Audit messages

Table: Audit messages
Message code Description Notes
E000001 A system error has occurred. This message is used whenever there is a general processing error. It will contain full details of the error.
E001001 The DIGIPASS Plug-In failed to start up. The Plug-In encountered a fatal error on startup such as an invalid or missing configuration file.
E001002 The DIGIPASS Plug-In has been forced into the disabled state. The plug-in has started up, but is in a disabled state in which it will not process authentication requests. This is typically caused by a license problem (an invalid or missing license key in the plug-in's client component record), an invalid component location setting in the configuration file, or a missing component record for the plug-in.
E001003 The Authentication Server failed to start up The Authentication Server encountered a fatal error on startup. This is typically due to an invalid or missing configuration file or failure to connect to the data store.
E002001 The Active Directory AAL3 library failed to initialize. The Active Directory AAL3 library encountered a fatal error on initialization, e.g. invalid configuration settings in the configuration file.
E002002 The DIGIPASS Authentication library failed to initialize. The Authentication library encountered a fatal error on initialization, e.g. invalid configuration settings in the configuration file.
E002003 The ODBC AAL3 library failed to initialize. The ODBC AAL3 library encountered a fatal error on initialization, e.g. invalid configuration settings in the configuration file.
E002004 The RADIUS protocol handler failed to initialize.

The protocol handler that receives and processes RADIUS requests did not start up. This may be because of a missing license key in the Authentication Server component record, or because the license key in that component record does not enable RADIUS support. Look for the line RADIUS=Yes in the license key details.

A common reason for this error, when RADIUS is enabled in the license key, is that the RADIUS ports are already in use by another process on the machine.

Alternatively, the configuration settings may be invalid.

E002005 The Authentication Server AAL3 library failed to initialize. The authentication server AAL3 library encountered a fatal error on initialization, e.g. invalid configuration settings in the configuration file.
E002006 The Replication library failed to initialize. The replication library encountered a fatal error on initialization, e.g. invalid configuration settings in the configuration file.
E002007 Initialization of a Replication destination server failed. The replication library found the configuration of a destination server to be invalid. The library will still start up if its main configuration settings are valid and there is at least one valid destination server. For the invalid destination servers, this audit message is generated.
E002008 The Authentication Server protocol handler failed to initialize. The protocol handler that receives and processes administration requests and authentication requests from the IIS modules failed initialization. This is typically due to invalid configuration settings or because the API port is already in use by another process on the machine.
E002009 The VM2 Compatibility protocol handler failed to initialize. The protocol handler that receives and processes authentication requests from the VACMAN Middleware version 2 IIS modules failed initialization. This is typically due to invalid configuration settings or because the API port is already in use by another process on the machine.
E002010 The SOAP protocol handler failed to initialize. The SOAP protocol handler encountered a fatal error on initialization. Typically, this occurs when the SOAP ports configured in OneSpan Authentication Server are already in use by another application or service.
E002011 The RADIUS dictionary was loaded but with some errors. OneSpan Authentication Server failed to import one or more RADIUS attribute definitions from the RADIUS dictionary due to parse errors. Those parse errors were ignored and OneSpan Authentication Server succeeded to import the remaining RADIUS attribute definitions.
E002012 Failed to load the RADIUS dictionary file. OneSpan Authentication Server failed to load the RADIUS dictionary file because the file was not available. This could be due to an incorrect configuration (incorrect path to and/ or dictionary file name).
E009001 An error occurred in the Message Delivery Component. Message Delivery Component (MDC) encountered an error during the process of submitting a request to the HTTP gateway and interpreting the response. This may indicate a configuration problem for the gateway or connectivity issues. The audit message may contain further details from the gateway.
E012001 The RADIUS Profile was not found in Steel-Belted RADIUS.

When a RADIUS profile name is in the user account but that name is not found in SBR, the login is failed with this error.

This can also occur if there is no RADIUS profile in the user account, but there is a default RADIUS profile configured that was not found in SBR.

E012002 The RADIUS Attribute was not known by Steel-Belted RADIUS.

When the user account has a RADIUS attribute in its Authorization Profiles/Attributes list, the attribute must be found in SBR. When such an attribute is not known to SBR, the login is failed with this error.

The most likely reason for this error to occur is that the spelling of the attribute Name is different in SBR compared to the user account. This may also occur if the value of the attribute does not convert to the correct data type expected by SBR. For example, if an IP address attribute has a value which is not a representation of an IP address.

E013001 A connection to an ODBC data source could not be established.

An attempt to connect to an ODBC data source failed. This may be caused by any of the following:

  • The database is unavailable for some reason such as rebooting.
  • The database is too busy temporarily to service the connection.
  • There are networking problems.
  • Your credentials used in connecting to the database are invalid.
E013002 A connection to an ODBC data source is broken.

