This error occurs when Kerberos authentication fails or domain controller validation fails while a user is attempting to log in to the printer.
Access the list of installed applications from the Embedded Web Server.
Click System tab > Log.
From the Filter menu, select an application status.
From the Application menu, select the application, and then click Submit.
This system log error indicates that the Kerberos configuration file is not installed on the printer.
If you want to use the device Kerberos setup file, then make sure the file is installed on the printer.
If you want to use simple Kerberos setup to create the Kerberos configuration file, then manually configure the simple Kerberos setup settings.
For information about installing a Kerberos configuration file or configuring simple Kerberos setup settings, see Configuring Kerberos settings.
This system log error indicates that the Kerberos configuration file contains incorrect information, is missing information, or is not formatted properly.
If you used the device Kerberos setup file, then modify and reinstall the file.
If you used simple Kerberos setup, then modify the simple Kerberos setup settings. For information about configuring simple Kerberos setup settings, see Using simple Kerberos setup.
This system log error indicates that the Windows domain is not specified in the Kerberos configuration file.
If you used the device Kerberos setup file, then add an entry to the domain_realm section of the file, mapping the lowercase Windows domain to the uppercase realm. When you are done, reinstall the file on the printer.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, add the Windows domain (in lowercase) to the Domain field.
Example: If the value in the Domain field is and the Windows domain is , then change the value in the Domain field to .
Click Apply.
These system log errors indicate that the Smart Card certificate was not found or that an error occurred while the application was attempting to retrieve data from the Smart Card certificate.
Verify that the certificate information on the Smart Card is correct. If the information is correct and the issue still occurs, then contact your solutions provider.
Try one or more of the following:
If you used the device Kerberos setup file, then increase the number of seconds specified for the timeout entry in the file. When you are done, reinstall the file on the printer.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, increase the number of seconds specified in the Timeout field.
Click Apply.
If you used the device Kerberos setup file, then:
From the Embedded Web Server, click Settings or Configuration.
Click Security > Security Setup > Kerberos 5 > View File.
Make sure the domain controller IP address or host name specified in the configuration file is correct.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, verify that the IP address or host name specified in the Domain Controller field is correct.
Click Apply.
This error can occur if the domain controller is not available at the time a user is trying to authenticate to the printer. You can resolve this by specifying multiple domain controllers. If a domain controller is not available, then the next one listed will be tried. You can specify multiple domain controllers in the Kerberos configuration file or in the simple Kerberos setup Domain Controller field. If you are using the Domain Controller field, then separate each value with a comma.
Port 88 must be opened between the printer and the domain controller for authentication to work.
This system log error indicates that the required Certificate Authority (CA) certificate is not installed or that an incorrect certificate is installed.
If an incorrect certificate is installed, then the error message specifies the name of the certificate that is needed: “The domain controller issuing certificate [NAME OF CERTIFICATE] has not been installed.”
These system log errors indicate that the user’s realm in the Kerberos configuration file is missing or incorrect.
If you used the device Kerberos setup file, then add the missing realm or realms to the file, or modify the incorrect realms. Make sure each realm is typed in uppercase. When you are done, reinstall the file on the printer.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, add the missing realm to the Realm field or correct the realm. Make sure the realm is typed in uppercase.
| Note: The simple Kerberos setup settings do not support multiple Kerberos realm entries. If multiple realms are needed, then install a Kerberos configuration file containing the necessary realms. |
If you used the device Kerberos setup file, then:
From the Embedded Web Server, click Settings or Configuration.
Click Security > Security Setup > Kerberos 5 > View File.
Make sure the realm entries in the configuration file are in uppercase.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, make sure the realm is correct and that it is typed in uppercase.
Click Apply.
This system log error indicates that the domain, realm, or domain controller specified in the Kerberos configuration file is incorrect.
If you used the device Kerberos setup file, then:
From the Embedded Web Server, click Settings or Configuration.
Click Security > Security Setup > Kerberos 5 > View File.
Make sure all domain, realm, and domain controller information is correct.
If you used simple Kerberos setup, then:
Access the application configuration settings from the Embedded Web Server.
