000021674 - Explanation for AA log file errors

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021674

> PASSMARK_ERROR | Couldn't decrypt/unwrap device token"

Root cause:                 Indicates we encountered a token encrypted using a key from a different seed.

Seen when:                 Happens when switch between production and test environments.

Impact:                               If you see this once or twice, it?s nothing to worry about

Recommended Action: Monitor logs for frequency and trends


> PROTOCOL_ERROR | No value for param PARAM_TOKEN

Root cause:                One of the start actions was called without a command token.

Seen when:                (1) Coding error on the client side (2) If it was called out of the blue

Impact:                       Variable

Recommended Action:


> ACCESS_BLOCKED | User 'USER_UNDEFINED' from IP address of '' attempted an unauthorized access to 'EnrollChallengeAction'

Seen when:                 In most cases this shows a normal user trying to return to a bookmark or hit back button after session has terminated

Risk:                          A pattern could indicate a fraudulent IP

Impact:                       Usually nothing to worry about

Recommended Action: Monitor logs for frequency and trends. Call RSA technical support if concerned.


> PROTOCOL_ERROR | Couldn't interpret message - check logs

Cause:                        Message keys cached in client and server are out of sync

Seen when:                 Happens when we can?t decrypt the message

Recommended Action:


Cause:                                An unhandled exception with empty message was thrown. An unexpected error was encountered or error handling was incorrect

Seen when:                 Can?t say much! 

Recommended Action: Nothing particular

> PASSMARK _ERROR | Command has expired!

Cause:                        Will happen if PM server got the command message after the expiration date.

Impact:                        If seldom seen it?s nothing to worry about

Recommended Action:  If happening consistently then check if client and server clocks are synchronized

Legacy Article IDa35538