Access error when trying to issue a card with Indeed EA/ESSO connector

Live Chat Software by Kayako

Knowledgebase

6Getting Started 44Indeed Certificate Manager 2Indeed Access Manager 1Indeed Privileged Access Manager

Knowledgebase: Indeed Certificate Manager > Indeed CM errors

Posted by Mikhail Yakovlev, Last modified by Mikhail Yakovlev on 22 February 2019 04:39 PM

Problem:
The following error appears when issuing a card with EA/ESSO connector enabled:

“Access denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"

Cause:
Insufficient privileges for the account used by Indeed EA/ESSO connector.

Solution:
Add the said account (specified in the smart card usage policy, Indeed EA section), to Indeed-ID User Admins and Indeed-ID Enrollment Admins groups.
The Indeed-ID User Admins group is created automatically at the Indeed EA/ESSO system deployment stage. The Indeed-ID Enrollment Admins group is created with IndeedID.security.provider.ex.cfg.exe utility from the Indeed-Id Extended Security Provider component package. After the Extended Security Provider is installed at each Indeed EA/ESSO server and Indeed-ID Enrollment Admins group is created, the Indeed server has to be restarted with the following command:

IndeedID.srvcfg.exe /restart.

After the service account is added to Indeed-ID Enrollment Admins group, you have to logout and log in to Indeed EA server again under this account for the changes to take effect.

(0 vote(s))

Helpful

Not helpful

Help Desk Software by Kayako