An established connection to an ODBC data source has broken. This may be caused by any of the following:

  • The database suddenly becomes unavailable for some reason such as rebooting.
  • The database becomes too busy temporarily to service the connection.
  • There are networking problems.
E013003 The migration subsystem cannot migrate the data record. Data migration is enabled, but the migration subsystem cannot migrate the data record. This usually happens if the data migration failed due to an error.
E013004 The data version cannot be handled by this server. Data migration is enabled, but the migration subsystem is unable to handle the data record. This usually happens if the record data version is unsupported.
E016001 End synchronization for profile incomplete by error. This audit message is produced by the LDAP Synchronization Tool.
E020001 Task management failed to start. OneSpan Authentication Server failed to initialize and start the task scheduler.
E020002 Task management failed to stop. OneSpan Authentication Server failed to stop the task scheduler.
W004001 A connection attempt to Active Directory failed.

An attempt to connect to an Active Directory domain controller failed. This may be caused by any of the following:

  • The domain controller is unavailable for some reason such as rebooting.
  • The domain controller is too busy temporarily to service the connection.
  • There are DNS or networking problems.
W004004 A connection attempt to a Replication destination server failed.

An attempt by the Replication library to connect to a destination server failed. This may be caused by any of the following:

  • The incorrect IP address or port is configured.
  • The destination server is unavailable for some reason such as rebooting.
  • There are networking/connectivity problems, such as an intermediate firewall blocking the port.
W005001 A connection to Active Directory has terminated due to an error.

An established connection to an Active Directory domain controller has broken. This may be caused by any of the following:

  • The domain controller suddenly becomes unavailable for some reason such as rebooting.
  • The domain controller becomes too busy temporarily to service the connection.
  • There are DNS or networking problems.
W005004 A connection to a Replication destination server has terminated due to an error.

An established connection to a destination server has broken. This may be caused by any of the following:

  • The destination server suddenly becomes unavailable for some reason such as rebooting.
  • There is a temporary networking or connectivity problem.
W006001 An invalid RADIUS packet has been received.

A RADIUS request received was invalid (did not conform to the RADIUS protocol). The request is discarded.

This can also occur when a response is received from a RADIUS Server to which a request was forwarded, if the response was invalid. The response is discarded.

W006002 A RADIUS request has been received from an unknown source.

A RADIUS request was received but there is no RADIUS client component for the source of the request, and there is no “default” RADIUS client component. The request is discarded.

This audit message will be repeated at intervals when the same unknown source sends requests, but not for every request.

W006003 A request has been received from a RADIUS Client with no Shared Secret defined.

A RADIUS request was received where there is a RADIUS client component for the source of the request, but that component record does not have a shared secret defined. Therefore, it is not possible to handle the request and it is discarded.

This will not occur if there is a "default" RADIUS client component that has a shared secret.

This audit message will be repeated at intervals when the same source sends requests, but not for every request.

W006004 A RADIUS request forwarded by this server has been received – there must be a circular proxy chain.

This can occur when the forwards a request to a RADIUS server, and the RADIUS server forwards the request back, due to its own proxy rules. It can also occur indirectly in a longer 'proxy chain'. The request is discarded, otherwise an infinite loop could be created.

If this occurs, there must be an error in the proxy configuration of the RADIUS server(s).

W006005 An Access-Challenge received from the RADIUS Server cannot be handled.

This can occur when the OneSpan Authentication Server forwards a request to a RADIUS server and the RADIUS server responds with an Access-Challenge. An Access-Challenge can only be handled when the OneSpan Authentication Server forwards the password unmodified to the RADIUS server. If the OneSpan Authentication Server verifies an OTP and forwards the static password to the RADIUS server, it is not possible to handle an Access-Challenge from the RADIUS server.

W006006 A RADIUS Server is not responding. The OneSpan Authentication Server has not managed to get a response from the RADIUS server for some time. This message indicates that there may be a problem with the RADIUS server.
W009001 Virtual DIGIPASS one-time password delivery failed. The MDC could not successfully deliver a text message via the HTTP gateway. The audit message should contain further details from the gateway.
W009002 Unable to send activation notification message due to missing destination attribute in the user account.

The activation notification could not be sent, because no destination attribute is specified in the respective user account.

This audit message is usually recorded during delayed activation, if the activation/registration operation completes successfully, but the notification messages cannot be sent.

W009003 Delivery of a pending operation notification message failed.

A notification regarding a pending operation could not be sent (maker–checker authorization).

This audit message is recorded, if a pending operation has been successfully created, approved, rejected, or deleted, but the respective notification message cannot be sent.

W009004 Delivery of a push notification message skipped because of duplicate device ID or PNID.

A push notification message was not sent because a duplicate device ID or DIGIPASS Push Notification Identifier (PNID) for the relevant authenticator license was detected. This can for example occur if the user deletes the app that is used with the relevant authenticator from their mobile device.

Push notification messages are sent only once per license to the same device.

W010001 A blank password was used for back-end authentication, as Stored Password Proxy is disabled and the user did not enter a static password.

This message only occurs when the back-end authentication setting is Always.

When Stored Password Proxy is disabled, the OneSpan Authentication Server does not pass on the password stored in the user account to Windows for back-end authentication. If a user does not enter their password as well as their OTP, the login will fail because their password has not been provided to Windows.

