Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 1 of 6

KB 150158

Troubleshooting login problems on IDENTIKEY

Authentication Server 3.9 Web admin.

Creation date: 07/03/2016 Last Review: 11/03/2016 Revision number: 2

Summary

What do you need to verify when you cannot login on the IDENTIKEY Authentication

Server Web administration as of IAS 3.9?

Problem Solution.

• Can you open the web administration login page?

o No, I cannot open the web administration login page.

* Check if IAS Web Administration is installed and up and running:

Document type: How To Security status: EXTERNAL

Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 2 of 6

If the Webadmin is installed but not running, please investigate why. Analyzing

the files in the Tomcat logs folder can help.

* Check that the IAS webadmin is listening on port 8443.

Use the command ‘netstat –aon | find “8443”’ in a DOS command window and

verify that the tomcat8.exe process of the webadmin is having the process ID

of the process listening at port:

Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 3 of 6

* Be sure to use a supported browser.

The supported browsers are listed in the IAS documentation.

o Yes, I can open the web administration login page.

Can you see The IAS IP address in the “server :” field?

Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 4 of 6

� No, I cannot see a server in the “server:” field

Reinstall the web administration if installed on the same machine as IAS, or add a server using the admintool utility. (For details see the IDENTIKEY

Authentication Server Administrator Guide - 8.1. IDENTIKEY Webapps

Configuration Tool (admintool) (IAS3.9))

� Yes, I can see a server in the “server:” field.

Verify that IDENTIKEY Authentication Server is listening on the SOAP port.

Browse to port 8888 of the IDENTIKEY Authentication Server.

(https://<IP-of IK server>:8888) .

If SOAP is OK, you will get a screen as shown in the screenshot below:

or

In a DOS box use the following command: netstat –aon|find “8888” Verify

that the PID number of the application listening to port 8888 (3860 in our

example) is the ikeyserver.exe process.

* If SOAP is OK, Enable full tracing on the IDENTIKEY Authentication

Server, reproduce the problem, and examine in the trace file what the

problem is, when you try to log on to the webadmin. (1)

Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 5 of 6

* If SOAP is not OK, Verify that the IDENTIKEY Authentication Server

service (windows) or IDENTIKEY Authentication Server daemon (Linux) is

running.

Enable full tracing and (re)start the service.

Examine in the trace file what is happening during startup of the IAS

service. Also check the Windows Event viewer for evidence why the IDENTIKEY

Authentication Server service is not starting.

(1) Possible causes when you cannot log in and IDENTIKEY Authentication Server

service and SOAP are both working:

- Wrong username or Password

� Enter the correct credentials. (Keyboard layout? – caps lock?)

- Administrator account is missing or corrupted.

� Use the IAS Maintenance Wizard – rescue administrator.

- SSL certificate has changed or is expired.

� reinstall the webadmin (if IAS is on the same server) or delete the old

certificate and add a new certificate using the admintool utility.

(for details see the IDENTIKEY Authentication Server Administrator Guide - 8.1.

IDENTIKEY Webapps Configuration Tool (admintool) (IAS3.9) )

(if the certificate is expired, create and/or import a new certificate using the

IAS Maintenance Wizard – Install SSL Server Certificate, select SOAP

communicator)

- Administration client is missing or corrupted.

� Redeploy the Administration Client, using the IAS Maintenance Wizard –

rescue administration client.

- If nothing is added to the IAS trace file while trying to logon in the WebAdmin,

a Firewall may be blocking the port. � Stop the Firewall or add an exception to allow the SOAP Port (8888).

Also check if you need to add an exception for the SEAL port (20003), the SEAL

SSL port (20004), the radius ports…)

(2) Possible problems when IDENTIKEY Authentication Server service is working and

SOAP is not working:

- The SOAP port is used by another process (binding did not succeed in the trace

file).

� Stop the other process or use another port

- Firewall is blocking the SOAP port (no special indications in trace file).

� Stop the Firewall or add an exception to allow the SOAP Port (8888).

(Also check if you need to add an exception for the SEAL port (20003), the SEAL SSL port (20004), the radius ports…)

Applies to: IDENTIKEY Authentication Server 3.9

KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.

Page 6 of 6

Schematic view: