Safeword bad pin error

safeword bad pin error

The failure of either party to enforce any rights granted hereunder or to PIN, to resync their tokens, and test them after enrollment. Your PIN is your first line of defense against someone using your SafeWord card to input or authorize a transaction in your name. Treat your PIN the same as you. A secret word used to verify your safety. When there is an alarm, the agent at the monitoring center will call you to verify your safety. safeword bad pin error

Thematic video

Interview Scene - Deadpool 2 (2018) Funny Scene

Duress code

Covert distress signal

Not to be confused with Dress code.

A duress code is a covert distress signal used by an individual who is being coerced by one or more hostile persons. It is used to warn others that they are being forced to do something against their will. Typically, the warning is given via some innocuous signal embedded in normal communication, such as a code-word or phrase spoken during conversation to alert other personnel. Alternatively, the signal may be incorporated into the authentication process itself, typically in the form of a panic password, distress password, or duress PIN that is distinct from the user's normal password or PIN. These concepts are related to a panic alarm and often achieve the same outcome.

Civilian usage[edit]

An alarm system with a keypad; entering the duress code safeword bad pin error pressing OFF disarms the system normally but notifies police.

Some home and property alarm systems have duress PINs, where the last two digits of the reset code are switched around. Entering the code when under duress from an assailant can trigger a silent alarm, alerting police or security personnel in a covert manner. The implementation of this feature has not been without controversy, as it has been claimed to lead to false alarms.[1] A similar mechanism, SafetyPIN, has been proposed for use in ATMs. In 2010, the Federal Trade Commission issued a report studying the viability of such mechanisms for ATMs.[2] They noted duress PINs have never been actually implemented in any ATM, and conclude that the costs of deployment outweighs the likelihood they will actually deter criminal activity.

When a duress PIN is used to trigger a silent alarm, an adversary can always request the PIN in advance and ensure the appropriately modified PIN is entered instead. If the adversary does not know which PIN is correct, they may choose randomly between the two possible codes allowing them to succeed half of the time.[3]

In scenarios where a panic password is used to limit access control, instead of triggering an alarm, it is insufficient to have a single real time clock error cmos battery bad password. If the adversary knows the system, a common assumption, then they will simply force the user to authenticate twice using different rotterdam terror corps schizophrenic and gain access on at least one of the two attempts. More complex panic password schemes have been proposed to address this problem.[3][4]

For cases where verbal communication (e.g. via cell phone) is possible with family member or friend, a covert phrase can be used to signal duress. In the slim chance that a captor allows the person in duress to use their cell phone (e.g. to obtain a PIN), there is a limited opportunity to use a duress code. Because conversations are often being monitored by a captor, they must be subtle and short. Ideally, the use of a duress code has been confirmed before the current situation, so the family member or friend has verifiable evidence that something is wrong, and when the authorities are notified aren't just limited to speculation. Examples would include asking about someone (or something) who does not exist. For example, a person might use "What is Cindy barking at?" if she knows that either the dog has a different name or that there is no dog. Another example, which is also an widely shared urban legend, would be a person calling 911 for help and pretending to order pizza delivery.[5] While generally taken as an urban legend, this did happen in Brazil.[6]

In addition to a duress code, there is duress activity. This may include the duressed individual withdrawing cash from an ATM using a specific credit card, instead of using their debit card. Many credit card companies allow for email alerts to be set up when specific activity occurs. There are technical issues that could pose problems, such as a delay in notification, cellular network availability, and the fact that a location is not disclosed, only the activity.

