than 10% this will be flagged as a warning to the operator.

Tip: Purchase additional operator licenses if required.

Yellow

013

License problem.

If the operator license count is zero this will be flagged as an error to the operator.

Tip: It will not be possible to add additional operators when in this state. It will be necessary to purchase additional operator licenses.

Red

014

User failed to logon.

User failed to logon because the signature was not valid.

Yellow

015

No smart card driver found.

If the attached operator card is available and it is a PC/SC smart card, the application checks if a minidriver is available for this smart card. In addition, checks for Gemalto .NET and IDPrime smart cards are performed.

Tip: It will be necessary to install the latest Gemalto minidriver on the machine.

Yellow

016

DB Disk Space Low

If the disk space available on the server where vSEC:CMS is installed is 2 times the size of the current database size then this will be flagged as a warning to the operator.

Tip: Remove and/or clean up the file system to create more space if required.

Yellow

017

DB Disk Space Out

If the hard disk space available on the machine where vSEC:CMS is installed is 1 times the size of the current database size then this will be flagged as an error to the operator.

Tip: Remove and/or clean up the file system to create more space if required.

Red

018

Not enough space on database disk.

If the space available on the operator token smart card is less than 4500 bytes this will be flagged as a warning to the operator.

Tip: Remove and/or clean up the file system on the operator smart card token.

Yellow

019

Not enough space on database disk.

If the space available on the operator token smart card is less than 2000 bytes this will be flagged as an error to the operator.

Tip: Remove and/or clean up the file system on the operator smart card token.

Red

020

Not enough space on Operator token.

If there is no available minidriver for the attached user smart card that is to be managed by the vSEC:CMS.

Tip: It will be necessary to install the smart card vendor minidriver on the machine where the vSEC:CMS is running.

Yellow

021

Error occurred in self-service session.

An invalid session has been detected in USS-SOAP communication.

Red

022

Invalid authentication attempt through self-service.

An internal problem has been detected in USS-SOAP communication around user authentication.

Red

023

Self-service server problem detected.

If self-service is licensed and configured but the service is not running.

Tip: Check the Windows services and ensure that vSEC:CMS - User Self-Service service is running.

Yellow

024

Self-service server not configured.

If the self-service featured is licensed but not configured.

Tip: Check the Options – Connections page and click the Configure button for User Self-Service and ensure that the configuration is correct.

Yellow

025

A problem has been detected with a variable.

If an imported variable is configured but the imported database is not available.

Tip: Check the Options – Connections page and click the Configure button for Variables and ensure that the configuration is correct for the reported variable.

Red

026

Updating repository table.

If vSEC:CMS has been upgraded from version 3.1 the certificate expiry field in the smart card repository table in the database for version 3.1 was not set correctly. Therefore, it is necessary to update the table in version 3.2 to the correct expiry date for the issued certificates.

Tip: Operator should allow this update to complete. This update will run in a background thread.

Yellow

027

Plugin security warning.

If the loading of unsigned DLL plugins is configured from the Options – Security page this warning will be displayed. Typically, unsigned DLLs would be enabled when testing a plugin.

Tip: It is recommended to not have this feature enabled in a production environment

Yellow

028

Using unsigned library extensions Dynamic Link Libraries.

The system is using unsigned library extension Dynamic Link Libraries. This will occur because of a missing or invalid signature file.

Yellow

029

Tried to loaded an untrusted plugin.

If the loading of unsigned DLL plugins is configured from the Options – Security page and an unsigned DLL is loaded then this warning will be displayed.

Tip: It is recommended to not have an unsigned DLL loaded in a production environment.

Yellow

030

Key archival not working.

If the key archival mechanism is not initialized correctly an error will appear.

Tip: Contact Versasec if this message appears for details on how to resolve.

Red

031

Failed to load certificate(s).

This warning message will appear if a card template is configured to import root and/or sub CA files or PKCS#12 files incorrectly.

Tip: Make sure the instructions as described in the online help guides are followed when configuring import of root and/or sub CA files or PKCS#12 files.

Yellow

032

Issuance is not allowed because of short validity time.

This warning message will appear if management of supported PIV cards are configured but a short expiration period is set.

Tip: Go to the Options – PIV page and ensure that the selected signing certificate is valid for the configuration set.

Yellow

033

PIV smart card issuance is not possible.

PIV smart card issuance is not possible.

Yellow

034

PIV smart card issuance is not possible because of short validity time.

PIV smart card issuance is not possible because of short validity time.

Yellow

035

Failed to initialize Operator Service Key Store.

This error message will appear if the system fails to initialize Operator Service Key Store (OSKS).

Tip: Activate the OSKS from Options – Operators page.

Red

036

Connection to Certification Authority (CA) has no Issuer DN configured.

This warning will appear if there is no issuer DN configured for the CAs connection listed.

Tip: Navigate to Options – Connections and select the CA template that is reported in the message and click the Edit button. Click the Get button and select the DN and click Ok.

Yellow

037

No CMS authentication keys configured for some operator cards.

This warning message will appear if there are no authentication keys configured for the operator card(s) list.

