previous
next
The authorization token generated by the centralized management server, and required by the Security Proxy, was received by the proxy but either was not valid or has expired.
Possible causes
You are attempting to reconnect your Windows-based session after your authorization token has expired.
You are attempting to initiate a session from a settings file on your local disk instead on using a web page link, and your authorization token has expired.
The proxy server does not trust the centralized management server certificate.
Troubleshooting steps
Start and reconnect your sessions by using the link provided by your administrator for the host and session you want.
Reload and/or reauthenticate to the centralized management server links list page for your valid sessions.
Contact your centralized management server system administrator for additional troubleshooting assistance.
The authorization token generated by the centralized management server, and required by the Security Proxy, was not received by the proxy.
Possible causes
You are attempting to initiate a session from a settings file on your local disk instead of clicking on a web page link.
The centralized management server management server does not have a security certificate installed.
Troubleshooting steps
Always start and reconnect your sessions by clicking on the centralized management server link for the host and session you want.
Reload and/or reauthenticate to the centralized management server links list page for your valid sessions.
Contact your centralized management server system administrator for additional troubleshooting assistance.
The SSL/TLS handshake failed.
Cause(s)
If encryption strength was explicitly set, the server may not have accepted the requested encryption strength.
The server does not support SSL/TLS connections.
You are trying to connect using the wrong host port.
The server is not accepting connections or is down.
Your server does not support the SSL/TLS version running on your Windows operating system.
Your client is running in FIPS mode and this connection does not meet FIPS requirements. Troubleshooting steps
Select a different value for Encryption Strength, or set this to Default and try again. Check with your server's system administrator to determine the type(s) of encryption supported by the server.
Check with your system administrator to determine that the server is functioning properly. Disable SSL/TLS encryption in the Security Properties dialog box if you want to make an insecure connection.
Check the port you are using to make your connections. The default Telnet port is 23 for Telnet and 1570 for VT-MGR connections. In most cases, you will need to change this value for SSL/TLS connections. Check with your system administrator to find out what port value to use for your host.
Check with the system administrator for system status or try connecting later.
Configure the session to connect without sending a version-specific handshake.
Check to see if the server's certificate is unsupported in FIPS mode. The server certificate key size must meet FIPS standards for protecting the shared secret key that will be exchanged and used for encrypting the session. The host certificate key length requirements are:
|
Shared Key |
Host Certificate Key Requirement |
|---|---|
|
3DES (168-bit, but effectively 112-bit) |
RSA or DSA key with a minimum size of 1024 bits |
|
AES (128-bit) |
RSA or DSA key with a minimum size of 3072 bits |
The SSL/TLS client failed to find user credentials. The host you are connecting to requires that you authenticate using your personal certificate, but no personal certificate was found.
Troubleshooting steps
If you do not have a client certificate contact your system administrator to provide you with one.
If you have a client certificate containing both a public and private key, you must install it to the Personal store of either the Windows Certificate store or the Reflection Certificate Manager store.
The SSL/TLS handshake did not complete within the specified timeout period.
Cause(s)
Network load or slow connections did not allow the SSL/TLS handshake to complete within the timeout period. Because the SSL/TLS timeout period is comparable to the TCP/IP timeout, it is unlikely that you will encounter an SSL/TLS timeout problem without also encountering a timeout making your telnet connection.
Server or network is down.
Your server does not support the SSL/TLS version running on your Windows operating system.
Troubleshooting steps
It is not possible to reset the SSL/TLS timeout period.
Check with server or network administrator for status, or try connecting later.
Configure the session to connect without sending a version-specific handshake.
The session has been disconnected due to a corrupted message digest. The message digest is a mechanism that is used to detect whether the content of a message was changed while in transit from host to client.
Cause(s)
The message digest was corrupted due to a "dirty" network connection.
The message digest was corrupted due to an attempted hacker attack.
Troubleshooting steps
Reestablish the network connection. Contact a network administrator if you see this error repeatedly, as it could indicate hacker activity or bad network hardware somewhere between the client and server.
The certificate presented by the server was invalid or was not issued by a certification authority (CA) trusted by this user.
