DocuSign HSM
Resolution of Key Media is Locked
January 2016
Document Version 1.0
ARX | 855 Folsom St. Suite 939, San Francisco, CA 94107 | Tel. (415) 839-8161 | www.arx.com |
[email protected]
Notice The information provided in this document is the sole property of DocuSign, Inc. No part of this document may be reproduced, stored or transmitted in any form or any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from DocuSign, Inc. Copyright © 2016 by DocuSign, Inc. All rights reserved.
ARX | 855 Folsom St. Suite 939, San Francisco, CA 94107 | Tel. (415) 839-8161 | www.arx.com |
[email protected]
Error 40980: Key media is locked, since an incorrect password was entered more than the permitted number of times. When a Key media is locked error message appears, it means that a wrong password was entered more than 10 times. Key media can be a .PRI file or a SmartCard. In both cases, there is an expiration date on the password. As a security feature, the media password expires every 889 days. This feature is not changeable. Expiration is an internal process that is not visible to users. You will receive the error message and be prompted to change the password on the day of expiration. Dormant media files or SmartCards that have not been used for a long period of time, even years, will necessitate a password change when they are next used. Note: This type of security error is very common in automated systems as they are not monitored, and, quite often, the password-change window is ignored.
Recommendation We highly recommend using a .PRI file instead of a SmartCard in automated systems such as DocuSign HSM. Using PRI files enable backups that can be used to avoid Key media is locked and similar error messages. These files can also be kept in a safe place on the network or on a local computer where they are not physically accessible.
ARX | 855 Folsom St. Suite 939, San Francisco, CA 94107 | Tel. (415) 839-8161 | www.arx.com |
[email protected]
Resolving the Problem If you encounter the problem, resolve it by following these steps: 1. Try to login with your media to the management application. Normally, this action will open the “Change Password” prompt and allow you to resolve your problem on the spot. However, it the key remains still locked, you must create new media. To do so, follow these steps: 2. Login to your DocuSign HSM management program using an administrative user (most common user is: `first` or `second` or `admin`). 3. Look up the user whose media is locked under View -> Users. Double-click it and save its permissions table (on a piece of paper, or a screenshot – needed for Step 7). 4. Create a temporary user, for example, TEMP989. 5. Transfer ownership of all keys created by the locked user media to the temporary user (under View -> Keys). 6. Delete the user whose media is locked. 7. Recreate the user with the same name and permissions. 8. Transfer ownership of all keys of the temporary user to the new user. 9. Create new media for the user under "Generate Users" (Can be found in Client -> Generate Users or under the PrivateServer\utils folder in Program Files). • To create new media for the user, you will need to certify it using administrative media; it can be your root card or first card. As long as the administrative key is a part of the environment, it does not matter. 10. Test your newly created media using the management program. Try to log in with it and make sure that you can see all of your keys, etc. 11. Your new media is now ready for production.
Additional Help If you cannot resolve the problem, please contact technical support.
ARX | 855 Folsom St. Suite 939, San Francisco, CA 94107 | Tel. (415) 839-8161 | www.arx.com |
[email protected]