W011001 A Backup Virtual DIGIPASS quota of uses has been finished. BVDP Uses Remaining has just been decremented to 0 for an authenticator. The user will not be able to use that authenticator for backup Virtual Mobile Authenticator logins until the Uses Remaining is increased or cleared.
W011002 No DIGIPASS was found to assign to a new user account for Auto-Assignment.

No available authenticator were found for auto-assignment. This may be because: there were no unassigned authenticator in the right location; the unassigned authenticator did not conform to policy restrictions; the unassigned authenticator were Reserved for individual assignment.

The location in which the OneSpan Authentication Server searches for available authenticator records can be controlled to some extent using the Search Upwards in Org. Unit hierarchy setting.

W011003 A user account has become locked.

A user just exceeded the User Lock Threshold of failed logins and their user account is now locked. Administrator action is required to unlock the account.

When a client application is configured to use auto-unlock and the user account becomes locked, the audit message also contains the date and time when the end user will be able to authenticate again to auto-unlock their user account.

W011004 DIGIPASS auto-assignment has been ignored because Maker–Checker is enabled. When maker–checker authorization is enabled, assigning an authenticator requires the approval of a checker administrator. Thus, auto-assignment is ignored, even if auto-assignment has been selected in the applicable policy.
W011005 No offline authentication data could be generated.

This message is audited when no applicable authenticator application can be found to generate offline authentication data. A authenticator application is applicable for generating offline authentication data, if it is a Response-Only authenticator application without scoring support.

This occurs, for instance, when a user authenticates using push notification and no such authenticator application is present on the assigned primary authenticator.

W011017 Offline authentication data has been received from a client for which offline authentication is disabled. OneSpan Authentication Server received an authentication request from a Digipass Authentication for Windows Logon client (2.0 or later), which includes an offline authentication data usage update (state data), although offline authentication is disabled in the effective policy.
W012001 A Replication queue entry has been rejected due to possible tampering. This message is audited when OneSpan Authentication Server detects that the replication queue entry’s hash value is incorrect. This could be due to possible replication entry tampering.
W012002 A Replication update received has been ignored, as the local data is more up-to-date.

The Authentication Server has received a data update from another Authentication Server via the replication process, but its local data is already newer than the data received via replication.

It is normal that this can occur, but it can also indicate a potential synchronization issue.

W012003 A Replication queue entry has not been inserted. This can occur when a replication queue has reached its maximum size. This is most likely to occur when the destination server is down or cannot be contacted due to a networking problem.
W012004 A failed attempt to append to the replication queue has been deleted. This message is audited when OneSpan Authentication Server fails to add a replication entry into the replication queue and finally deletes the replication entry.
W013001 An invalid request has been received by the Authentication Server. The Authentication Server has received an invalid authentication, administration or replication request.
W013002 A request has been received by the Authentication Server from an unknown source. The Authentication Server has received an authentication, administration or replication request from an unknown or unauthorized source. If the request was from a valid source, this message indicates that a component record is missing (or that a required restart of the service has not been made since the creation of the necessary component record).
W014001 The License Key is missing or invalid. A valid, unexpired license key is required to process any kind of authentication request. This message will be generated periodically when authentication requests are received by the Authentication Server, when it does not have a valid license key.
W015001 An invalid request has been received by the SOAP server.  
W015002 A request has been received from a client for which the component record is disabled. OneSpan Authentication Server received a request for a client component that is disabled.
W016001 Synchronization incomplete. This audit message is produced by the LDAP Synchronization Tool
W016002 User link for synchronization not attempted. This audit message is produced by the LDAP Synchronization Tool
W016004 Synchronization of user information attributes during Dynamic User Registration failed. User information attributes from the back-end system have not been added to the user account during Dynamic User Registration.
I001001 The DIGIPASS Plug-In has started up successfully. Configuration details are given in the audit message.
I001002 The Authentication Server has started up successfully.

Configuration details are given in the audit message.

Note that the Authentication Server can start up successfully even if a component such as the RADIUS protocol handler does not start up successfully.

