kb 150158 - vasco | delivering trust to the digital world · use the command ‘netstat –aon |...
TRANSCRIPT
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 1 of 6
KB 150158
Troubleshooting login problems on IDENTIKEY
Authentication Server 3.9 Web admin.
Creation date: 07/03/2016 Last Review: 11/03/2016 Revision number: 2
Summary
What do you need to verify when you cannot login on the IDENTIKEY Authentication
Server Web administration as of IAS 3.9?
Problem Solution.
• Can you open the web administration login page?
o No, I cannot open the web administration login page.
* Check if IAS Web Administration is installed and up and running:
Document type: How To Security status: EXTERNAL
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 2 of 6
If the Webadmin is installed but not running, please investigate why. Analyzing
the files in the Tomcat logs folder can help.
* Check that the IAS webadmin is listening on port 8443.
Use the command ‘netstat –aon | find “8443”’ in a DOS command window and
verify that the tomcat8.exe process of the webadmin is having the process ID
of the process listening at port:
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 3 of 6
* Be sure to use a supported browser.
The supported browsers are listed in the IAS documentation.
o Yes, I can open the web administration login page.
Can you see The IAS IP address in the “server :” field?
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 4 of 6
� No, I cannot see a server in the “server:” field
Reinstall the web administration if installed on the same machine as IAS, or add a server using the admintool utility. (For details see the IDENTIKEY
Authentication Server Administrator Guide - 8.1. IDENTIKEY Webapps
Configuration Tool (admintool) (IAS3.9))
� Yes, I can see a server in the “server:” field.
Verify that IDENTIKEY Authentication Server is listening on the SOAP port.
Browse to port 8888 of the IDENTIKEY Authentication Server.
(https://<IP-of IK server>:8888) .
If SOAP is OK, you will get a screen as shown in the screenshot below:
or
In a DOS box use the following command: netstat –aon|find “8888” Verify
that the PID number of the application listening to port 8888 (3860 in our
example) is the ikeyserver.exe process.
* If SOAP is OK, Enable full tracing on the IDENTIKEY Authentication
Server, reproduce the problem, and examine in the trace file what the
problem is, when you try to log on to the webadmin. (1)
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 5 of 6
* If SOAP is not OK, Verify that the IDENTIKEY Authentication Server
service (windows) or IDENTIKEY Authentication Server daemon (Linux) is
running.
Enable full tracing and (re)start the service.
Examine in the trace file what is happening during startup of the IAS
service. Also check the Windows Event viewer for evidence why the IDENTIKEY
Authentication Server service is not starting.
(1) Possible causes when you cannot log in and IDENTIKEY Authentication Server
service and SOAP are both working:
- Wrong username or Password
� Enter the correct credentials. (Keyboard layout? – caps lock?)
- Administrator account is missing or corrupted.
� Use the IAS Maintenance Wizard – rescue administrator.
- SSL certificate has changed or is expired.
� reinstall the webadmin (if IAS is on the same server) or delete the old
certificate and add a new certificate using the admintool utility.
(for details see the IDENTIKEY Authentication Server Administrator Guide - 8.1.
IDENTIKEY Webapps Configuration Tool (admintool) (IAS3.9) )
(if the certificate is expired, create and/or import a new certificate using the
IAS Maintenance Wizard – Install SSL Server Certificate, select SOAP
communicator)
- Administration client is missing or corrupted.
� Redeploy the Administration Client, using the IAS Maintenance Wizard –
rescue administration client.
- If nothing is added to the IAS trace file while trying to logon in the WebAdmin,
a Firewall may be blocking the port. � Stop the Firewall or add an exception to allow the SOAP Port (8888).
Also check if you need to add an exception for the SEAL port (20003), the SEAL
SSL port (20004), the radius ports…)
(2) Possible problems when IDENTIKEY Authentication Server service is working and
SOAP is not working:
- The SOAP port is used by another process (binding did not succeed in the trace
file).
� Stop the other process or use another port
- Firewall is blocking the SOAP port (no special indications in trace file).
� Stop the Firewall or add an exception to allow the SOAP Port (8888).
(Also check if you need to add an exception for the SEAL port (20003), the SEAL SSL port (20004), the radius ports…)
Applies to: IDENTIKEY Authentication Server 3.9
KB 150158– 11/03/2016 2016 VASCO Data Security. All rights reserved.
Page 6 of 6
Schematic view: