|
Error |
Diagnosis |
|---|---|
|
Error: Failed to attach external HSM client library. Please check if you specified the vendor provided PKCS#11 library path correctly |
Verify whether the correct Path to PKCS#11 library path is specified in pkcs11Lib property of application,yml |
|
CKR_USER_PIN_NOT_INITIALIZED |
PKCS#11 Slot is not initialized. |
|
CKR_PIN_INCORRECT |
Check userPIN property in application,yml |
|
Bearer Token Error |
Go to Control Panel / Network and Internet / Internet Options. In Internet Options, go to Security / LOCAL INTRANET / Sites / Advanced, and add the DKE URL to that. Please note, this is LOCAL INTRANET sites, not Trusted sites. It must be LOCAL INTRANET |
|
Http timeout error |
Increase pkcsHandleMaxPoolSize in application.yaml and restart DKE Anchor service |
|
Despite having ample space on a disk (or on OneDrive), the following message is shown when saving a DKE protected document: «Word cannot save or create this file. Make sure the disk you want to save the file on it is not full, write-protected, or damaged. » |
|
|
Potential Issue: The client is not configured to use DKE. |
|
|
Potential Issue: The client cannot reach the DKE Anchor service |
On the client, try opening the DKE-URL configured in the sensitivity label. If that fails, fix the network issue as needed. |
|
You are not signed into Office with an account that has permission to open this document. You may sign in a new account into Office that has permission or request permission from the content owner |
|
|
Potential Issue: The user hasn’t been granted permission in the sensitivity label. |
During tests, try granting the whole tenant access in the sensitivity label permissions |
|
Potential Issue: The DKE Anchor service URL contains a sub-folder |
Verify that the DKE URL consists of the FQDN only |
|
Potential Issue: The web application isn’t configured correctly. |
Check the settings in the application.yml |
|
An unknown error occurred. If this problem persists, contact your administrator or help desk |
|
|
Potential Issue: The client doesn’t have the correct Office version installed. |
Re-check the Office version |
|
Error |
Diagnosis |
|
Potential Issue: The AIP client is not registered in the web application |
Check whether the client ID for the AIP client has also been registered in the web application |
|
2022-12-07 10:11:24.742 ERROR 1292080 --- [-nio-443-exec-1] c.u.d.s.JWTAuthenticationEntryPoint: Inside Unauthorized processing
2022-12-07 10:11:24.758 INFO 1292080 --- [-nio-443-exec-9] c.utimaco.dke.controller.DkeController: Entering method to decode data for DKE_Key,8f0c4c01-7f05-47ca-adfe-f45030046a31
2022-12-07 10:11:24.758 INFO 1292080 --- [-nio-443-exec-9] c.utimaco.dke.controller.DkeController: Authorization header found, Identifying user identity |
Step 1: delete your cache files on both client machine from C:\Users\testuser4\AppData\Local\Microsoft\MSIP and MSIPC Step 2: Check the Keyinfo command status and make sure Remaining Ops value will be more than 99999 Command: cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000" spec=3 Keyinfo Step 3: If value of remaining ops is 0 run below command: cxitool dev=3001@127.0.0.1 LogonPass=USR_0000,123456 group="SLOT_0000" Spec=3 KeyFile=ka.key AuthorizeKey=1000000 |
Errors and its diagnosis
For more troubleshooting see https://www.drware.com/dke-troubleshooting/