[Pki-users] ESC Format / Enroll Error

Zach Casper zach.casper at envieta.com
Tue Dec 23 19:47:44 UTC 2008 

tps-error.log
...
[2008-12-23 12:09:39] ba5de4e0 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:09:39] ba5de4e0 RA_Processor::UpgradeApplet - channel
creation failure
[2008-12-23 12:10:20] ba5cb398 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:10:20] ba5cb398 RA_Processor::UpgradeApplet - channel
creation failure
[2008-12-23 12:11:14] b8e04520 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:11:14] b8e04520 RA_Processor::UpgradeApplet - channel
creation failure
[2008-12-23 12:39:38] ba5c00e0 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:39:38] ba5c00e0 RA_Processor::UpgradeApplet - channel
creation failure
[2008-12-23 12:44:27] ba5b14c8 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:44:27] ba5b14c8 RA_Processor::UpgradeApplet - channel
creation failure
[2008-12-23 12:45:54] ba5f2590 RA_Processor::SetupSecureChannel - Failed to
create a secure channel - potentially due to an RA/TKS key mismatch or
differing RA/TKS key versions.
[2008-12-23 12:45:54] ba5f2590 RA_Processor::UpgradeApplet - channel
creation failure

tps-debug.log
...
[2008-12-23 12:45:54] ba5f2590 RA_Format_Processor::Process - Authenticate
returns: 0
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - Sent
's=67&msg_type=14&current_state=10&next_task_name=PROGRESS_APPLET_UPGRADE'
[2008-12-23 12:45:54] ba5f2590 RA_Processor::UpgradeApplet - path =
/usr/share/pki/tps/applets/1.3.44724DDE.ijc
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - pdu_len='12'
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - Sent
's=68&msg_type=9&pdu_size=12&pdu_data=%00%A4%04%00%07%A0%00%00%00%03%00%00'
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - decoded pdu =
(length='20')
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - 6f 10 84 08 a0 00 00 00
03 00 
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - 00 00 a5 04 9f 65 01 ff
90 00 
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - 
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - pdu_len='13'
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - Sent
's=71&msg_type=9&pdu_size=13&pdu_data=%80%50%01%01%08%56%F5%29%9D%7B%8F%6F%A
7'
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - decoded pdu =
(length='2')
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - 6a 86 
[2008-12-23 12:45:54] ba5f2590 RA_Format_Processor::Process - applet upgrade
failed
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - pdu_len='12'
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - Sent
's=68&msg_type=9&pdu_size=12&pdu_data=%00%A4%04%00%07%62%76%01%FF%00%00%00'
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - decoded pdu =
(length='2')
[2008-12-23 12:45:54] ba5f2590 AP_Session::ReadMsg - 90 00 
[2008-12-23 12:45:54] ba5f2590 AP_Session::WriteMsg - Sent
's=43&msg_type=13&operation=5&result=1&message=19'

zach
_____________________________________________
From: Jack Magne [mailto:jmagne at redhat.com] 
Sent: Tuesday, December 23, 2008 2:38 PM
To: Adewumi, Julius-p99373
Cc: Zach Casper; pki-users at redhat.com
Subject: Re: [Pki-users] ESC Format / Enroll Error


You are having a problem creating a secure channel. Perhaps posting a 
snippet of the log might help.



Adewumi, Julius-p99373 wrote:
> You might want to play with changing "false" to "true in the CS.cfg for
> op.enroll.userKey.update.applet.emptyToken.enable=false or the 
> op.format... equivalent , etc.
>
> /From: Julius Adewumi/
> /@GDC4S.com/
> /Ph:480-441-6768/
> /Contract Corp:MTSI/
>
>
> ------------------------------------------------------------------------
> *From:* pki-users-bounces at redhat.com 
> [mailto:pki-users-bounces at redhat.com] *On Behalf Of *Zach Casper
> *Sent:* Tuesday, December 23, 2008 12:00 PM
> *To:* pki-users at redhat.com
> *Subject:* RE: [Pki-users] ESC Format / Enroll Error
>
> Tps-debug log shows the following:
>
> RA_Format_Processor::Process - applet upgrade failed
>
> Tps-error log show the following:
>
> RA_Processor::SetupSecureChannel - Failed to create a secure channel 
> 0- potentially due to an RA/TKS key mismatch or differing RA/TKS key 
> versions.
>
> RA_Processor::UpgradeApplet -0 channel create failure
>
> And a series of Bad Response when trying to SelectApplet or GetStatus
>
> zach
>
> _____________________________________________
> *From:* Jack Magne [mailto:jmagne at redhat.com]
> *Sent:* Tuesday, December 23, 2008 1:10 PM
> *To:* Zach Casper
> *Subject:* Re: [Pki-users] ESC Format / Enroll Error
>
> The first step would be to take a look at the tps log or smart card 
> server.
>
> These can be found at:
>
> /var/lib/pki-tps/logs/tps-debug.log
>
> Search the bottom of the log for error 19 and it should give you an idea
>
> of what TPS was trying to do at the time.
>
> Zach Casper wrote:
>
> >
>
> > We have an Infineon Smart Card and currently we are unable to
>
> > Format/Enroll due to the following ESC Error
>
> >
>
> > "Formatting of smart card failed. Error: The Smart Card Server cannot
>
> > upgrade the software on your smart card."
>
> >
>
> > And Diagnostics show this error:
>
> >
>
> > "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19."
>
> >
>
> > This card comes up as "Formatted" because we've manually installed a
>
> > version of the Dogtag applet prior to using ESC & Dogtag.
>
> >
>
> > Any advice on how we can troubleshoot?
>
> >
>
> > --
>
> >
>
> > Zach Casper
>
> >
>
> > Envieta LLC
>
> >
>
> > ----------------------------------------
>
> >
>
> > ------------------------------------------------------------------------
>
> >
>
> > _______________________________________________
>
> > Pki-users mailing list
>
> > Pki-users at redhat.com
>
> > https://www.redhat.com/mailman/listinfo/pki-users
>
> >
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>   


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20081223/917f7ffc/attachment.htm>

More information about the Pki-users mailing list