Skip to main content
Skip table of contents

CP can't reach Veridium EP server

Symptons

Credential Provider is showing error message "Re-connecting to VeridiumID server..."

Note: this error may have different root causes, this is only one of these. Check following text to find the correct one based on detailed log.

When staring BopsLogonService, following error event is registered on the Client machine:

Event Source: BopsLogonService
EventID: 10501
Severity: Information
Event body:
{
"Module": "RESTApi",
"Method": "RegisterWithBOPS",
"UserName":"",
"Messages":{},
"URL":"https://dev-dc2.dev.local/BopsEnroll/BopsEnroll.svc/sharedDevice/registerDevice",
"InputJSON":{"biometricsCapabi.....":..."FACE","4F"],"context":{"deviceMake":"Unknown","deviceModel":"Unknown","ip":"","language":"en-US","localDateTime":"Wed, 13 Apr 2022 16:07:43 GMT","osName":"Windows 8","osVersion":"","serviceIdentifier":"Veridium Credential Provider","timezoneOffset":-60,"userAgentDevice":"Personal computer","userAgentName":"","userAgentVersion":""},"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMII...=\n-----END CERTIFICATE REQUEST-----\n","externalId":"S-1-5-21-410015106-2063711249-828150371-1262","memberExternalId":"ADv2MultiStepEnrollment","os":"WIN","val1":"ac3478d69a3c81fa62e60f5c3696165a4e5e6ac4","val2":"bd307a3ec329e10a2cff8fb87480823da114f8f4"},
"OutputJSON":,
"Return":{
"ReturnCode":10401, "Description": "Unauthorized"
},"ActivityStartTime": "",
"ActivityEndTime" : "",
"Duration" : 1868,
"Version" : "3.2.0.0"
}

and

Event Source: BopsLogonService
EventID: 65535
Severity: Error
Event body:RegisterBops() ERROR:10401 apiError:Unauthorized

and

in IIS log on IIS level (by default stored on C:\inetpub\logs\LogFiles\W3SVC1), could be found following entries:
2022-04-13 16:31:37 10.0.20.172 POST /BopsEnroll/BopsEnroll.svc/sharedDevice/registerDevice - 443 - 10.31.79.64 cpprestsdk/2.6.0 - 401 2 5 96

Root cause

Bops Logon Service is started using a computer account. Computer must be member of domain, where Enrollment EP is installed as well. Error 401 2 5 means Authentication error of client (in this case computer) against IIS. IIS is set to use Windows Integrated Authentication to verify client call.
Root causes could be several:

  • Computer is not member of domain where VerisiumEP is installed

  • HTTP request going from Client Computer toward Veridium EP has filtered request headers.

Resolution

  • Verify if computer is really having connectivity to Domain. Check following:

  • Refer to chapter 1.6.2. VeridiumID Enrollment Proxy verification to verify Veridium EP installation

  • Check if client computer is member of same domain as Veridium EP Server. Use klist.exe to verify presence of computer kerberos ticket.

  • Check what servers are in between client ans Veridium EP, specially firewalls, proxy servers, load balancers etc. Some of the component may filter authentication headers.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close