Skip header
 

Windows Authentication

W0103-000

A TWAIN operation occurred during authentication.

  • Make sure no other user is logged in to the machine, and then try again.

W0104-000

Failed to encrypt a password.

  • A password error occurred.

    Make sure the password is entered correctly.

  • Either [DES] or [AES] is selected for "Driver Encryption Key: Encryption Strength".

    You can make access by specifying the driver encryption key.

  • A driver encryption key error occurred.

    Make sure that the encryption key is correctly specified on the driver.

W0206-002

The user attempted authentication from an application on the "System Settings" screen, while only the administrator has authentication privileges.

  • Only the administrator has login privileges on this screen.

  • Log in as a general user from the application's login screen.

W0206-003

An authentication error occurred because the user name contains a space, colon (:), or quotation mark (").

  • Create the account again if the account name contains any of these prohibited characters.

  • If the account name was entered wrongly, enter it correctly and log in again.

W0207-001

An authentication error occurred because the Address Book is being used at another location.

  • Wait a few minutes, and then try again.

W0208-000/W0208-002

The account is locked because the number of allowed authentication attempts has reached its limit.

  • Ask the user administrator to unlock the account.

W0400-102

Kerberos authentication failed because the server is not functioning correctly.

  • Make sure that the server is functioning properly.

W0400-200

Due to significant numbers of authentication attempts, all resources are busy.

  • Wait a few minutes, and then try again.

W0400-202: Case 1

The SSL settings on the authentication server and the machine do not match.

  • Make sure the SSL settings on the authentication server and the machine match.

W0400-202: Case 2

The user entered sAMAccountName in the user name to log in.

  • If a user enters sAMAccountName as the login user name, ldap_bind fails in a parent/subdomain environment. Use UserPrincipleName for the login name instead.

W0406-003

An authentication error occurred because the user name contains a space, colon (:), or quotation mark (").

  • Create the account again if the account name contains any of these prohibited characters.

  • If the account name was entered wrongly, enter it correctly and log on again.

W0406-101

Authentication cannot be completed because of significant numbers of authentication attempts.

  • Wait a few minutes, and then try again.

  • If the situation does not improve, make sure that an authentication attack is not occurring.

  • Notify the administrator of the screen message by e-mail, and check the system log for authentication attack potentials.

W0406-107: Case 1

The UserPrincipleName (user@domainname.xxx.com) form is being used for the login user name.

  • The user group cannot be obtained if the UserPrincipleName (user@domainname.xxx.com) form is used.

  • Use "sAMAccountName(user)" to log in, because this account allows you to obtain the user group.

W0406-107: Case 2

Current settings do not allow group retrieval.

  • Make sure the user group's group scope is set to "Global Group" and the group type is set to "Security" in group properties.

  • Make sure the account has been added to user group.

  • Make sure the user group name registered on the machine and the group name on the DC (domain controller) are exactly the same. The DC is case-sensitive.

  • Make sure that "Use Auth. Info at Login" has been specified in "Auth. Info" in the user account registered on the machine.

  • If there are more than one DCs, make sure that a confidential relationship has been configured between DCs.

W0406-107: Case 3

The domain name cannot be resolved.

  • Make sure that DNS/WINS is specified in the domain name in "Interface Settings".

W0406-107: Case 4

Cannot connect to the authentication server.

  • Make sure that connection to the authentication server is possible.

  • Use the "Ping Command" in "Interface Settings" to check the connection.

W0406-107: Case 5

A login name or password error occurred.

  • Make sure that the user is registered on the server.

  • Use a registered login user name and password.

W0406-107: Case 6

A domain name error occurred.

  • Make sure that the Windows authentication domain name is specified correctly.

W0406-107: Case 7

Cannot resolve the domain name.

  • Specify the IP address in the domain name and confirm that authentication is successful.

    If authentication was successful:

    • If the top-level domain name is specified in the domain name (such as domainname.xxx.com), make sure that DNS is specified in "Interface Settings".

    • If a NetBIOS domain name is specified in domain name (such as DOMAINNAME), make sure that WINS is specified in "Interface Settings".

    If authentication was unsuccessful:

    • Make sure that Restrict LM/NTLM is not set in either "Domain Controller Security Policy" or "Domain Security Policy".

    • Make sure that the ports for the domain control firewall and the firewall on the machine to the domain control connection path are open.

  • Under Windows 7/8/8.1, if the Windows firewall is activated, create a firewall rule in the Windows firewall's "Advanced settings" to authorize ports 137 and 139.

  • Under Windows XP, if the Windows firewall is activated, open the properties for "Network Connections", and then click "Settings" on the "Advanced" tab. On the "Exceptions" tab, specify ports 137 and 139 as exceptions.

  • In the Properties window for "Network Connections", open TCP/IP properties. Then click detail settings, WINS, and then check the "Enable NetBIOS over TCP/IP" box and set number 137 to "Open".

W0406-107: Case 8

Kerberos authentication failed.

  • Kerberos authentication settings are not correctly configured.

    Make sure the realm name, KDC (Key Distribution Center) name, and corresponding domain name are specified correctly.

  • The KDC and machine timing do not match.

    Authentication will fail if the difference between the KDC and machine timing is more than 5 minutes. Make sure the timing matches.

  • Kerberos authentication will fail if the realm name is specified in lower-case letters. Make sure the realm name is specified in upper-case letters.

  • Kerberos authentication will fail if automatic retrieval for KDC fails.

    Ask your service representative to make sure the KDC retrieval settings are set to "automatic retrieval".

    If automatic retrieval is not functioning properly, switch to manual retrieval.

W0409-000

Authentication timed out because the server did not respond.

  • Check the network configuration, or settings on the authenticating server.

W0511-000 / W0517-000

The authentication server login name is the same as a user name already registered on the machine. (Names are identified by the unique attribute specified in LDAP authentication settings.)

  • Delete the old, duplicated name, or change the login name.

  • If the authentication server has just been changed, delete the old name on the server.

W0606-004

Authentication failed because the user name contains words that cannot be used by general users.

  • Do not use "other", "admin", "supervisor" or "HIDE*" in general user accounts.

W0607-001

An authentication error occurred because the Address Book is being used at another location.

  • Wait a few minutes, and then try again.

W0612-005

Authentication failed because no more users can be registered. (The number of users registered in the Address Book has reached its maximum.)

  • Ask the user administrator to delete unused user accounts in the Address Book.

W0707-001

An authentication error occurred because the Address Book is being used at another location.

  • Wait a few minutes, and then try again.

W09XX-019

Automatic user registration on the server failed when an access from the client using the Central Address Book Management function was authenticated.

  • Check the network connection between the client and the server.

  • Users cannot be registered while the address book on the server is being edited.