Civilian and commercial aircraft can use transponder code 7500 as a duress code to indicate hijacking.[7][8] Airlines maintain a verbal hijack code, as well.[9]

Military usage[edit]

A World War II duress code was used over the telephone by SOE agents in occupied Europe, and involved giving a coded answer when someone checked whether it was convenient to visit a safe-house. If it was genuinely safe to visit, the answer would be "No, I'm too busy." However, if the safe-house had been compromised (e.g. the Nazis had captured it, forcing the occupants to answer the phone at gunpoint in order to lure in other members of the SOE network) the captured agent would say "Yes, come on over." Having been warned that the safe-house had been compromised, the other agent would hang up the phone and immediately inform his team-members so that they could take appropriate action. Typically, this meant using escape and evasion procedures, before the captured agent was tortured by the Gestapo and forced to give incriminating information such as names and addresses.[citation needed]

In a major Cold War incident in 1968, the US Navy ship USS Pueblo was attacked and captured by North Korean forces, and the crew was abused and tortured during the subsequent 11 months. During that period, the North Koreans used the US crew 2012 burst error correction .aspx id propaganda purposes, but the crew signaled their duress situation by secretly giving them "the finger" in staged photos.[10] Admiral Jeremiah Denton became famous for blinking out the word "TORTURE" in Morse code during a propaganda television broadcast when he was captured by North Vietnamese forces.

See also[edit]

  • Between Silk and Cyanide, a book by cryptographer Leo Marks describing, among other things, the misuse of duress radio codes by the OSS in World War II, leading to the capture of Dutch resistance agents
  • Safeword


External links[edit]

citibank safeword card bad pin

cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent safeword bad pin error the cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by Error 13042 wsus Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

SafeWord 2008 Administration Guide - SafeNet

SafeWord ® 2008


All Versions

Corporate Headquarters:

4690 Millennium Drive, Belcamp, Maryland 21017 USA

Tel.: +1 410 931 7500 or 800 533 3958, Fax: +1 410 931 7524,

Email: [email protected]

EMEA Headquarters:

Tel.: +44 (0) 1276 608 000, Email: [email protected]

APAC Headquarters:

Tel: +852 3157 7111, Email: [email protected]

For all office locations and contact information, please visit


© 2010 Aladdin Knowledge Systems Ltd. (“Aladdin”). All rights reserved. No part of this publication may be reproduced,

transmitted, transcribed, stored in a retrieval system, safeword bad pin error, or translated into any language in any form or by any means without

written permission from Aladdin.


Aladdin, SafeWord, PremierAccess, and RemoteAccess are trademarks of Aladdin. All other trademarks, tradenames, service

marks, service names, product names, and images mentioned and/or used herein belong to their respective owners.

Software License Agreement

The following is a copy of the Software License Agreement as shown in the software:











1.1 “Documentation” means the published user manuals, User Guide and any additional documentation that are made

available for the Software.

1.2 “Software” means the machine-readable object-code version of Aladdin’s SafeWord software including any revisions,

corrections, modifications, safeword bad pin error, enhancements, updates and/or upgrades thereto that you may receive.

2. GRANT OF LICENSE. Aladdin grants to you, and you accept, a personal, nonexclusive, non-transferable and fully

revocable limited license to use the Software, in executable form only, for a predefined set number of licensed users, as

described in the Software accompanying Documentation and only according to the terms of this Agreement. Under no

circumstances will you receive any source code of the Software. Aladdin also grants to you, and you accept, a nonexclusive,

and non-transferable limited license to use the Documentation solely in conjunction with the Software.

3. LIMITATION OF USE. You may not: 1) copy the Software, except to make one copy of the Software solely for back-up or

archival purposes; 2) transfer, distribute, rent, lease or sublicense all or any portion of the Software or Documentation to any

third party; 3) translate, modify, adapt, decompile, disassemble, or reverse engineer any Software in whole or in part; 4)

modify or prepare derivative works of the Software or the Documentation; or 5) use the Software to process the data of a

third party; 6) place the Software onto a server so that it is accessible via a public network; and 7) use any back-up or

archival copies of the Software (or allow someone else to use such copies) for any purpose other than to replace an original

copy if it is destroyed or becomes defective. You agree to keep confidential and use your best efforts to prevent and protect

the contents of the Software and Documentation from unauthorized disclosure or use. Aladdin reserves all rights that are not

expressly granted to you. If you are a member of the European Union, this agreement does not affect your rights under any

legislation implementing the EC Council Directive on the Legal Protection of Computer Programs. If you seek any

information within the meaning of that Directive you should initially approach Aladdin.

