This error message appears when a user performs an NFC tap with their Nymi Band, for example, to log into Evidian SSO.
Object not Found is a generic error, and requires log file investigation for additional error messages to narrow down the specific reason for the failure.
To narrow down a cause, review the Evidian log files for additional error messages that appear before the Object not found error.
For example, review the WGSS(nymi) log file and search for the error code 0x81010009. This is the error code that is associated with Object Not Found error.
Review the error messages that appear before the 0x81010009 error.
Cause
Potential causes include:
- The user terminal cannot establish a connection to the NES server due to network issues.
- The BLE adapter is not plugged into the user terminal at the time the Nymi Band tap is performed on an NFC reader.
- SPNs are not correctly configured in the environment for NES.
- The NEA certificates have expired on the user
terminal and the user terminal cannot retrieve NEA
certificates from the NES server.
In the sample log output below, we can see that the message WearableExtension.cpp :0440: Ext::GetListOfVisibleDevices returns: 0x8101201c appears before the Object not Found error.
704:(22/03/17 06:13:14.149):CHttpClient.cpp :0402: -> CHttpClient::GetHttpStatus 704:(22/03/17 06:13:14.149):CHttpClient.cpp :0411: <- CHttpClient::GetHttpStatus 704:(22/03/17 06:13:14.149):NesClient.cpp :0114: Error from token request--code: 0 - message: 'The operation is complete" ' 704:(22/03/17 06:13:14.149):NesClient.cpp :0122: <- nymi::NesClient::AuthenticateWithToken 704:(22/03/17 06:13:14.149):Listener.cpp :0411: Unable to get token with USER creds 5bc:(22/04/04 13:31:31.469):WearableExtension.cpp :0440: Ext::GetListOfVisibleDevices returns: 0x8101201c 5bc:(22/04/04 13:31:31.469):WearableExtension.cpp :0441: 0 visible devices 5bc:(22/04/04 13:31:31.469):AutoChrono.cpp :0029: [TIME] Wearable::FreeListOfDevices() : 0 ms 5bc:(22/04/04 13:31:31.469):WearableExtension.cpp :0495: <- CWearableExtension::ValidateProvisions returned: 0x81010009 5bc:(22/04/04 13:31:31.469):AutoLock.cpp :0178: CS Unlock(WEProtectDll) 5bc:(22/04/04 13:31:31.469):WearableContext.cpp :0460: <- CWearableContext::ConnectUserWearableDevice returned: 0x81010009
The Evidian Errors and Events application provides the following error message for the 0x8101201c error code: FMK_E_SECURITY_CERTIFICATECHAINNOTTRUSTED
Inspection of the C:\Windows\System32\config\systemprofile\AppData\Roaming\Nymi\NSL\string\ksp directory shows that there are only the 8 locally-generated certificate files.
The nymi_api.log file displays the following errors:
WARN - Verifying NEA certs without an NES connection. Some checks will be skipped. ERROR - NSL: nsl_verify_nea_cert_chain, 2227, 5 ERROR - Error: ErrorWithMessage { error: MissingCerts, specifics: "Missing NES connection parameters. Please call `init` with additional fields \'nes_url\' and \'token\'" } INFO - sending update to nea {"operation":"init","exchange":"30809","status":8000,"payload":{},"error":{"error_description":"NEA missing certificates.","error_specifics":"Missing NES connection parameters. Please call `init` with additional fields 'nes_url' and 'token'"}}
The user terminal cannot retrieve the NEA certificates from the NES server over port 443 (by default). NEA certificates are used to secure communications between the Nymi Band and the BLE adapter. The NEA certificates are a combination of 8 locally-generated certificates files and 12 NES-generated certificate files. By default, the NEA certificates on a user terminal expire every 14 or 90 days by default, depending on the Connected Worker Platform(CWP) version. When the certificates expire, the user terminal initiates a request to retrieve certificates from the NES server when the Evidian Enterprise Access Management Security Service restarts or when an action occurs that requires certificates.
Resolution
Perform the following sequence of actions to determine the cause of the communication issue:
- Review the IIS log file in the C:\inetpub\logs directory on the IIS server that hosts the NES instance to confirm that communication between the user terminal and NES server occurs over http/https.
- Confirm that user terminal can successfully request authentication by token with the NES server.
- Review Troubleshooting Basic Connectivity Issues to confirm that the client can communicate with the NES server.
- Inspect firewall logs to confirm that bi-directional communication occurs between the client and server over http/https.
- Ensure that the BLE adapter is inserted into a USB port on the user terminal. If the adapter is in the USB port, reseat the adapter in the port, or try a different port.
- Review the article Troubleshooting SPN Issues.
Comments
0 commentsPlease sign in to leave a comment.