I001004 The migration of server data after upgrade has been finished. OneSpan Authentication Server detected that the server data migration has completed. All server data has been converted to the current data schema version.
I002001 The Active Directory AAL3 library has been initialized successfully. The Active Directory 'AAL3' library has completed initialization. Configuration details are given in the audit message.
I002002 The DIGIPASS Authentication library has been initialized successfully. The Authentication library has completed initialization. Configuration details are given in the audit message.
I002003 The ODBC AAL3 library has been initialized successfully. The ODBC AAL3 library was initialized successfully. Configuration details are given in the audit message.
I002004 The RADIUS protocol handler has been initialized successfully. The protocol handler that receives and processes RADIUS requests started up. Configuration details are given in the audit message.
I002005 The Authentication Server AAL3 library has been initialized successfully The Authentication Server AAL3 library was initialized successfully. Configuration details are given in the audit message.
I002006 The Replication library has been initialized successfully. The replication library was initialized successfully. Configuration details are given in the audit message.
I002007 Initialization of a Replication destination server succeeded. The replication library initialized a destination server successfully. Configuration details are given in the audit message.
I002008 The Authentication Server protocol handler has been initialized successfully. The protocol handler that receives and processes administration requests and authentication requests from the IIS modules was initialized successfully. Configuration details are given in the audit message.
I002009 The VM2 Compatibility protocol handler has been initialized successfully. The protocol handler that receives and processes authentication requests from the VACMAN Middleware version 2 IIS modules was initialized successfully. Configuration details are given in the audit message.
I002010 The SOAP protocol handler has been initialized successfully. OneSpan Authentication Server has successfully initialized the SOAP communication sub-system and has started listening for incoming requests.
I003001 The DIGIPASS Plug-In has shut down.  
I003002 The Authentication Server has shut down.  
I004001 A connection attempt to Active Directory was successful.  
I004004 A connection attempt to a Replication destination server was successful.  
I005001 A connection to Active Directory has been terminated normally. An established connection to an Active Directory domain controller has ended with a normal disconnection.
I005002 A connection to Active Directory has been timed out for load-balancing. An established connection to an Active Directory domain controller has been ended for load-balancing purposes. Periodically, the connections will be dropped and new ones established, in case there is a less busy domain controller available. The time period is defined by the configuration setting Max-Bind-LifeTime in the file, in minutes.
I005004 A connection to a Replication destination server has been terminated normally. An established connection to a replication destination server has ended with a normal disconnection.
I006001 A RADIUS Access-Request has been received. OneSpan Authentication Server has received an access request. The audit message will indicate what action will be taken as well as key details of the request.
I006002 A RADIUS Accounting-Request has been received. OneSpan Authentication Server has received an accounting request. The audit message will indicate what action will be taken as well as key details of the request.
I006003 A RADIUS Server has started responding again. After OneSpan Authentication Server had not managed to get a response from the RADIUS server for some time, this message indicates that it is responding again.
I007001 A RADIUS Access-Accept has been issued. The OneSpan Authentication Server has accepted an Access-Request. Note however that it is still possible that after the OneSpan Authentication Server has accepted the request, another component of the overall process may still decide to reject the request ultimately.
I007002 A RADIUS Access-Challenge has been issued. OneSpan Authentication Server has issued a challenge, either Challenge/Response or Virtual Mobile Authenticator.
I007003 A RADIUS Access-Reject has been issued. OneSpan Authentication Server has rejected an access request.
I007004 A RADIUS Accounting-Response has been issued. OneSpan Authentication Server has acknowledged an accounting request. Note however that, unless the request is forwarded to a RADIUS server, no processing is carried out by the OneSpan Authentication Server.
I008001 A DIGIPASS has been moved for assignment to a user. Upon assignment of an authenticator to a user, if the authenticator is not already in the same location (organizational unit) as the user, it is moved to that location.
I008002 A user-to-user link has been removed due to assignment of a DIGIPASS. If a user account is linked to another in order to share the authenticator, it must not have an authenticator assigned itself. If an authenticator is assigned, the link will be broken.
I009001 A Virtual Mobile Authenticator one-time password has been delivered.

The MDC successfully delivered a text message via the HTTP gateway, as reported by the gateway. The audit message may contain further details from the gateway.

Note that depending on the gateway, it may still be possible for delivery to fail after the gateway has reported success.

I010001 User authentication was not handled.

OneSpan Authentication Server decided not to handle an authentication request due to policy and/or user account settings. The main reasons why this may occur are: the effective Local Authentication and back-end authentication settings were both None; the user failed the Windows Group Check, using the Pass Requests for users not in listed groups back to host system option.

Note that the effective settings are the effective settings of the policy, unless the user account overrides the policy.

I010002 A stored password change was unhandled.

OneSpan Authentication Server decided not to handle a password change request due to policy and/or user account settings. The main reasons why this may occur are: the effective Local Authentication and back-end authentication settings were both None; the user failed the Windows Group Check, using the Pass Requests for users not in listed groups back to host system option.

Note that the effective settings are the effective settings of the policy, unless the user account overrides the policy.

I011001 A DIGIPASS grace period has been ended by the use of a one-time password

The grace period expires automatically when a one-time password (OTP) is used to authenticate for the first time, i.e. after the OTP has been successfully validated (if it has not been set manually to expire prior to that in the relevant policy). It also expires after a successful MDL activation, either using an OTP or a signature validation. After the grace period has expired, depending on the Local Authentication settings in the relevant policy, users can then either continue to use both their static password or their authenticator (DIGIPASS or Password), or must only use the authenticator (DIGIPASS/Password during Grace Period or DIGIPASS Only) to log on.

I011002

A Backup Virtual DIGIPASS expiration date has been set due to the first request for a Virtual one-time password.

A user has requested a backup Virtual Mobile Authenticator OTP for the first time, when the effective Backup VDP Enabled setting is Yes – Time Limited and they did not already have an Enabled Until date set on their authenticator. At this time, they are given the Time Limit from the policy by adding it to the current date.
I011003 A Backup Virtual DIGIPASS time limit has been expired by the use of the normal one-time password.