Cause(s)
The host's server certificate is not in your Trusted Root Certification Authorities list. If you have enabled use of the Windows certificate store, you can determine which trusted certification authorities are configured for your PC using the Certificate Manager. To launch this utility, open the Windows Control Panel, double-click Internet Options, select the Content tab, then click Certificates.
If you have disabled use of the Windows certificate store, you may see this message if you have not yet imported certificates into the Reflection Certificate Manager store. Use the Trusted Certification Authorities tab of the Reflection Certificate Manager to manage your list of trusted CAs.
The host's server certificate has expired.
Certificate revocation checking is not returning a valid response. This message is displayed if the certificate is no longer valid. If the certificate is valid, you may see this message if the client is not able to reach the OCSP responder or retrieve the CRL file.
Troubleshooting steps
Add the certification authority to the Trusted Certificate Authority list to either the Reflection Certificate Manager store or the Windows certificate store.
Add the certification authority to the Trusted Certificate Authority list to the Reflection Certificate Manager store.
Notify the host's system administrator to acquire a new certificate.
The certificate presented by the server does not contain a host name that exactly matches the host name that you (or your definitive local security provider, such as DNS) specified as the connection target.
Before making an SSL/TLS connection, the client authenticates the host system. The certificate presented by the host for this purpose must be from a trusted certificate authority. If your PC does not recognize the certificate authority, you will not be able to make SSL/TLS connections.
Cause(s)
The host name you configure in your session must exactly match one of the host names entered in the CommonName field of the certificate.
Troubleshooting steps
If you entered an IP address instead of a host name, try entering the host name, then reconnect.
If you entered an aliased hostname (for example, "myhost"), try entering the fully qualified host name (for example, "myhost.domain.com") and then reconnect. If you are contacting a host in another domain, you must use the fully qualified host name, rather than the shortened alias name.
Contact your system administrator to determine if your certificate should include the host name. If no host name is required, open the SSL/TLS tab of the Security Properties dialog box, click Configure PKI, and clear Certificate host name must match host being contacted. Do not make this change without consulting a system administrator. If you clear this setting when host names are used, you will reduce the level of security of your connections.
These messages apply only to connections configured to use the Windows Crypto API.
You have specified a higher level of encryption algorithm strength (or are using a settings file that specifies a higher strength) than is available on your system. This will usually occur in multi-national environments, where the system administrator has specified U.S. encryption strengths, but the end user's international operating system only has export level encryption.
Troubleshooting steps
Select a lower level of encryption strength or accept the default strength.
Rscapi.dll failed to load.
Cause(s)
Rscapi.dll is corrupted or missing.
Troubleshooting steps
Use the Microsoft Windows Installer to repair the damaged file. Use Add/Remove programs to repair your installation.
This system is missing one or more dynamic link libraries (DLLs) required for the Microsoft Cryptographic API Provider.
Cause(s)
Your system has corrupted versions of one or more of the Microsoft cryptographic libraries. Someone may have tampered with these files, or they may be corrupted for unknown reasons.
Your system does not have some or all of the required libraries. You may be using an operating system (such as Windows 95/98) which does not support access to the cryptographic libraries.
Troubleshooting steps
Reinstall Internet Explorer and/or your operating system to correct this problem.
Upgrade the operating system.
This machine is missing the Microsoft file Security.dll.
Cause(s)
Your system has corrupted versions of the Microsoft SSPI library. Someone may have tampered with this files, or it may be corrupted for unknown reasons.
Your system does not have the required Microsoft provided SSPI library. You may be using an operating system (such as Windows 95/98) which does not support access to the cryptographic libraries.
Troubleshooting steps
Reinstall Internet Explorer and/or your operating system to correct this problem.
Upgrade the operating system.
This machine is missing dynamic link libraries (DLLs) required for the Microsoft Security Service Provider Interface (SSPI).
Cause
Your system does not have the required Microsoft DLLs for access to SSPI. This indicates serious damage to one or more of your operating system files.
Troubleshooting steps
You may need to reinstall the operating system.