4. DISCLAIMER OF WARRANTIES. Aladdin does not warrant that the functions contained in the Software will meet your

requirements or that operation of the program will be uninterrupted or error-free. The entire risk as to the results and

performance of the Software is assumed by you. THE SOFTWARE IS FURNISHED, “AS IS” WITHOUT ANY WARRANTY


















6. TERM AND TERMINATION. This license is effective until terminated. You may terminate it at any time by destroying the

Software, including all computer programs and Documentation, and erasing any copies residing on computer equipment.

This Agreement also will automatically terminate if you do not comply with any terms or conditions of this Agreement. Upon

such termination you agree to destroy the Software and Documentation and erase all copies of the Software residing on

computer equipment.

7. PROTECTION OF CONFIDENTIAL INFORMATION. The Software and Documentation are delivered to safeword bad pin error on a

confidential basis and you are responsible for employing reasonable measures to prevent the unauthorized disclosure or use

thereof, which measures shall not be less than those measures employed by you in protecting your own proprietary

information. You may disclose the Software or Documentation to your employees as necessary for the use permitted under

this Agreement. You shall not remove any trademark, trade name, copyright notice or other proprietary notice from the

Software or Documentation.

8. OWNERSHIP. The Software and Documentation are licensed (not sold) to you. All intellectual property rights including

trademarks, service marks, patents, copyrights, trade secrets, and other proprietary rights evidenced by or embodied in or

attached/connected/related to the Software and Documentation are bauknecht dishwasher f2 error will remain the property of Aladdin or its licensors,

whether or not specifically recognized or protected under local law. This License Agreement does not convey to you an

interest in or to the Software, but only a limited right of use revocable in accordance with the terms of this license agreement.

Nothing in this Agreement constitutes a waiver of Aladdin’s intellectual property rights under any law. You will not remove any

product identification, copyright notices, or other legends set forth on the Software or Documentation.

9. EXPORT RESTRICTIONS. You agree to comply with all applicable United States export control laws, and regulations, as

from time to time amended, including without limitation, the laws and regulations sql network interfaces error 26 visual studio by the United States

Department of Commerce and the United States Department of State. You have been advised that the Software is subject to

the U.S. Export Administration Regulations. You shall not export, import or transfer Software contrary to U.S. or other

applicable laws, whether directly or indirectly, and will not cause, approve or otherwise facilitate others such as agents or any

third parties in doing so. You represent and agree that neither the United States Department of Commerce nor any other

federal agency has suspended, revoked or denied your export privileges. You agree not to use or transfer the Software for

end use relating to any nuclear, chemical or biological weapons, or missile technology unless authorized by the U.S.

Government by regulation or specific license.

10. U.S. GOVERNMENT RIGHTS. Any Software or Documentation acquired by or on behalf of a unit or agency of the

United States Government is “commercial computer software” or “commercial computer software documentation” and,

absent a written agreement to the contrary, the Government’s rights with respect to such Software or Documentation are

limited by the terms of this Agreement, pursuant to FAR § 12.212(a) and its successor regulations and/or DFARS §

227.7202-1(a) and its successor regulations, as applicable.

11. ENTIRE AGREEMENT. This Agreement is our offer to license the Software and Documentation to you exclusively on

the terms set forth in this Agreement, and is subject to the condition that you accept these terms in their entirety. If you have

submitted (or hereafter submit) different, additional, or other alternative terms to Aladdin or any reseller or authorized dealer,

whether through a purchase order or otherwise, we object to and reject those terms. Without limiting the generality of the

foregoing, to the extent that you have submitted a purchase order for the Software, any shipment to you of the Software is

not an acceptance of your purchase order, but rather is a counteroffer subject to your acceptance of this Agreement without

any objections or modifications by you. To the extent that we are deemed to have formed a contract with you related to the

Software prior to your acceptance of this Agreement, this Agreement shall govern and shall be deemed to be a modification

of any prior terms in their entirety.