A user who has been using backup Virtual Mobile Authenticator(Backup VDP) has used their normal OTP login using the authenticator again. When the effective Backup VDP Enabled setting is Yes – Time Limited, using the normal OTP login ends their time limit immediately. This is done by setting the Enabled Until date on their authenticator to the current date.

An administrator action is required to reset their Enabled Until date, if the user is to be allowed to use backup Virtual Mobile Authenticator again.

I011004 A backup Virtual Mobile Authenticator quota of uses has been set due to the first request for a Virtual one-time password. A user has requested a backup Virtual Mobile Authenticator OTP for the first time, when the effective Backup VDP Max. Uses/User setting is greater than 0 and they did not already have a Uses Remaining date set on their authenticator. At this time, they are given the Max. Uses/User limit from the policy.
I011005 A user account has been created using Dynamic User Registration. A user account has been created automatically upon successful back-end authentication. This occurs when the Dynamic User Registration feature is enabled.
I011006 A new static password has been stored using Password Autolearn. A new static password has been stored in the user account after successful back-end authentication. This occurs when password autolearn is enabled.
I011007 A DIGIPASS has been assigned to a new user account using Auto-Assignment. Upon creation of a new user account through Dynamic User Registration (DUR), an available authenticator has been assigned to the new account automatically. This occurs when auto-assignment feature is enabled.
I011008 A DIGIPASS has been assigned to a user account using Self-Assignment. A user has successfully assigned an authenticator to themselves using self-assignment.
I011009 A DIGIPASS challenge has been issued for a Self-Assignment attempt. A user has obtained a challenge during an attempt to assign an authenticator to themselves using self-assignment. To complete the assignment, they must provide the correct response to the challenge from the authenticator.
I011010 A user has changed their DIGIPASS PIN. A user has changed the Server PIN during logon, or set it up on first use or after a PIN reset.
I011011 A DIGIPASS has been assigned to a DIGIPASS user account in Provisioning registration. The command has auto-assigned a new authenticator license to the specified user.
I011012 Added new DIGIPASS for Web activation location A new authenticator has been added for a Web activation location during software authenticator Provisioning.
I011013 Static Password Update Successful The static password for the user has been successfully changed.
I011014 A DIGIPASS has been assigned to a DIGIPASS User Account by an Administrator. An administrator has assigned an authenticator to an authenticator user.
I011015 A static password has been randomized and updated with AD successfully. OneSpan Authentication Server has successfully generated a new random static password for the user and has updated this new password for this user in Active Directory.
I011016 Offline authentication data generated successfully. OneSpan Authentication Server has generated new offline authentication data for the Digipass Authentication for Windows Logon according to the policy settings for the offline data generation.
I011017 Authentication Server has received offline authentication state data. OneSpan Authentication Server has received an offline authentication data usage update from a Digipass Authentication for Windows Logon client.
I011018 Offline data in unconfirmed state, offline data needs to be re-generated. OneSpan Authentication Server has detected that the offline data for the Digipass Authentication for Windows Logon client is in an unconfirmed state. As a consequence, the offline data will be re-generated.
I011019 A DIGIPASS has been unassigned from a DIGIPASS user account by an administrator. An authenticator has been unassigned from a user account during the execution of the command.
I011020 A user account has been unlocked after successful authentication. A previously locked user account has been unlocked by the user auto-unlock mechanism after a successful authentication.
I012001 A query has been specified [object] for report generation.  
I013001 A connection to an ODBC data source has been made successfully.  
I013002 A connection to an ODBC data source has been terminated normally. An established connection to an ODBC data source has ended with a normal disconnection.
I013003 A data record has been migrated successfully.  
I016001 Start synchronization for profile. This audit message is produced by the LDAP Synchronization Tool.
I016002 End synchronization for profile. This audit message is produced by the LDAP Synchronization Tool.
I016003 End synchronization for profile incomplete by terminate request. This audit message is produced by the LDAP Synchronization Tool.
I016004 Synchronization of user information attributes during Dynamic User Registration was successful. User information attributes from the back-end system have been added to the user account during Dynamic User Registration.
I020001 Task management has started successfully. The sub-system in charge of the task management has started successfully.
I020002 Task management stopped. The sub-system in charge of the task management has stopped successfully.
I020010 Task started. The execution of an individual background task has started.
I020011 Task completed. The execution of an individual task has completed.
I020012 Task canceled. The execution of an individual background task has been canceled.
I020020 Task created. A new task has been created successfully.
I020021 Task deleted. A task has been deleted successfully.
I020022 Task modified. A task has been modified successfully.
I020023 Task suspended. The execution of a task has been suspended.
I020024 Task resumed. The execution of a task has been resumed.
I020025 A Task has been reassigned by an Administrator. This audit message indicates that the ownership of a task was changed by an administrator. This usually happens when a user account is deleted and existing tasks are assigned to a successor user.
I021001 Epoch Header. This audit message denotes the start of a new secure auditing epoch.
I021002 Epoch Footer. This audit message denotes the end of a secure auditing epoch.
I030010 A pending operation has been scheduled for approval. A new pending operation has been scheduled and is awaiting approval by the checker administrator (maker–checker authorization). The audit message includes details about the command and target object.
I030011 A pending operation has been approved. A checker administrator has approved a pending operation in the context of maker–checker authorization.
I030012 A pending operation has been rejected. A checker administrator has rejected a pending operation in the context of maker–checker authorization.
I030013 A pending operation has been deleted. A pending operation has been deleted either explicitly, or after it was approved/rejected by the checker administrator in the context of maker–checker authorization.
I030021 A pending operation has been completed. A pending operation has been completed successfully after its approval via maker–checker authorization. The audit message includes details about the command and target object.
I030022 A pending operation has been reassigned by an Administrator. This audit message indicates that either the maker administrator or checker administrator of a pending operation was changed by an administrator. This usually happens when a user account is deleted and existing pending operations are assigned to a successor user.
I070001 A Report has been reassigned by an Administrator. This audit message indicates that the ownership of a report was changed by an administrator. This usually happens when a user account is deleted and existing reports are assigned to a successor user.
I070002 A Stored Report of the user has been deleted by an Administrator. This audit message indicates that a stored report was deleted by an administrator. This can happen when a user account with existing stored reports is deleted.
S001001 A query for a single [object] record was successful. OneSpan Authentication Server or an administrator has made a successful query to the data store for a single record. In the case of the OneSpan Authentication Server this may be a search for its component record. For an administrator it could be any single record query. The audit message has details of the record found.
S001002 A query for [object] records was successful. OneSpan Authentication Server or an administrator has made a successful query to the data store for some records. In the case of the OneSpan Authentication Server this may be a search for a RADIUS client component record. For an administrator it could be any list query. The audit message has details of the records found but this may be truncated.
