IdentiKey Manager - Known Issues

Error Messages in IdentiKey Manager

Listed below are some common errors you may encounter when changing your password or answering/creating security questions in IdentiKey Manager. If you get an error that’s not on this list, sign out of IdentiKey Manager or close your browser and try again. If the error persists, try to take a screenshot and contact the IT Service Center for assistance. 

Error OIT-CL:001: Unable to find user based on information entered
  • Issue: This may appear during the activation process if entered User Information (e.g. birthdate ) does not match what is in our system.
  • Resolution: Make sure you are entering the correct information, try a different browser, or clear your cache. If you don't have a SSN, check your email for a message with your PIN number. If this error won’t go away, call the IT Service Center.
Error OIT-RS:002: Password requirements not met
  • Issue: This error can be caused by passwords that do not meet security requirements.
  • Resolution: Make sure your password meets all security requirements, and remove full common words from your password.
Error OIT-CL:005: Failed to retrieve challenge questions. Please try again later
  • Issue: This is most often caused by your network or session timing out. It is very common for users on CU Anschutz campus to get this error. This error can also occur if you do not have security questions set.
  • Resolution: Change the network you are on, or use your mobile phone with cellular data instead of using a wireless network. Follow the Activate My IdentiKey instructions to reset security questions and update password. 
Error OIT-CL:006: Challenge questions provided are not defined in system
  • Issue: Use of translation software with security questions can cause this error
  • Resolution: Disable any translation software and/or leave the first security question blank. 
Error OIT-CL:006: 500 Internal Server Error
  • Issue: This could be caused by server issues or if using symbols or non-alphanumeric characters in security question answers.
  • Resolution: Try using only english alphanumeric characters in your security question answers, and if possible one word answers. After getting the error once, try clearing your cache or log out and attempt using a different browser. 
Error OIT-CL:006: Invalid Payload Provided
  • Issue: This is a technical issue pertaining to the way security questions and passwords are saved to the system.
  • Resolution: Log out and attempt again. Ensure you are not using special characters or symbols in security questions.  
Error OIT-CL:006: 400 Bad Request
  • Issue: You will see this error if you have been locked out of IdentiKey Manager. Lockouts occur after 3 failed attempts logging in or answering security questions. 
  • Resolution: Contact the IT Service Center to unlock your account. 
Error OIT-CL:006:IAM-3030006: The following password policy rules were not met: Passwords must not be a dictionary word
  • Issue: This error can be caused by passwords that do not meet security requirements. In addition to the listed requirements, there are some common dictionary words that are not permitted for use in passwords (e.g. "buffalo" and "colorado").
  • Resolution: Make sure your password meets all security requirements, and remove full common words from your password.
Error OIT-CL:007: 500 internal server error
  • Issue: This is a server error within the IdentiKey Manager system. 
  • Resolution: Exit IdentiKey Manager and wait a few minutes before trying again. If the error persists, contact the IT Service Center to report the issue and OIT will investigate. 
Error OIT-CS:006: Unknown error: error
  • Issue: This is a server error within the IdentiKey Manager system. 
  • Resolution: Exit IdentiKey Manager and try again. Additionally, try to enter a new password without clicking between Password and Confirm Password fields.
Error OIT-DO:001: Duo account is not set up/Duo account has no devices set up

As part of the identity proving process to protect your account, users are expected to be enrolled in Duo multi-factor authentication with a trusted device. You’ll get this error if the Identikey systems cannot use Duo to confirm who you are before enabling you to reset your Identikey password. Contact support if you encounter this issue so that they can help you reset your password and confirm your Duo set up.

Error OIT-DO:001 - Account is eligible for reclaim

If you encounter this error, it means your account is not enrolled in Duo multi-factor authentication at all, and Duo cannot be used to prove who you are. Follow the link provided in the error to go through an exercise to validate your identity before you will be allowed to reset your password. If you cannot answer the questions for providing your identity, contact support.

Error OIT-DO:003 - Unexpected Duo Error

If you encounter this error, it means that the mechanism by which Duo multi-factor authentication is trying to authenticate you - text message, phone call, or push - is not working. Wait a full 5 minutes and try again. If Duo has had too many push attempts in a minute, it will lock your account for 5 minutes before new codes will be issued.

Error OIT-OI:002: Failure - getToken
  • Issue: This is a server error, often caused by interrupted network connection. 
  • Resolution: Click sign out or close your browser, wait a few minutes then try again.
Error OIT-OI:004: Failure - getusername!
  • Issue: This error is often caused by interrupted network connection. 
  • Resolution: Click sign out or close your browser, clear your cache, wait a few minutes then try again.
Error OIT-OI:006: Failure - getuserid 4!
  • Issue: This error is often caused by interrupted network connection. 
  • Resolution: Click sign out or close your browser, clear your cache, wait a few minutes then try again.
Error OIT-OI:011 IAM-3030006 : Password policy failed
  • Issue: This error can be caused by passwords that do not meet requirements listed. In addition to the listed requirements, there are some common dictionary words that are not permitted for use in passwords (e.g. "buffalo" and "colorado"). May also occur if one of previous 5 passwords are attempted or if customer's name is in the new password. 
  • Resolution: Make sure your password meets all security requirements, and remove full common words from your password.
Error OIT-OI:011 IAM-3040012 : The password change operation failed while validating old password
  • Issue: This error may show if you haven't activated since OIT moved systems to IdentiKey Manager in 2018. 
  • Resolution: Follow the Activate My IdentiKey instructions. 
Error OIT-RS:004:IAM-3040018: The number of questions answered correctly does not match the number of correct answers required. Please ensure that all questions are answered correctly.
  • Issue: This error will appear if you don't answer an answer for one of your selected security questions.
  • Resolution: Put answers for all questions and try again. If you receive this error a second time, OIT suggests following the Activate My IdentiKey instructions, which will allow you to reset your security questions. 
Invalid characters for Passwords and Security Questions
  • Issue: This error may appear if you have characters not allowed in your password or security questions. 
  • Resolution: Ensure you’re not using disallowed characters in your password, and try to use only English  alphanumeric characters in your security questions.
You must answer 3 of the security questions
  • Issue: Using the same answer for more than one security question may result in this error, even if you have more than three other questions with different answers filled in.
  • Resolution: Check that none of your answers are the same and try again, or only answer three questions.

 

My new password hasn't updated in other applications

  • Issue: When changing a password in IdentiKey Manager it may take up to 30 minutes for the password to sync to other CU Boulder applications that use IdentiKey credentials. If you try to log in right away to an application (e.g. Microsoft 365), your new password may not work.
  • Resolution: Try using your old password if you need to immediately log in, or wait 10-30 minutes and try again. You may also need to use your old password for a short time to log in to your computer if you are supported by DDS.

I updated my password, but am constantly getting locked out, especially when on campus

A very common issue after updating a password in IdentiKey Manager is getting locked out of other services. This is usually caused either by password autofill programs or the eduroam secure wireless service

  • Update password autofill: If you save passwords in a browser like Chrome, it may be that the password did not update when you changed it in IdentiKey Manager. First, check your browser or password manager settings to make sure any autofill passwords have been removed or updated.
  • Eduroam: Eduroam credentials are often stored locally on devices, so changing your IdentiKey password using IdentiKey Manager will often cause an eduroam authentication failure. Because of how the service operates, eduroam will then continue trying to connect, and often users hit the threshold for OIT's lockout precaution without realizing the cause.
    The most reliable method for correcting this authentication issue is to repeat the onboarding process. Visit the eduroam service page to learn how to re-enroll your device in the eduroam service, or remove the network from your device and switch to UCB Wireless.