Introduction
The Home screen of the Operator Console (OC) is displayed when an operator logs onto vSEC:CMS. From the Home screen information on the license, the number of credentials managed by vSEC:CMS, system information, supported credentials, pending task and system status is presented.
License Information
Information regarding who the license was issued to as well as the maximum amount of credentials that can be managed with vSEC:CMS is displayed. The screen also shows how many credentials have already been issued/registered and how many more cards can be issued/registered.
Pending Tasks
A link to the pending tasks page, if any exist, will be available from here.
System Information
Information about the version of vSEC:CMS is provided here along with advanced details on the current logged on operator token. Additionally, you can view the software license agreement from here.
Installed Credential Drivers
All available installed credential drivers on the host that the OC is running on will be listed here.
System Status
The health state of vSEC:CMS can be in three states as indicated by color:
Green: System health: OK
Yellow: System health: Warning(s)
Red: System health: Error(s)
If the circle is showing as yellow or red then it will be possible to open a dialog by clicking on the circle icon. The dialog presented will describe what settings need action.
On opening this dialog, select an entry and click the Details button for more detailed information.
Click the Acknowledge button, if enabled, to remove the message from the system.
The following health checks will be performed by the vSEC:CMS:
The ID as shown in the table corresponds to the ID as shown in the System Status dialog.
ID |
System Health Message |
Detailed description |
Status |
001 |
Backup failed. |
Reports problems when scheduled backup fails. Tip: Check the Options – Settings – Backup Settings to ensure configuration is correct. |
Red |
002 |
No Operator Service Card available. |
If the keystore operator is configured, but the OSC is not functioning. Tip: Check the Options – Operators page to ensure the keystore operator is available and activated. |
Yellow |
003 |
No automatic backup. |
If backup is enabled but no backup folder configured. Tip: Check the Options – Settings – Backup Settings to ensure configuration is correct |
Red |
004 |
Pending certificate revocation requests. |
There are pending revocation requests in the application cache. Tip: Check the Options – Connections page and in the Certificate Authorities section click the link for Number of certificates to revoke. Also check that connectivity to the CA is functioning. |
Yellow |
005 |
Pending data export records. |
There are pending data export requests in the application cache. Tip: Check the Options – Connections page and in the Data Export section click the link for Number of pending requests. |
Yellow |
006 |
Pending events. |
There are pending Window events that exist in the application cache. Tip: Check the Options – Connections page and in the External Trace section click the link for Pending packages. |
Yellow |
007 |
Photo capturing not configured. |
Check all card templates available for the current logged on operator. If there are templates which do contain photo capturing but there is no photo capture device configured for the current client machine. Tip: Check the Options – Connections page and click the Configure button for Photo Capture from where the photo capture device can be configured. |
Yellow |
008 |
Enrollment agent certificate problem. |
Checks all card templates available for the current logged on operator. If there are templates which are configured to do certificate enrollment using MS CA with signed requests but the configured EA certificate cannot be found and/or is not on current operator token. Tip: Check the Options – Connections page and click the Configure button for Certificate Authorities. Select the CA template and ensure that an EA certificate is configured in the Enrollment Agent section. |
Yellow |
009 |
Smart card printer not configured. |
Checks all card templates available for the current logged on operator. If there are templates which are configured for card printing but there is no printer configured and/or online for the current client machine. Tip: Check the Options – Connections page and click the Configure button for Smart Card Printer and ensure that the configuration is correct. |
Yellow |
010 |
User license low |
If the user license count is less than 10% this will be flagged as a warning to the operator. Tip: Purchase additional user licenses if required. |
Yellow |
011 |
License problem. |
If the user license count is zero this will be flagged as an error to the operator. Tip: It will not be possible to manage any additional smart card tokens when in this state. It will be necessary to purchase additional user licenses. |
Red |
012 |
Operator license low |
If the operator license count is less than 10% this will be flagged as a warning to the operator. Tip: Purchase additional operator licenses if required. |
Yellow |
013 |
License problem. |
If the operator license count is zero this will be flagged as an error to the operator. Tip: It will not be possible to add additional operators when in this state. It will be necessary to purchase additional operator licenses. |
Red |
014 |
User failed to logon. |
User failed to logon because the signature was not valid. |
Yellow |
015 |
No smart card driver found. |
If the attached operator card is available and it is a PC/SC smart card, the application checks if a minidriver is available for this smart card. In addition, checks for Gemalto .NET and IDPrime smart cards are performed. Tip: It will be necessary to install the latest Gemalto minidriver on the machine. |
Yellow |
016 |
DB Disk Space Low |
If the disk space available on the server where vSEC:CMS is installed is 2 times the size of the current database size then this will be flagged as a warning to the operator. Tip: Remove and/or clean up the file system to create more space if required. |