12. GENERAL. Any waiver of or modification to the terms of this Agreement will not be effective unless executed in writing

and signed by Aladdin. If any provision of this Agreement is held to be unenforceable, in whole or in part, such holding shall

not affect the validity of the other provisions of this Agreement. By entering into this Agreement, you agree to allow Aladdin to

obtain current license information from the system or systems on which the Software is installed for the purpose of

determining license renewal information. You may not assign this License Agreement or any associated transactions without

the written consent of Aladdin. This Agreement shall be construed and governed in accordance with the laws of Israel

(except for conflict of law provisions) and only the courts in Israel shall have jurisdiction in any conflict or dispute arising out

of this Agreement. The application of the United Nations Convention of Contracts for the International Sale of Goods is

expressly excluded. The failure of either party to enforce any rights granted hereunder or to take action against the other

party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of

rights or subsequent actions in the event of future breaches.


Technical Support information

Aladdin works closely with our reseller partners to offer the best worldwide Technical Support services. Your Aladdin reseller

is the first line of support when you have questions about products and services; however, if you require additional

assistance, contact us directly.

• For all support related zend framework errorcontroller (product overview, training, downloads and documentation, and tech support contact

information), see our Web page at:

• To use the Aladdin KnowledgeBase, go to You will need to enter your Company ID to access

knowledge base articles.

Publishing history

Date Part number Software release

January 2008 86-0947983-A SafeWord2008

March 2008 86-0947983-B SafeWord2008 Version

June 2008 86-0947983-C SafeWord2008 Version

December 2008 86-0947983-D SafeWord2008 Safeword bad pin error

May 2009 76-010076-E SafeWord2008 Version

October 2009 76-010099 SafeWord2008 Version

March 2010 76--010151 SafeWord2008 Version

October 2010 76--010190 SafeWord2008 Version

About SafeNet and Aladdin Knowledge Systems

In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the technology sector.

Vector Capital acquired Aladdin in March of 2009, and placed it under common management with SafeNet. Together, these global

leading companies are the third largest information security company in the world, which brings to market integrated solutions

required to solve customers’ safeword bad pin error security challenges. SafeNet’s encryption technology solutions protect communications,

intellectual property and digital identities for enterprises and government organizations. Aladdin’s software protection, licensing

and authentication solutions protect companies’ information, assets and employees from piracy and fraud. Together, SafeNet and

Aladdin have a combined history of more than 50 years of security expertise in more than 100 countries around the globe.

Aladdin is expected to be fully safeword bad pin error into SafeNet in the future.

For more information, visit or



CHAPTER 1 Introduction. . fortran atan2 domain error.. .1

Welcome to SafeWord2008 and Enterprise Solution Pack (ESP). . .2

SafeWord components and functions. .3

Core components. . .3

Optional servers and components. acad fatal error unhandled e0434f4dh. .7

Optional agents. .8

The Enterprise Solution Pack (ESP). .11

Setting up SafeWord to work for you. .12

Managing users in Active Directory. .12

Managing users with the SafeWord database. .12

Managing users in Active Directory and the SafeWord database. . .13

CHAPTER 2 Installing and Activating SafeWord2008. . .15

Installation prerequisites and requirements. .16

Network prerequisites. . .16

Hardware/software requirements. . .safeword bad pin error. . .16

Component and optional agent prerequisites. .safeword bad pin error. . .17

Installation topology rules. .19

Installing SafeWord2008. . .20

Installation details. . .21

If installing one or more SafeWord agents. . peter straub magic terror.. .25

Finishing the installation. . clx-2160n deve home sensor error.. .26

Activating SafeWord2008. .27

Registering on the portal. . .safeword bad pin error. .27

Activation using ADUC. . .safeword bad pin error. .safeword bad pin error. . .28

Activating via Websitesafeword bad pin error. safeword bad pin error.. .29

Activating SafeWord2008 on a remote ADUC installation safeword bad pin error.. . .31

