Idenprotect iOS Error Messages

From idenprotect Knowledge Base
Jump to: navigation, search


iDENprotect For Mobile

This article explains the possible error messages that may occur when using the idenprotect For Mobile applications on your iOS Device (iPhone/iPad).

This article is aimed at Helpdesk/Admin users to diagnose issues within the app.

Requirements

This guide applies to devices running idenprotect For Mobile applications 3.7 & higher.

Error Messages

This section of error messages are thrown during enrollment, authentication and are usually related to server errors.

Error Code Message Scenario Possible Cause Possible Solution
1 Connect error This error occurs when the SDK is unable to connect to the framework. The state of the device may prevent access to the framework. Close the app and re-open it.
12 activateWithCode error (invalid activation code) Occurs during enrollment when invalid activation code is given. Incorrect activation code provided by user. Check that the activation code provided by the user matches that of the email.
16 getDRA Error Occurs during enrollment when a device fails to get valid DRA (Device Request). Framework is unable to provide a DRA. Retry, or uninstall and reinstall the application.
38 Unable to Renew a secure enclave certificate This occurs when the device fails to renew the secure enclave certificate. Could be caused due to the server being offline, drop in internet connection or the existing certificate has expired. Check that there is internet connectivity, the server is reachable and the certificate is still valid. Then retry.
39 Unable to import a certificate provided by idenprotect Core Platform This occurs when the idenprotect Core Platform provides an invalid certificate that cannot be imported by the framework. Certificate corruption or incorrect keys used. Retry and if the problem persists, try to uninstall and re-enroll the application.
40 Unable to retrieve policies This occurs when there is a valid internet connection but the device cannot update policies. This may be due to the device being removed from the server, the server being offline or the device containing an expired certificate Check that the device is present on the server, the server is reachable and that the certificate has not expired.
42 Unable to retrieve an authentication session This occurs when a user is trying to login to Authentication Portal with their mobile device and no session is present. This may be due to the current authentication session expiring, the device no longer being present on the server or connectivity issues Check logs to ensure that there is a valid session for the user and that the device is enrolled, present and not expired on the server.
46 Unable to enroll secenc certificate to idenprotect Core Platform This happens during the enrollment phase when the secure enclave certificate is rejected by the idenprotect Core Platform. This may be due to an incorrect CSR being sent to the idenprotect Core Platform, signature verification failure or loss of communication. Try again by pressing the retry button which will appear on the device. If the problem persists try to uninstall and re-enroll the device.
47 Server error, unable to retrieve devices This happens when a user tries to retrieve a list of their devices and fails. It can fail because the API is not present on an older version of the server or if the server is unavailable. This may be due to an older version of the server is being used, the server is unreachable or the device no longer exists Try again and check the idenprotect Core Platform to ensure the device is still valid.
48 Server error, unable to delete device This happens when a user tries to delete a device from the server and is unsuccessful. This occurs after the list of devices is generated. Therefore issues to prevent a device being deleted may be due to loss of server connection or incorrect data being sent to the server. Please try again to delete the device.
49 Internal error. Unable to verify your identity. Press OK and try again. This happens when a user tries to authenticate with touchID/faceID and is unsuccessful. May be due to an incorrect fingerprint provided or face ID. Check that the fingerprint or face ID given is registered with the device.
50 Error! Mobile client update required. This occurs when the server identifies that the mobile client being used is incompatible with the server. Occurs when the device version is not included in the server compatibility list. Update the app to the latest version either through company app download page or general iOS/Android app stores.
3000 Server error, unable to retrieve a server certificate Occurs during enrollment when a device fails to get a valid server certificate. This may be due to loss of connection between the device and the server Check that the server is accessible and try again.
4000 Server error, unable to retrieve server time This occurs during the enrollment stage when the device cannot sync the time with the server time. This may be due to loss of connection between the device and the server Check that the server is accessible and try again.
5000 Server error, unable to sign a certificate This occurs during the final stages of the enrollment when the server is unable to sign a secure enclave or ERSA certificate. This may be due to a signature verification failure, incorrect CSR or loss of connection. Check that the server is accessible and try again.
7000 Server error, unable to identify enrollment This occurs when the server is unable to identify the enrollment session passed by the device. This is the second stage of enrollment, where the device verifies the enrollment session with data sent from the device. This may fail due to the enrollment session no longer being valid or incorrect data being sent from the device Try again, if the problem persists, uninstall and re-enroll the device with a NEW enrollment session.
8000 Server error, unable to complete enrollment This occurs when the server is unable to complete the final stages of the enrollment. This is when the device is verifying the enrollment and a device certificate is about to be created. This may fail due to signature verification failure. Try again, if the problem persists, uninstall and re-enroll the device with a NEW enrollment session.
9000 Server error, unable to verify the signature This occurs when the server is unable to verify the signature of a given request. It can occur during enrollment and during authentication. Signature verification failure can be due to an error in the key-pair created. Try again, if the problem persists, uninstall and re-enroll the device with a NEW enrollment session.
10000 Server error, unable to verify the TOTP This occurs when the server is unable to verify the time based one-time password. This can occur if the device time is out of sync with the server time. This may also occur if the time interval has changed on the server and the policies have not updated on the device or if the user enters a TOTP code that is out of date. Close the app and re-open it. If enrolled as 'BlackBerry' or 'Both' click to authenticate. This will then update the policies as required, then proceed as normal.
11000 Server error. This occurs when the server is unable to initiate a PIN Reset command. During PIN reset, a command is sent to the server to send out a nonce to a registered email. This may fail if the server is unreachable, there is no valid internet connection or the device is not present. Check that the device is present, the server is reachable and try again.
12000 Server error. This occurs when the server is unable to complete the PIN Reset command. Once the PIN has been changed, the device sends a message to the server to confirm a change of PIN. This may fail due to connection issues. Try again if possible.
13000 Server error, unable to register a device This occurs when the server is unable to register a device. This occurs during enrollment only. This is the first stage of the enrollment process. A device may fail to register if the user has reached the maximum number of devices allowed or if a device with the same serial number exists on the server. This error may also occur if the server is unreachable. Check the server to ensure that a device does not exist with the same serial number and that the user has not reached the maximum limit.
N/A Unable to import a certificate to a user profile with id: This occurs when a device is unable to import the P12 to the dynamics framework. This may occur as 'Is PKI connector required?' policy is set to false on the idenprotect Core Platform or if the user has not got a credential profile set up on the UEM server. Check the idenprotect Core Platform and the UEM server to ensure that a credential profile has been set up for the user. More information can be found on our Wiki about credential profiles and PKI connectors.
N/A Some SSO services are unavailable. Please contact your administrator. This occurs when a device is unable to import the P12 to the dynamics framework or there is no valid internet connection and the device is running in offline mode. If there is a valid internet connection but the application is unable to connect, this may be due to UEM policies relating to networking and roaming, proxy or device-specific profiles. Check to see that there is an internet connection and investigate the PKI and credential settings for the user.

Important Info

Please note that some error messages may contain the same code but a different message. The code relates to the type of error whereas the cause/reason for the error may differ. These error messages outlined above are the core error messages that relate to communications between the mobile device and the idenprotect Core Platform. Device-specific errors i.e. errors due to lack of permissions or a user revoking app-specific permissions are not listed above.

Server Logs

Quite frequently errors can appear on the mobile device. Logs on the server can help to identify the issues and expand in greater detail than the simplified error messages that are shown on mobile devices.

Proxy

The mobile device can work with the user portal proxy or an external proxy or firewall system. In order to prevent connection issues please ensure that any proxies that are being used contain the correct configurations for the mobile devices to successfully connect to the server.