Home » Lexmark Manuals » Multifunction Devices » Lexmark X864 » Manual Viewer

Lexmark X864 PKI-Enabled Device Installation and Configuration Guide - Page 23

The Domain Controller Issuing Certificate has not been installed

Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

"The Domain Controller Issuing Certificate has not been installed" error message This error indicates that no certificate, or an incorrect certificate, has been installed on the printer. If a certificate has been installed but it is not the correct certificate, the error message displayed will be "The Domain Controller Issuing Certificate [NAME OF CERTIFICATE] has not been installed. For information on installing, viewing, or modifying certificates, see "Certificate management" on page 10. "The KDC did not respond within the required time" error message THE IP ADDRESS OR HOSTNAME OF THE KDC IS NOT CORRECT 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 If the Simple Kerberos Setup has been configured in PKI Authentication, verify the IP address or hostname specified for the Domain Controller, and then click Apply to save any needed changes. 3 If a krb5.conf file has been uploaded, verify that the IP address or hostname specified for the Domain Controller is correct. THE KDC IS NOT CURRENTLY AVAILABLE You can specify multiple KDCs in the PKI Authentication settings, or in the krb5.conf file. This will typically resolve the issue. PORT 88 IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Under Simple Kerberos setup, add the Windows Domain in lowercase to the Domain setting. Example: If the Domain setting is "mil,.mil" and the Windows Domain is "x.y.z", change the Domain setting to "mil,.mil,x.y.z". 3 If using a krb5.conf file, add an entry to the domain_realm section, mapping the lower case Windows Domain to the uppercase realm (similar to the existing mapping for the "mil" domain). Troubleshooting 23

Section	Page
Contents	3
Configuring PKI-enabled devices	5
Overview	5
Supported devices	5
Before configuring the printer	5
Installing the firmware and applications	6
Verifying and updating the firmware	6
Installing the authentication token application	7
Installing PKI applications	7
Configuring printer settings for use with PKI applications	8
TCP/IP settings	8
Date and time	9
Panel login timeout	9
Certificate management	10
Configuring Scan to Email	10
SMTP settings	10
E-mail settings	11
Address Book setup	11
Configuring PKI Authentication	12
Logon screen	12
Active Directory Configuration	13
User Session and Access Control	14
Advanced Settings	14
Configuring PKI S/MIME Email	15
PKI S/MIME settings	15
Configuring PKI Scan to Network	16
General Settings	16
Default Scan Settings	17
Creating file shares	17
Editing or deleting a file share	19
Configuring PKI Held Jobs	19
PKI Held Jobs settings	19
Troubleshooting	21
Login Issues	21
“Unsupported USB Device” error message	21
The printer home screen does not return to a locked state when not in use	21
Login screen does not appear when a SmartCard is inserted	22
“The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time” err ...	22
“Kerberos configuration file has not been uploaded” error message	22
Users are unable to authenticate	22
“The Domain Controller Issuing Certificate has not been installed” error message	23
“The KDC did not respond within the required time” error message	23
“User's Realm was not found in the Kerberos Configuration file” error message	23
“Realm on the card was not found in the Kerberos Configuration File” error message	24
“Client [NAME] unknown” error message	24
Login hangs for a long time at “Getting User Info...”	24
User is logged out almost immediately after logging in	24
LDAP issues	24
LDAP lookups take a long time, and then may or may not work	24
LDAP lookups fail almost immediately	25
Scan to Email issues	26
“Email cannot be sent because an error occurred trying to get your email address” error message	26
“Email cannot be sent because you are not authorized to perform this function” error message	26
“The email cannot be sent because a valid digital signature could not be found on your card” error m ...	26
“The email cannot be sent because it cannot be digitally signed when a manual login is performed” er ...	26
“Email cannot be sent. Unable to find valid encryption certificate for [E-mail address]” error message	27
Unable to send E-mail (SMTP-related issues)	27
Scan to Network issues	28
“You are not authorized to use this feature” Scan to Network error message	28
“This feature is not available because no file shares have been configured by the system administrat ...	28
“This feature is not available because you are not authorized to scan to any of the available file s ...	28
“An LDAP error occurred trying to retrieve the selected file share destination” error message	28
“No UNC Path has been defined for this destination” error message	29
“The scanned file size and saved file size do not match” error message	29
“User does not have read access to the file share; unable to verify the file size” error message	29
“Invalid filename specified” error message	30
“An error occurred connecting or writing to the File Share” error message	30
“The network share name does not exist on the specified file server” error message	30
Held Jobs/Print Release Lite issues	31
“You are not authorized to use this feature” Held Jobs error message	31
“Unable to determine Windows User ID” error message	31
“There are no jobs available for [USER]” error message	31
Jobs are printing out immediately	32
Notices	33
GNU Lesser General Public License	33
LEXMARK SOFTWARE LICENSE AGREEMENT	33
Additional copyrights	35

Match case Limit results 1 per page

“The Domain Controller Issuing Certificate has not been installed”

error message

This error indicates that no certificate, or an incorrect certificate, has been installed on the printer. If a certificate has

been installed but it is not the correct certificate, the error message displayed will be “The Domain Controller Issuing

Certificate [NAME OF CERTIFICATE] has not been installed.

For information on installing, viewing, or modifying certificates, see “Certificate management” on page 10.

“The KDC did not respond within the required time” error message

ADDRESS

HOSTNAME

THE

KDC

NOT

CORRECT

From the Embedded Web Server, click

Settings

Embedded Solutions

PKI Authentication

Configure

If the Simple Kerberos Setup has been configured in PKI Authentication, verify the IP address or hostname

specified for the Domain Controller, and then click

Apply

to save any needed changes.

If a krb5.conf file has been uploaded, verify that the IP address or hostname specified for the Domain Controller

is correct.

KDC

NOT

CURRENTLY

AVAILABLE

You can specify multiple KDCs in the PKI Authentication settings, or in the krb5.conf file. This will typically resolve

the issue.

ORT

BLOCKED

FIREWALL

Port 88 must be opened between the printer and the KDC in order for authentication to work.

“User's Realm was not found in the Kerberos Configuration file”

error message

This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings.

From the Embedded Web Server, click

Settings

Embedded Solutions

PKI Authentication

Configure

Under Simple Kerberos setup, add the Windows Domain in lowercase to the Domain setting.

Example: If the Domain setting is “mil,.mil” and the Windows Domain is “x.y.z”, change the Domain setting to

“mil,.mil,x.y.z”.

If using a krb5.conf file, add an entry to the domain_realm section, mapping the lower case Windows Domain to

the uppercase realm (similar to the existing mapping for the “mil” domain).

Troubleshooting