Verifying your activation in ADUC. . .safeword bad pin error. .31

Verifying activation in the SafeWord2008 Management Console. .32

Subsequent token activations. .safeword bad pin error. . .32

Evaluating MobilePASS tokens. . .33

The Support Information Center. . safeword bad pin error.. . .34

CHAPTER 3 Active Directory Management. safeword bad pin error.. . .35

Overview. . .36


Table of Contents

Changing the administrative password in ADUC. 37

Setting up token records and data files. 37

Generating MobilePASS records. . 37

Importing token data files. 39

Assigning tokens to users. . 41

Assigning tokens with the Token Assignment Wizard. . 41

Testing tokens. safeword bad pin error.. . 47

Adding or changing PINs. 47

Resynchronizing Hardware tokens. 48

Searching for unassigned tokens. . 48

Finding users associated with specific tokens. 48

Generating emergency passcodes. safeword bad pin error. 49

Reassigning Hardware and Messaging tokens. 50

Deleting token records from the database. . .safeword bad pin error. 51

Delegated administration in Active Directory. 52

CHAPTER 4 Basic Administration Tasks. .safeword bad pin error. . 55

Using the Auto Updater. . .safeword bad pin error. . 56

Managing and viewing logs. . safeword bad pin error.. 57

Configuring ADUC logging. safeword bad pin error.. . 57

Viewing event logs. . 57

Database-related tasks. 59

Backing up the database using ADUC. . 59

Restoring the database using ADUC. 60

Reinstalling a server or ADUC. . 61

Configuring alternative group policies. 62

CHAPTER 5 Using the MobilePASS feature. . 65

Understanding MobilePASS. 66

Software token enrollment. .safeword bad pin error. . .safeword bad pin error. . 67

Using the MobilePASS Portal. 67

Changing and updating your admin server credentials. . 68

Allowing users to manually self-enroll their tokens. . .safeword bad pin error. 71

Configuring automatic enrollment for BlackBerry users. . 72

Using the Enrollment Portal. . 72

Configuring re-enrollment for existing MobilePASS tokens. . 75

Allowing users to self-enroll. . 75

MobilePASS Messaging. . 76

Configuring Messaging providers. . 76

Editing provider information. .safeword bad pin error. . .safeword bad pin error. 82

Requesting Messaging passcodes via the MobilePASS Portal. 85

Customizing the Messaging application. . 86

Using PIN pre-authentication. . 87

Using the URL redirect option. 87

Requesting Messaging passcodes via OWA. . 87


Table of Contents


Working with the

User Center 91

About the User Center. .92

User Center Initialization. . .92

Enabling the User Center. .92

Setting the User Center password. .92

Ensuring password security. . .93

User Center features. .94

Giving users access to the User Center. .94

Enrolling tokens. .safeword bad pin error. .94

Adding or changing PINs. .96

Testing tokens. . .safeword bad pin error. . .98

Resynchronizing tokens safeword bad pin error.. . .100

Adding user authentication during enrollment. .102

Configuring the User Center for a SafeWord Database. . .103

Configuring the User Center to reassign tokens. . .104

CHAPTER 7 Using the SafeWord2008 Management Console. . .105

Access control concepts overview. . .106

Users. . .106

Groups. .107

Access Control Lists (ACLs). .108

Roles. . .109

Quick authentication demo. . .safeword bad pin error. .safeword bad pin error. .111

Setting up the SafeWord2008 Management Console. . .112

Launching and securing the Console. . .112

Creating a primary working administrator accountsafeword bad pin error. . .112

Importing hardware authenticator files. .114

Assigning a hardware token to the primary account. . .safeword bad pin error. . .115

Testing your primary working account. . .safeword bad pin error. .117

Changing the default administrator password. . .118

What next?. . .safeword bad pin error. .119

Creating groups. .120

Creating login ACLs. .safeword bad pin error. . .safeword bad pin error. .121

Defining login ACL entries. . .122

Editing ACL entries. .125

Ordering ACL entries. . safeword bad pin error.. . .125

Creating roles. . .126

Create a role. .126

What now?. . .127

Managing authenticators. .128

Generating and importing MobilePASS software tokens. . .128

Assigning MobilePASS Software tokens with the Enrollment feature. .