S001003 A command of type [object] [command] was successful. An administrator has issued a successful data modification command such as an update of settings or one of the authenticator application operations like Reset PIN. The audit message has details of the command and results.
S002001 User authentication was successful. The Authentication library has passed authentication for a request. Note however that the OneSpan Authentication Server or another component of the overall process may still decide to reject the request ultimately.
S002002 User authentication issued a challenge. The Authentication library has issued a challenge for an authentication request, either Challenge/Response or Virtual Mobile Authenticator.
S002003 A random server challenge has been issued.  
S002004 A stored password change was successful. OneSpan Authentication Server has successfully processed a password change request.
S002005 Encrypted Static Password Change successful. OneSpan Authentication Server has successfully updated the encrypted static password for the selected authenticator (DP110).
S002006 Fast-reconnect granted for user. OneSpan Authentication Server successfully authenticated a user via a fast reconnect authentication.
S002007 A secure challenge has been issued. The command has successfully generated a secure challenge.
S002008 A signing request has been issued. The command has successfully generated a signing request.
S002009 Back-end password change was successful. The Active Directory static password of the user with a configured OneSpan Authentication Server back end was changed successfully.
S002011 Cancel user authentication was successful. The pending authentication via push notification was cancelled successfully.
S003001 A replication update was sent successfully. This message is audited at the source server, when a database change is sent to a destination server and processed successfully.
S003002 A Replication update received has been processed successfully. This message is audited at the destination server, when a database change is received and processed successfully.
S004001 An administrative logon was successful. An administrative logon to the Authentication Server was successful.
S004002 A Live Audit connection was successful. A Live Audit connection to the Authentication Server was successful.
S004003 An administrative session was closed. An administrative session was closed. This could be due to the session expiring, the session having been idle for too long, or due to an explicit session logoff performed by an administrator.
S004004 An administrative session was killed. An administrator has successfully killed an administrative session.
S005001 Registration Successful The registration of a software authenticator during Provisioning was successful.
S005002 Activation Successful The activation of a software authenticator during software authenticator Provisioning was successful.
S005003 Provisioning assignment successful The assignment of a software authenticator during software authenticator was successful.
S005004 Provisioning server time successful The server time command, used to get the server time to synchronize a Mobile Authenticator Studio device with the server, was successful.
S005005 Provisioning DSAPPGenerateActivationData successful The DSAPPGenerateActivationData command for provisioning has completed successfully.
S005006 Provisioning DSAPPActivate successful The DSAPPActivate command for provisioning was successful.
S005007 Provisioning DSAPPRegister successful The DSAPPRegister command for provisioning was successful.
S005008 Registration of a DIGIPASS license was successful. The command has successfully generated an activation message.
S005009 Registration of DIGIPASS device was successful. The command has successfully generated an activation message.
S005010 A DIGIPASS instance was successfully activated. The signature was successfully validated.
S005011 DSAPP-SRP registration was successful. The command has successfully registered DSAPP-SRP; this registration is required to authenticate the user and initiate a DSAPP-SRP provisioning operation.
S005012 DSAPP-SRP generation of ephemeral key was successful. The command has successfully exchanged keys for a DSAPP-SRP provisioning operation.
S005013 DSAPP-SRP generation of activation data was successful. Activation data for standard online activation or activation in multi-device licensing mode (Activation Message 1) were successfully generated and the generated activation data was successfully encrypted using DSAPP-SRP session keys.
S005014 DSAPP-SRP activation was successful. The command to activate DSAPP-SRP was successful. This command is required to activate an authenticator after a successful provisioning operation; the activation also validates the OTP of the newly generated software authenticator or binds it to a mobile device.
S005015 Update of device PNID was successful. The command to update the device's DIGIPASS Push Notification Identifier (PNID) was successful.
S005016 Retrieving application upgrade info was successful. The command to upgrade the application was successful.
S006001 Signature Validation Successful. When signing a transaction using the Signature Verification function, the signature validation was successful.
S006002 Virtual Signature generation successful. OneSpan Authentication Server successfully generated a Virtual Signature upon request of the user.
S006003 Signature validation request successful. A transaction data signing request was successfully delivered to and completed by a client (usually a mobile application).
S006004 Retrieving a prepared signature request was successful. A client (usually a mobile application) successfully retrieved a prepared signature request to authenticate. This occurs during transaction data signing using push notifications.
S006005 Cancel signature validation request was successful. A client (usually a mobile application) successfully canceled a pending signature request. This occurs during transaction data signing using push notifications.
S007001 Report generation was successful. A report was generated successfully.
S008001 Server configuration was successful. OneSpan Authentication Server has successfully updated the server configuration.
S009001 A DNS record update was successful. The OneSpan Authentication Server has successfully updated a DNS record.
S009002 A DNS record was de-registered successfully. OneSpan Authentication Server successfully de-registered itself from the DNS subsystem. As a consequence, this instance of OneSpan Authentication Server will not be available anymore for Digipass Authentication for Windows Logon clients who dynamically search for OneSpan Authentication Server hosts.
S010001 EMV-CAP user authentication was successful. An EMV-CAP-based user authentication was successful for the specified user.
S010002 EMV-CAP DIGIPASS provisioning succeeded. OneSpan Authentication Server successfully provisioned a new EMV-CAP authenticator .
S011002 Offline authentication data successfully retrieved by client. A Digipass Authentication for Windows Logon client (2.0 or later) has received requested offline authentication data.
S016001 Synchronization successful. This audit message is produced by the LDAP Synchronization Tool.
S016002 User link for synchronization successful. This audit message is produced by the LDAP Synchronization Tool.
S016003 DIGIPASS assignment for synchronization successful. This audit message is produced by the LDAP Synchronization Tool.
S016004 Create organizational unit for synchronization successful. This audit message is produced by the LDAP Synchronization Tool.
S022001 Key rotation operation was successful. OneSpan Authentication Server has successfully rotated a key.
S022002 Key rotation operation has started. OneSpan Authentication Server has started a key rotation operation.
S022003 The key rotation of a single [object] was successful. Key rotation of a single [object] was successful.
F001001 A query for a single [object] record failed. OneSpan Authentication Server or an administrator has made an unsuccessful query to the data store for a single record. In the case of the OneSpan Authentication Server this may be a search for its component record; for an administrator it could be any single record query. The audit message has basic details of the failure, but there should be a preceding E000001 with more details.
F001002 A query for [object] records failed. OneSpan Authentication Server or an administrator has made an unsuccessful query to the data store for some records. In the case of the OneSpan Authentication Server this may be a search for a RADIUS client component record; for an administrator it could be any list query. The audit message has basic details of the failure, but there should be a preceding E000001 with more details.
F001003 A command of type [object] [command] failed. An administrator has issued an unsuccessful data modification command such as an update of settings or one of the authenticator application operations like Reset PIN. The audit message has basic details of the failure, and there may be a preceding E000001 with more details.
F002001 User authentication failed.