Yellow |
017 |
DB Disk Space Out |
If the hard disk space available on the machine where vSEC:CMS is installed is 1 times the size of the current database size then this will be flagged as an error to the operator. Tip: Remove and/or clean up the file system to create more space if required. |
Red |
018 |
Not enough space on database disk. |
If the space available on the operator token smart card is less than 4500 bytes this will be flagged as a warning to the operator. Tip: Remove and/or clean up the file system on the operator smart card token. |
Yellow |
019 |
Not enough space on database disk. |
If the space available on the operator token smart card is less than 2000 bytes this will be flagged as an error to the operator. Tip: Remove and/or clean up the file system on the operator smart card token. |
Red |
020 |
Not enough space on Operator token. |
If there is no available minidriver for the attached user smart card that is to be managed by the vSEC:CMS. Tip: It will be necessary to install the smart card vendor minidriver on the machine where the vSEC:CMS is running. |
Yellow |
021 |
Error occurred in self-service session. |
An invalid session has been detected in USS-SOAP communication. |
Red |
022 |
Invalid authentication attempt through self-service. |
An internal problem has been detected in USS-SOAP communication around user authentication. |
Red |
023 |
Self-service server problem detected. |
If self-service is licensed and configured but the service is not running. Tip: Check the Windows services and ensure that vSEC:CMS - User Self-Service service is running. |
Yellow |
024 |
Self-service server not configured. |
If the self-service featured is licensed but not configured. Tip: Check the Options – Connections page and click the Configure button for User Self-Service and ensure that the configuration is correct. |
Yellow |
025 |
A problem has been detected with a variable. |
If an imported variable is configured but the imported database is not available. Tip: Check the Options – Connections page and click the Configure button for Variables and ensure that the configuration is correct for the reported variable. |
Red |
026 |
Updating repository table. |
If vSEC:CMS has been upgraded from version 3.1 the certificate expiry field in the smart card repository table in the database for version 3.1 was not set correctly. Therefore, it is necessary to update the table in version 3.2 to the correct expiry date for the issued certificates. Tip: Operator should allow this update to complete. This update will run in a background thread. |
Yellow |
027 |
Plugin security warning. |
If the loading of unsigned DLL plugins is configured from the Options – Security page this warning will be displayed. Typically, unsigned DLLs would be enabled when testing a plugin. Tip: It is recommended to not have this feature enabled in a production environment |
Yellow |
028 |
Using unsigned library extensions Dynamic Link Libraries. |
The system is using unsigned library extension Dynamic Link Libraries. This will occur because of a missing or invalid signature file. |
Yellow |
029 |
Tried to loaded an untrusted plugin. |
If the loading of unsigned DLL plugins is configured from the Options – Security page and an unsigned DLL is loaded then this warning will be displayed. Tip: It is recommended to not have an unsigned DLL loaded in a production environment. |
Yellow |
030 |
Key archival not working. |
If the key archival mechanism is not initialized correctly an error will appear. Tip: Contact Versasec if this message appears for details on how to resolve. |
Red |
031 |
Failed to load certificate(s). |
This warning message will appear if a card template is configured to import root and/or sub CA files or PKCS#12 files incorrectly. Tip: Make sure the instructions as described in the online help guides are followed when configuring import of root and/or sub CA files or PKCS#12 files. |
Yellow |
032 |
Issuance is not allowed because of short validity time. |
This warning message will appear if management of supported PIV cards are configured but a short expiration period is set. Tip: Go to the Options – PIV page and ensure that the selected signing certificate is valid for the configuration set. |
Yellow |
033 |
PIV smart card issuance is not possible. |
PIV smart card issuance is not possible. |
Yellow |
034 |
PIV smart card issuance is not possible because of short validity time. |
PIV smart card issuance is not possible because of short validity time. |
Yellow |
035 |
Failed to initialize Operator Service Key Store. |
This error message will appear if the system fails to initialize Operator Service Key Store (OSKS). Tip: Activate the OSKS from Options – Operators page. |
Red |
036 |
Connection to Certification Authority (CA) has no Issuer DN configured. |
This warning will appear if there is no issuer DN configured for the CAs connection listed. Tip: Navigate to Options – Connections and select the CA template that is reported in the message and click the Edit button. Click the Get button and select the DN and click Ok. |
Yellow |
037 |
No CMS authentication keys configured for some operator cards. |
This warning message will appear if there are no authentication keys configured for the operator card(s) list. Tip: Attach the listed operator card and go to the Options – Operators page and click the Update Keys button to add. It will be necessary to have a key, such as a certificate, on the operator card to complete the update. |
Yellow |
038 |
Operator console server not configured. |
Operator console server has not been configured yet. Tip: Make sure to add a connector from Options – Connections page. |
Yellow |
039 |
Operator console server problem detected. |
This warning message will appear if the Operator console server is configured but not running. Tip: From Windows service ensure that vSEC:CMS – Operator Console Service is running. |
Yellow |
040 |
Requesting file export location during data export has been removed. |