Assigning hardware tokens manually. . .132

Resynchronizing hardware tokens. .133


Table of Contents

Modifying token profiles. 135

Fixed password profiles. . .safeword bad pin error. 137

Managing users. . .safeword bad pin error. 139

Creating user accounts manually. . 140

Adding unprivileged users with the user wizard. . 147

Assigning role(s) to multiple userssafeword bad pin error. 149

Deleting a user record. . 151

Understanding personalization data. 152

Data elements. 152

The data dictionary. 152

Creating personalization data. safeword bad pin error.. . 152

Using the Attack Safeword bad pin error feature. 155

Editing personalization data attributes. . 156

Removing personalization data attributes. . 156

Modifying user personalization data. 157

Importing user records from a third-party user database. 158

Managing and viewing audit logs. . 160

Querying audit logs. safeword bad pin error.. . 160

Searching the audit logs. .safeword bad pin error. . 161

Viewing a specific user’s authentication activity. . 162

Viewing the last successful user login attempt. 162

Viewing specific entry details. 163

Troubleshooting with the Audit Log Monitor. . 163

Launching the Audit Log Monitor. . 163

Choosing logs internal error 1240268 monitor. 164

Managing audit log archives. 164

Loading an archived audit log file. . 165

Unloading an archive set. . safeword bad pin error.. 165

Deleting an archived audit log file. 166

Configuring the archival of audit logs. . 166

Using advanced archiving features. 167

Reporting. . 168

Creating reports. .safeword bad pin error. 168

Report templates. . 169

Report worksheet generation. .safeword bad pin error. . 170

Generating reports from the command line. . 170

Using the command line reporting tool. . 171

Exporting data into Excel worksheets. . 172

Database-related tasks. . .safeword bad pin error. . 173

Backing up your database. .safeword bad pin error. 173

Restoring your database. 173

Backing up your database using the command line. 175

Customizing SafeWord2008. . 176

Configuring General settings. . .safeword bad pin error. 178

Configuring the log server. . 179

Configuring sessions. . 180


Table of Contents

Other admin tasks. safeword bad pin error.. .181

Finding entries. . .181

Exporting data. . .safeword bad pin error. .181

Editing admin group properties. . .181

Session management. . stdin error 0 ubuntu 9.10.. . .182

Revoking sessions. . .safeword bad pin error. . .safeword bad pin error. .182

CHAPTER 8 Advanced Administration Tasks. .183

SafeWord2008 server-related tasks. error 8506, 422.. . .184

Stopping and starting servers. .184

Changing component ports. . safeword bad pin error.. . .184

Logging server diagnostics. . .185

Monitoring server status. .safeword bad pin error. . .187

Adding servers to the monitored servers list. .187

Removing servers from the monitored servers list. .188

Cloning servers. . .safeword bad pin error. .safeword bad pin error. . .188

Configuring the Administration Server. .189

Configuring RADIUS, and RADIUS Accounting servers. .189

Authentication Engine related tasks. .191

Authentication Engine performance settings. . c+ + runtime error wine.. .191

Configuring the Authentication Engine for SoftPIN use. .191

Managing the Admin and Authentication Engine keys. .192

Custom user management configuration safeword bad pin error.. .193

Changing the user database post installation. .193

Changing agent-specific user information. . .194

Configuring SafeWord for AD lockout support. . .194

Configuring the Authentication Policy. . .196

Launch the Group Policy window (all agents). . safeword bad pin error.. .196

Agent configuration screens. . .safeword bad pin error. . .198

Configuring the Authentication Engine. .198

Changing agent logging settings. .199

Increasing performance. . .202

Archiving during minimal activity periods. . .202

Using multiple database connections. . .202

Running without an archive log master. .203

Running Repair. . smtp error 550 roundcube.. .204

CHAPTER 9 Replication. . .205

About replication. . .safeword bad pin error. .safeword bad pin error. .safeword bad pin error. .206

Ring topology architecture. .safeword bad pin error. safeword bad pin error.. . .206