Under the Simple Kerberos Setup heading, make sure the values typed in the Realm, Domain Controller, and Domain fields are correct. For information about configuring these settings, see Using simple Kerberos setup.
Click Apply.
This system log error indicates that the printer clock is more than five minutes out of sync with the domain controller system clock.
From the Embedded Web Server, click Settings or Configuration.
Click Security > Set Date and Time.
If you configured date and time settings manually, then verify or correct the settings. Make sure the time zone and daylight saving time (DST) settings are correct.
If you configured the printer to use a Network Time Protocol (NTP) server, then verify that the NTP settings are correct and that the NTP server is functioning correctly.
| Note: If your network uses Dynamic Host Configuration Protocol (DHCP), then verify that NTP settings are not provided by the DHCP server automatically before configuring NTP settings manually. |
Click Submit.
This system log error indicates that the required Certificate Authority (CA) certificate or certificates are not installed on the printer or that you selected the wrong domain controller validation method. Try one or more of the following:
See Installing certificates manually.
Access the application configuration settings from the Embedded Web Server.
Under the Smart Card Setup heading, make sure you selected the correct method from the Domain Controller Validation menu. For information about configuring this setting, see Selecting the domain controller validation method.
Click Apply.
These system log errors indicate that there is a problem with one or more of the certificates needed for chain validation. Certificates may be missing, expired, or revoked, or they may contain incorrect information.
From the Embedded Web Server, click Settings or Configuration.
Click Security > Certificate Management > Certificate Authority Management.
Make sure all certificates required for chain validation are installed and contain correct information. Make sure none of the certificates have been revoked or are expired.
If you need to install certificates, then see Installing certificates manually.
If all certificates are installed correctly and these issues still occur, then contact your solutions provider.
This system log error indicates that OCSP settings are not configured correctly.
Access the application configuration settings from the Embedded Web Server.
Under the Online Certificate Status Protocol (OCSP) heading, make sure the values in the Responder URL and Responder Certificate fields are correct. For information about configuring these settings, see Selecting the domain controller validation method.
Click Apply.
This system log error indicates that the OCSP responder URL is configured incorrectly or that the responder timed out before the application could connect to it. Try one or more of the following:
Access the application configuration settings from the Embedded Web Server.
Under the Online Certificate Status Protocol (OCSP) heading, make sure the value in the Responder URL field is correct. For information about configuring this setting, see Selecting the domain controller validation method.
Click Apply.
Access the application configuration settings from the Embedded Web Server.
Under the Online Certificate Status Protocol (OCSP) heading, increase the number of seconds specified in the Responder Timeout field.
Click Apply.
Try one or more of the following:
From the Embedded Web Server, click Settings or Configuration.
Click Security > Certificate Management > Certificate Authority Management.
Make sure all certificates required for chain validation are configured correctly. See Installing certificates manually.
Access the application configuration settings from the Embedded Web Server.
Under the Online Certificate Status Protocol (OCSP) heading, select Allow Unknown Status. This allows users to log in to the printer even if the status of one or more of the required certificates is unknown.
Click Apply.
Try one or more of the following:
Access the application configuration settings from the Embedded Web Server.
Under the Online Certificate Status Protocol (OCSP) heading, make sure the correct certificate has been uploaded in the Responder Certificate field.
Click Apply.
Make sure the OCSP responder is returning the correct certificate.
This system log error indicates that the domain controller is returning an incorrect certificate or that the OCSP responder is not checking the correct certificate. Try one or more of the following:
Make sure the domain controller is returning the correct certificate.
Make sure the OCSP responder is checking the correct domain controller certificate.
This system log error usually indicates that the user is not in an Active Directory group that is authorized to use the printer. Try one or more of the following:
If user authorization is enabled for the printer, then add the user to an Active Directory group that is included in the authorization list for the printer.
Make sure the user’s Active Directory group is listed in the Group Authorization List field in the application configuration settings.
Access the application configuration settings from the Embedded Web Server.
Under the Advanced Settings heading, add the user’s Active Directory group to the Group Authorization List field. Separate multiple groups with a comma.
Click Apply.