7 CHECKING THE EQUIPMENT STATUS WITH TopAccess
TopAccess Message | Corrective Action |
|
|
Active Directory Domain - Clock Skew error due to difference in | The clocks need to be synchronized. Please check whether SNTP |
Time between Server and MFP | is configured correctly on the equipment. |
|
|
Active Directory Domain - Kerberos Ticket has expired and cannot | Please confirm the validity period of the ticket set by the Kerberos |
be used for Authentication | server. Please retry again after the fresh ticket is issued. |
|
|
Active Directory Domain - Verification of the Ticket has failed | Verify the user name and password and try again. If the problem |
| persists please contact the administrator. |
|
|
Active Directory | Enter the correct domain name in network settings. If the problem |
| persists please contact the administrator for the correct realm |
| name for your server. |
|
|
Information Failed User Authentication | Check Domain Name/User Name/Password |
|
|
SNTP Server - Connect Error has occurred | The equipment could not connect to the SNTP Server. Check the |
| SNTP settings. |
|
|
No IKE proposal chosen | Check the IKEv1/IPsec proposal parameters |
| (like encryption/authentication algorithms, DH group, |
| authentication methods) in MFP and peer machine. |
|
|
IKE Certificate Authentication failed | Check |
| 1. CA and user certificate in both MFP and remote peer - |
| certificate timestamp and IPsec Certificate template should be |
| valid. |
| 2. CRL DP server name is mapped in MFP’s host table or DNS |
| entry. |
| 3. Certificate against CRL. |
|
|
IKE | Mismatch in IKEv1 Pre Shared Key. Check the PSK in MFP and |
| remote machine. |
|
|
Invalid Certificate | Check the CA and user certificate in MFP and peer machine. |
|
|
Certificate Type unsupported | Check the user certificate type. Supported type is “.pfx” file only. |
|
|
Invalid certificate authority | Check the CA certificate in MFP and peer machine. |
|
|
Certificate unavailable | Certificate has been deleted from Certificate store. |
| corresponding certificates using Security Services. |
|
|
No ISAKMP SA established | Check the IKEv1/IPsec proposal parameters |
| (like encryption/authentication algorithms, DH group, |
| authentication methods) in MFP and peer machine. |
| Check |
| 1. CA and user certificate in both MFP and remote peer - |
| certificate timestamp and IPsec Certificate template should be |
| valid. |
| 2. CRL DP server name is mapped in MFP’s host table or DNS |
| entry. |
| 3. Certificate against CRL. |
|
|
Invalid Signature | Mismatch in Signature payload (MAC or IV). Check the CA and |
| user certificate in MFP and peer machine. |
|
|
No IKEv2 proposal chosen | Check the IKEv2/IPsec proposal parameters |
| (encryption/authentication algorithms, DH group, authentication |
| methods) in MFP and peer machine. |
|
|
IKEv2 Certificate Authentication Failed | Check |
| 1. CA and user certificate in both MFP and remote peer - |
| certificate timestamp and IPsec Certificate template should be |
| valid. |
| 2. CRL DP server name is mapped in MFP's host table or DNS |
| entry. |
| 3. Certificate against CRL. |
|
|
IKEv2 Secret key Authentication failed | Mismatch in IKEv2 Pre Shared Key. Check the PSK in MFP and |
| peer machine. |
|
|
Falling Back to IKEv1 | Remote machine is not supporting IKEv2. Going back to use |
| IKEv1. |
|
|
ISAKMP SA unusable (deleted) | Restart IPsec service on Peer and retry. |
|
|
Crypto operation failed | If Certificates are being used, |
| certificates using Security Services. Restart IPsec Service on |
| MFP. |
|
|
Invalid key information | Check IKE settings in MFP and peer. |
|
|
CA not trusted | Check the CA certificate in MFP and peer machine. |
| Check the CA certificate timestamp. |
|
|
94 Error Messages