The Authentication library has failed authentication for a request. The audit message has details of the failure (see Error and status codes) and there may be a preceding E000001 with error details.

When a client application is configured to use auto-unlock and the user account becomes locked, the audit message also contains the date and time when the end user will be able to authenticate again to auto-unlock their user account.

F002002 An encrypted static password change failed. OneSpan Authentication Server has failed to update the encrypted static password for the specified authenticator (DP110).
F002003 A stored password change failed. The Authentication Server has not processed a password change request. The audit message has details of the failure (see Error and status codes) and there may be a preceding E000001 with error details.
F002004 Encrypted Static Password Change failed. OneSpan Authentication Server has failed to update the encrypted static password for a specified authenticator (DP110).
F002005 Fast-reconnect denied for user. OneSpan Authentication Server has failed to authenticate a user using the fast reconnect mechanism.
F002006 A stored static password change failed due to password strength requirements not being met. OneSpan Authentication Server has failed to update the stored static password as the new password does not meet the minimum password strength requirements.
F002007 A secure challenge could not be generated. The command has failed to generate a secure challenge due to invalid input data.
F002008 A signing request could not be generated. The command has failed to generate a signing request due to invalid input data.
F002009 Back-end password change failed. Changing the Active Directory static password of the user with a configured OneSpan Authentication Server back end failed.
F002009 Cancel user authentication failed. The pending authentication via push notification was not cancelled.
F003001 Sending a Replication update was unsuccessful. This message is audited at the source server, when a database change is not sent to a destination server successfully, or it was sent but the processing at the destination was unsuccessful.
F003002 Processing a Replication update received was unsuccessful. This message is audited at the destination server, when a database change is received but is not processed successfully.
F004001 An administrative logon was rejected.