This warning will appear if the Ask for file feature was configured previously for data export. This feature is no longer available therefore this message will appear informing the operator. |
Yellow |
041 |
No certificate request signing certificate(s) configured. |
This warning message will appear if there are no certificate request signing certificate(s) configured. Tip: Go to the Options – Operators page and click the Cert request signing button to configure. |
Yellow |
042 |
Configured certificate request signing certificate not found. |
This warning message will appear if the configured certificate request signing certificate was not found. Tip: Go to the Options – Operators page and click the Cert request signing button and ensure that the configured certificate is correct. |
Yellow |
043 |
Certificate request signing is not possible. |
Issuance of smart cards for the following template(s) is not allowed because the request signing certificate cannot be used. |
Yellow |
044 |
Certificate request signing is not possible because of short validity time. |
Issuance of smart cards for the following template(s) is not allowed because of short validity time of the request signing certificate. Tip: Go to the Options – Operators page and click the Cert request signing button and ensure that the configuration settings are correct. |
Yellow |
045 |
Only one (1) system owner. |
This warning message will appear if there is just one operator with the system administrator role configured on the system. If this operator card is lost, destroyed or broken, there is no operator with access rights to assign a new one and therefore the only recovery procedure then is to do a system backup restore. Tip: Add an additional operator token with system administrator role to the system. |
Yellow |
046 |
Template ID's not unique. |
If a card template(s) ID(s) are not unique this error message will appear. Tip: Contact Versasec if this message appears for details on how to resolve. |
Red |
047 |
A problem with the database has been detected. |
A problem with the specific used database tables has been detected. |
Red |
048 |
A problem with the database has been detected. |
Specific used database tables have been set to read only. |
Red |
049 |
Automatic backup did fail. |
The automatic backup failed. |
Red |
050 |
API server not configured. |
API server has not been configured yet. Tip: Add the connector from Options – Connections page. |
Yellow |
051 |
API server problem detected. |
API server is configured but not running. Tip: Make sure that the Windows service vSEC:CMS - API Service is running on the server where vSEC:CMS is running. |
Yellow |
052 |
Index in certificate expiration table is corrupt. |
The system has detected that the index in the certificate expiration table needs to be rebuilt. |
Red |
053 |
Client console version does not correspond with server version. |
The client console version that you are running is different from the server version. It is recommended to update the client console version. |
Yellow |
054 |
Problem with CA template configuration. |
A problem with the template configuration at the CA has been detected. Some template(s) are not working correctly. |
Yellow |
055 |
Failed to initialize HSM connector. |
Failed to initialize the HSM connector while starting the service. This may impact the functionality of the system. |
Red |
056 |
Problem with configuration of a variable. |
A problem with the configuration of a variable has been detected. Tip: check that the variable is configured correctly. |
Red |
057 |
Problem with local configuration cache has been detected. |
A problem with local configuration cache has been detected. The cache has been deactivated. |
Yellow |
058 |
Remote secure device management server not configured. |
Remote secure device management server has not been configured yet. Tip: Add the connector from Options – Connections page. |
Yellow |
059 |
Remote secure device management server problem detected. |
Remote secure device management server is configured but not running. Tip: Make sure that the Windows service vSEC:CMS - RSDM Service is running on the server where vSEC:CMS is running. |
Yellow |
060 |
Problem with exclusive access locking has been detected. |
Thread already requested shared access and is not trying to get exclusive access to SRW lock. |
Red |
061 |
Problems(s) occurred during application startup. |
Some problems occurred during application startup. |
Red |
062 |
API authentication failed. |
API authentication failed. |
Red |
063 |
API server security warning. |
API server is configured to use authentication tickets, but no SSL is enabled to encrypt the transport. Tip: From Options – Connections make sure that in the API Service that SSL is enabled. |
Yellow |
064 |
Problems(s) occurred during SQL write. |
A problem has been detected during SQL write operations. Please raise a support ticket if this error is reported. |
Red |
065 |
Failed to load card applications configuration. |
A problem has been detected when loading the smart card application configuration file. |
Red |
066 |
Failed to load card applications configuration. |
A problem has been detected when loading the card application configuration file: |
Yellow |
067 |
Database schema version is newer than the application does support. |
The schema version of the database is x.x.x but the application does only support x.x.x.Please consider to upgrade your CMS application. |
Yellow |
068 |
Database schema needs to be updated. |
The schema version of the database is x.x.x but the application does support x.x.x. Please consider to perform a schema upgrade on your database. |
Yellow |
069 |
This is reserved for internal use. |
Internal use for load balancing heartbeat therefore this would never be reported in the Admin console. |
|
070 |
HSM Failure |
An error has occurred when accessing the HSM. |
Red |
071 |
HSM Down |
HSM is currently not available. |
Red |
072 |
FASN-Numbers not functional |
The PIV-FASCN number generator is not functional. |
Red |
073 |
FASN-Numbers low on free numbers |
Only a few PIV-FASCN numbers left to be used. |
Yellow |