User login fails

From Swivel Knowledgebase Wiki

Jump to: navigation, search

Image:logo.gif

Contents

Overview

A user login can fail for a number of reasons, this document outlines the steps that can be taken to diagnose and resolve such issues


Prerequisites

PINsafe 3.x


Symptoms

User cannot login using PINsafe credentials

The following error message may be seen:

An error occured, please check your credentials. If the error persists contact your PINsafe Administrator.


Solution

Check the PINsafe and Tomcat logs

Has a Single Channel Session Request message been seen in the PINsafe log? (This would indicate that the request for an image has reached the PINsafe server).

Check the access device logs, is a login attempt seen?

Is the account locked?

Does the user exist? Has the user been added to PINsafe?

Is the SAM account name or the FQDN name been used?, has the system tried to add that username when it already exists? Duplicate names in AD

Is the user entering a PIN instead of OTC?, does the user have the wrong PIN

Is the username case sensitive? (logs may indicate user with differing capitalisation does not exist)

Is another authentication element such as AD password failing, either on the access device or the PINsafe password if used?

Does the user have a valid security string (sinlge, dual, Mobile Phone Client or swivlet)?

Has a password (accidentaly?) been set for the user? Try manually setting a blank password.

Has check password with repository been set for the user

Has the RADIUS shared secret been incorrectly set, reenter shared secret AGENT ERROR BAD OTC

Has the single channel image or on demand SMS timed out (default 120 seconds) see Session Cleanup

If using PINsafe 3.5.2989 check Auto_Reset_manually_disabling

Is ChangePIN on first login set? (It will allow the first login, but not subsequent logins)

Does the user receive a new security string by email or SMS (indicating a dual channel login was made and no single channel session request was made)

Was a single channel Image session started? A single channel session takes precedence over dual channel, and once started will expect a single channel login until it times out (default 120 seconds) see Session Cleanup

Is PINsafe and Tomcat running? see Tomcat problems

Are there outstanding security strings in an SMS or email? Where multiple security strings are used, it is expecting the next one in the sequence. To verify the correct one is used, then enter the security string index OTC-Security String Index. Example: 4387-02

The user attempted to re-enter a used OTC?

Retrieved from "http://kb.swivelsecure.com/wiki/index.php/User_login_fails"