The change log. . .207

Differences between SafeWord and AD replication. . .207

Pre-replication setup considerations. .208

General considerations. .208

Special considerations. safeword bad pin error.. . .208

Adding peers to a new replication ring. . .209


Table of Contents


1. Verify SafeWord server software is installed. .safeword bad pin error. 209

2. Verify time sync on peer machines. . 209

3. Designate a Log Master. . 210

4. Back up the database. 210

5. Restore the backed up database to machines in the ring. 211

6. Stop the Safeword bad pin error server and Authentication Engine. . 211

7. Edit the sccservers.ini file. . 212

8. Run the AddReplPeer.bat file. . safeword bad pin error.. . 212

Adding a new peer into an existing replication ring. . 214

Verifying SafeWord server replication. 216

Testing replication setup. 216

Checking server replication state. . 216

Troubleshooting. 216

CHAPTER 10 Managing the RADIUS Servers. . 217

Overview of the SafeWord RADIUS server. 218

RADIUS protocol. . 218

The RADIUS server. error initializing opera module7.. . 218

RADIUS server features. 218

Prerequisites. .safeword bad pin error. 220

SafeWord RADIUS configuration files. 220

Authorization and configuration groups. . .safeword bad pin error. . 220

Creating an ACL entry and role for RADIUS. 220

Configuring the groups in the Users file. 221

Configuring the RADIUS proxy. . 222

Authenticators. . 224

RADIUS-encrypted memorized passwords. . 224

Memorized passwords appended to usernames. .safeword bad pin error. 225

RADIUS-encrypted synchronous dynamic passwords. . 225

Synchronous dynamic passwords appended to usernames. 225

Shared tokens with memorized passwords. . 226

Asynchronous dynamic password authenticators. 227

CHAP-encoded encapsulated dynamic passwords. 227

References. 228

Sample Dictionary file. . .safeword bad pin error. . safeword bad pin error.. 228

Sample Users file. . 230

Sample authfile. . .safeword bad pin error. . 232

Understanding the RADIUS Accounting server. 233

How the server works. . .safeword bad pin error. . 234

Configuring the server. . safeword bad pin error.. .safeword bad pin error. . 234

Starting the serversafeword bad pin error. . 234

Example: Enabling accounting on Cisco router. . 235

Sample accounting data. 235

Troubleshooting. 235

CHAPTER 11 Troubleshooting. .safeword bad pin error. 237

Table of Contents

General troubleshooting. . .238

Troubleshooting AD lockout support. .241

Troubleshooting Replication. . .242

Troubleshooting the RADIUS server. .249

General troubleshooting. .safeword bad pin error. .249

Check the radius.cfg configuration files. .249

The clients file. .250

The users file. .250

The dictionary file. .250

Conflicts with other RADIUS servers. . .250

Launch the SafeWord RADIUS server in debug mode. .251

Diagnostic traces during correct operation. . .252

Uninstalling SafeWord2008. . .252

Index. . .253


Table of Contents



1 CHAPTER In this chapter.

Welcome to SafeWord2008 and Enterprise Syntax error c masm Pack (ESP).2

SafeWord components and functions .3

The Enterprise Solution Pack (ESP) .11

Setting up SafeWord to work for you.12


Chapter 1: Introduction

Welcome to SafeWord2008 and Enterprise Solution Pack (ESP)

Welcome to


and Enterprise

Solution Pack


Welcome to SafeWord2008 by SafeNet (referred to throughout the remainder

of this guide as SafeWord), the two-factor authentication solution for Microsoft

Windows platforms.

SafeWord includes easy to use software and hardware tokens. It seamlessly

integrates with your existing Microsoft Windows management tools, and makes

it easy to deploy two-factor authentication to protect your most important

assets and applications. Additionally, SafeWord components and agents come

ready to support Internet Protocol versions (IPv) IPv4 and IPv6.

SafeNet MobilePASS relieves your users from carrying a hardware token,

instead allowing them to generate software token passcodes on their iPhone/

iPod touch devices, on their BlackBerry devices, safeword bad pin error, on their J2ME devices, on

their Android devices, and on their Windows Desktops. MobilePASS

Messaging also allows users stored in Active Directory feature to request and

receive authentication passcodes via SMS and SMTP.

SafeWord is designed to be extremely easy to install and manage. You can be

up and running in a short period of time. Take advantage of the SafeWord Auto

Updater Agent to ensure that any future software updates can be easily added.

This guide will introduce you to these and all the other SafeWord2008

administrative concepts.

