This page contains some trouble shooting suggestions to investigate
USI Organisation Portal users
Follow this link to read current details about AUSkey and Web browser compatibility.
Organisations experiencing various problems with specific machines may resolve the machine issue by having dotNET Framework reinstalled (and/or upgraded from 4.0 to 4.5 on machines that wouldn’t connect).
Error 401 encountered when connecting to the USI Registry System Organisation Portal
The error is encountered if Organisation requests Self Service Authorisation (AUSkey related setting) be applied in the USI Registry System, but the complementary settings have not been made inside the respective Organisation (by the relevant Administrator/Business Manager).
The opposite scenario can also apply – where the relevant Administrator/Business Manager has added restrictions for Organisation users, but the complementary changes have not been made in the USI Registry System.
Errors encountered when using a Student Management System (SMS)
“Organisation was not verified as an authorised body/organisation in the system”
The error indicates the organisation has not yet requested access to the USI Registry System using Web Services, or if access has been requested, the application has not yet been processed.
Note:- Submitting a request for access via Web Services and accepting Terms and Conditions is a mandatory requirement to obtain access.
“An error occurred when verifying security for the message”
USI Office Comment:
"In the USI request all the EncryptedData elements (and thus the EncryptedAssertion element) need to appear before all instances of the Signature element."
SMS Vendor comment:
"We've been able to resolve the issue oddly by changing the order of the classpath parameters for the java execution."
“ID3242: The security token could not be authenticated or authorized”
Vanguard gateway does not authenticate using a username/password model. It uses a certificate.
If a developer uses the svcutil tool against the endpoint they will generate a config file which shows the bindings expected. They should see that a certificate is required not a password.
“Unknown KeyStore exception – 4699”
For applications developed in .Net using IIS manager.
In IIS Applications Pool -> Advanced Settings:- changing the setting ‘Load User Profile’ to true solved problems for some users.
If not using .Net/IIS manager, this solution (amending local settings) may be something that can be investigated.
Connection Issue (“No end point listening at…”)
This error has been reported by a small number of SMS users. The problem is found to be an issue at the client end.
It’s understood (in consultation with other SMS developers and local IT support for specific organisations experiencing the problem) that the problem has been found to be caused by either;
- a local setting or configuration file being changed (which creates the problem) when it previously wasn’t encountered
- the need to define proxy server setting used within the SMS
Investigation and resolution at the client end is required.
A range of very unusual and rather obscure errors indicating a security breaches have been reported from time-to-time.
Occasionally the problem stems from a ‘clock skew’ issue.
Only a small variation/tolerance is permitted between the remote machine/server and the Authentication Service. A correction/adjustment to system clock time(s) has often resolved this problem.
For more information on troubleshooting AUSkey problems visit the Technical Help Desk on the ATO website.