Tip: Attach the listed operator card and go to the Options – Operators page and click the Update Keys button to add. It will be necessary to have a key, such as a certificate, on the operator card to complete the update.

Yellow

038

Operator console server not configured.

Operator console server has not been configured yet.

Tip: Make sure to add a connector from Options – Connections page.

Yellow

039

Operator console server problem detected.

This warning message will appear if the Operator console server is configured but not running.

Tip: From Windows service ensure that vSEC:CMS – Operator Console Service is running.

Yellow

040

Requesting file export location during data export has been removed.

This warning will appear if the Ask for file feature was configured previously for data export. This feature is no longer available therefore this message will appear informing the operator.

Yellow

041

No certificate request signing certificate(s) configured.

This warning message will appear if there are no certificate request signing certificate(s) configured.

Tip: Go to the Options – Operators page and click the Cert request signing button to configure.

Yellow

042

Configured certificate request signing certificate not found.

This warning message will appear if the configured certificate request signing certificate was not found.

Tip: Go to the Options – Operators page and click the Cert request signing button and ensure that the configured certificate is correct.

Yellow

043

Certificate request signing is not possible.

Issuance of smart cards for the following template(s) is not allowed because the request signing certificate cannot be used.

Yellow

044

Certificate request signing is not possible because of short validity time.

Issuance of smart cards for the following template(s) is not allowed because of short validity time of the request signing certificate.

Tip: Go to the Options – Operators page and click the Cert request signing button and ensure that the configuration settings are correct.

Yellow

045

Only one (1) system owner.

This warning message will appear if there is just one operator with the system administrator role configured on the system. If this operator card is lost, destroyed or broken, there is no operator with access rights to assign a new one and therefore the only recovery procedure then is to do a system backup restore.

Tip: Add an additional operator token with system administrator role to the system.

Yellow

046

Template ID's not unique.

If a card template(s) ID(s) are not unique this error message will appear.

Tip: Contact Versasec if this message appears for details on how to resolve.

Red

047

A problem with the database has been detected.

A problem with the specific used database tables has been detected.

Red

048

A problem with the database has been detected.

Specific used database tables have been set to read only.

Red

049

Automatic backup did fail.

The automatic backup failed.

Red

050

API server not configured.

API server has not been configured yet.

Tip: Add the connector from Options – Connections page.

Yellow

051

API server problem detected.

API server is configured but not running.

Tip: Make sure that the Windows service vSEC:CMS - API Service is running on the server where vSEC:CMS is running.

Yellow

052

Index in certificate expiration table is corrupt.

The system has detected that the index in the certificate expiration table needs to be rebuilt.

Red

053

Client console version does not correspond with server version.

The client console version that you are running is different from the server version. It is recommended to update the client console version.

Yellow

054

Problem with CA template configuration.

A problem with the template configuration at the CA has been detected. Some template(s) are not working correctly.

Yellow

055

Failed to initialize HSM connector.

Failed to initialize the HSM connector while starting the service. This may impact the functionality of the system.

Red

056

Problem with configuration of a variable.

A problem with the configuration of a variable has been detected.

Tip: check that the variable is configured correctly.

Red

057

Problem with local configuration cache has been detected.

A problem with local configuration cache has been detected. The cache has been deactivated.

Yellow

058

Remote secure device management server not configured.

Remote secure device management server has not been configured yet.

Tip: Add the connector from Options – Connections page.

Yellow

059

Remote secure device management server problem detected.

Remote secure device management server is configured but not running.

Tip: Make sure that the Windows service vSEC:CMS - RSDM Service is running on the server where vSEC:CMS is running.

Yellow

060

Problem with exclusive access locking has been detected.

Thread already requested shared access and is not trying to get exclusive access to SRW lock.

Red

061

Problems(s) occurred during application startup.

Some problems occurred during application startup.

Red

062

API authentication failed.

API authentication failed.

Red

063

API server security warning.

API server is configured to use authentication tickets, but no SSL is enabled to encrypt the transport.

Tip: From Options – Connections make sure that in the API Service that SSL is enabled.

Yellow

064

Problems(s) occurred during SQL write.

A problem has been detected during SQL write operations. Please raise a support ticket if this error is reported.

Red

065

Failed to load card applications configuration.

A problem has been detected when loading the smart card application configuration file.

Red

066

Failed to load card applications configuration.

A problem has been detected when loading the card application configuration file:

Yellow

067

Database schema version is newer than the application does support.

The schema version of the database is x.x.x but the application does only support x.x.x.Please consider to upgrade your CMS application.

Yellow

068

Database schema needs to be updated.

The schema version of the database is x.x.x but the application does support x.x.x. Please consider to perform a schema upgrade on your database.

Yellow

069

This is reserved for internal use.

Internal use for load balancing heartbeat therefore this would never be reported in the Admin console.

 

070

HSM Failure

An error has occurred when accessing the HSM.

Red

071

HSM Down

HSM is currently not available.

Red

072

FASN-Numbers not functional

The PIV-FASCN number generator is not functional.

Red

073

FASN-Numbers low on free numbers

Only a few PIV-FASCN numbers left to be used.

Yellow