The Authentication library has failed an administrative login request. The audit message has details of the failure (see Error and status codes) and there may be a preceding E000001 with error details.

Note that this may occur even when preceded by a successful authentication (S002001) message, for example if the user's credentials were OK but they did not have Administrative Logon privilege.

F004002 A Live Audit connection was rejected.

The Authentication library has failed a Live Audit connection request. The audit message has details of the failure and there may be a preceding E000001 with error details.

Note that this may occur even when preceded by a successful authentication (S002001) message, for example if the user's credentials were OK but they did not have Administrative Logon or Live Audit Connection privilege.

F005001 Registration was unsuccessful. The provisioning registration did not succeed.
F005002 Activation was unsuccessful. The provisioning activation did not succeed.
F005003 (Provisioning) Assignment was unsuccessful Assignment of software authenticator during provisioning was unsuccessful.
F005004 (Provisioning) Server time was unsuccessful The server time command, used to get the server time to synchronize a Mobile Authenticator Studio device with the server, failed.
F005005 (Provisioning) DSAPPGenerateActivationData has failed execution The provisioning command DSAPPGenerateActivationData failed.
F005006 (Provisioning) DSAPPActivate command failed. The provisioining command DSAPPActivate has failed execution.
F005007 (Provisioning) DSAPPRegister command failed. The provisioning command DSAPPRegister has failed execution.
F005008 A registration attempt of a DIGIPASS license failed. The command has failed to generate an activation message or activation message image due to invalid input data.
F005009 A registration attempt of a DIGIPASS device failed. The command has failed to generate an activation message or activation message image due to invalid input data.
F005010 An activation attempt of a DIGIPASS instance failed. The signature validation has failed.
F005011 DSAPP-SRP registration failed. The command failed to register DSAPP-SRP; consequently, the user was not authenticated and the DSAPP-SRP provisioning operation was not initiated.
F005012 DSAPP-SRP generation of ephemeral key failed. The keys for a DSAPP-SRP provisioning operation could not be exchanged.
F005013 DSAPP-SRP generation of activation data failed. Activation data for standard online activation or activation in multi-device licensing mode (Activation Message 1) could not be generated.
F005014 DSAPP-SRP activation failed. The command failed to activate DSAPP-SRP; consequently, the OTP of the newly generated software authenticator could not be validated or bound to a mobile device.
F005015 Update of device PNID failed. The command failed to update the device's DIGIPASS Push Notification Identifier (PNID).
F005016 Retrieving application upgrade info failed. The command failed to upgrade the application.
F006001 Signature validation was unsuccessful. A signature validation has failed.
F006002 Virtual signature generation failed.  
F006003 Signature validation request failed. A transaction data signing request using push notifications could not be completed successfully.
F006004 Retrieving a prepared signature request failed. A client (usually a mobile application) could not retrieve a prepared signature request to authenticate. This occurs during transaction data signing using push notifications.
F006005 Cancel signature validation request failed. A client (usually a mobile application) could not cancel a pending signature request, e.g. because an authenticator other than the one retrieving the prepared signature request attempted to cancel it. This occurs during transaction data signing using push notifications.
F007001 Report generation failed. A report generation has failed.
F008001 Server configuration failed. OneSpan Authentication Server has failed to update the server configuration.

F009001

A DNS registration failed.

The system has failed to update a DNS record.

F009002 A DNS record deregistration failed. OneSpan Authentication Server has failed to de-register itself from the DNS sub-system.
F010001 EMV-CAP user authentication failed. An EMV-CAP based user authentication has failed for the specified user.
F010002 Multiple DIGIPASS were found where a single DIGIPASS was required. OneSpan Authentication Server has found multiple authenticators while it expected a single authenticator. As a consequence, OneSpan Authentication Serverwill fail the further request processing.
F010003 Required request input fields missing. The operation has failed due to missing request input fields.
F010004 EMV-CAP DIGIPASS provisioning failed. OneSpan Authentication Server has failed to provision an EMV-CAP authenticator.
F011002 Retrieval of offline authentication data failed. A Digipass Authentication for Windows Logon client (2.0 or later) requested offline authentication data, but was unable to receive it correctly.
F016001 Synchronization unsuccessful. This audit message is produced by the LDAP Synchronization Tool.
F016002 User link for synchronization unsuccessful. This audit message is produced by the LDAP Synchronization Tool.
F016003 DIGIPASS assignment for synchronization unsuccessful. This audit message is produced by the LDAP Synchronization Tool.
F016004 Create organizational unit for synchronization unsuccessful. This audit message is produced by the LDAP Synchronization Tool.
F020001 Task failed to start. OneSpan Authentication Server failed to start a background task.
F020002 Task operation failed. The execution of a background task has failed.
F022001 Key rotation operation failed. The execution of a key rotation operation has failed.
F022002 The key rotation of a single record has failed. OneSpan Authentication Server has failed to rotate a single record.