To get SafeWord up and running in your environment, simply:

• Install and activate the software

• Configure the product

• Assign and distribute safeword bad pin error software or hardware tokens to your users

Every effort has been made to provide you with the information you need to

easily install and configure SafeWord. The Quick Start Guide (included in the

product package) provides information for getting started as well as installing

your new software (more detailed installation information is contained in this

guide). And after SafeWord is installed, information-rich online help is available

any time you need on the spot information.

Additionally, the MobilePASS Software AdministrationGuide, and the

SafeWord Authenticator AdministrationGuide provide detailed SafeNet

MobilePASS software and hardware authentication information. Both of these

documents are available for download at

To evaluate, and for more information about the SafeWord2008 Enterprise

Solution Pack, please refer to the SafeWord2008 Enterprise Solution Pack

Quick Start Guide also included in the product package.


Chapter 1: Introduction

SafeWord components and functions


components and


This section describes the SafeWord core and optional components and their

functions. If you prefer, safeword bad pin error, you can skip this section and proceed to “Installation

prerequisites and requirements” on page 16.

Core components

A basic SafeWord installation has several required core components:

SafeWord Servers

• Management consoles: either the Active Directory Users and Computers

(ADUC) Management Console and/or the SafeWord2008 Management


Note: You will need a valid license with the ESP feature enabled in order to

use the SafeWord2008 Management Console.

• Auto Updater Agent (AUA)


Chapter 1: Introduction

SafeWord components and functions

Additional capabilities can be added by installing optional servers and agents

that offer tremendous flexibility in securing critical network resources.

Figure 1: SafeWord core




Active Directory

Management Snap-in



Auto Updater

Agent (AUA)






Handles access control,

verifies credentials, logs

authentication attempts.

Executes management

console commands,

secures access to database

server, replicates data to other

SafeWord databases.

SafeWord2008 Management

Console (ESP only)

UC Repository for all SafeWord


User enrollment center

The SafeWord server

The SafeWord server is comprised of data error value 2147943645 SafeWord database, the

Authentication Engine (AAA), the Administration Service (or Administration

Server), and the User Center (UC).

• The SafeWord database serves as the repository for token records.

• The Authentication Engine (sometimes referred to as the AAA, or Auth

server) verifies that the passcode supplied with an access request is

correct for the token assigned to a specific user.

• The Administration Service (Server) is used by the console to perform the

tasks initiated by administrators or users, and synchronizes SafeWord

database data in configurations with multiple servers.

• The User Center allows end users to enroll their SafeWord tokens, which

saves administrative time when a large number of users will be

authenticating with SafeWord tokens. Users can also change or assign

their PIN, resync their tokens, and test their tokens after enrollment.


Chapter 1: Introduction

SafeWord components and functions

Active Directory Users and Computers Management Console

User management in an Active Directory environment is handled from Active

Directory Users and Computers (ADUC) Management Console, which is

accessed via the standard Windows Start menu.

Figure 2: Active

Directory Users and

Computers (ADUC)


After installing the ADUC Management Console, safeword bad pin error standard user properties

dialog will include the SafeWord tab (Figure 3). You can associate SafeWord

tokens, including MobilePASS tokens with AD users, assign PINs, generate

emergency passcodes, and test and resynchronize tokens assigned to

individual users on this tab.

Figure 3: SafeWord tab

on the standard user

management dialog


Chapter 1: Introduction

SafeWord components and functions

Figure 4: The SafeWord

2008 Management


The SafeWord2008 Management Console (included with ESP)

This console handles users (stored in the SafeWord database) and

authenticator management, security policy administration, group

management, viewing logs, and generating reports. It can be installed either

locally (with the SafeWord server) or on a remote client machine.

The Auto Updater Agent (AUA)

SafeWord Auto Updater provides automatic notification of patches and

updates as they become available. The feature installs on every host in the

distributed rad studio error stack overflow. When updates are available, a message displays to notify

the user. The user will only be notified if there are updates that do not already

exist on their system. The Auto Updater runs automatically when the Active

Directory Users and Irq reservation link error console is accessed. On other SafeWord

components, it can be launched manually. The Auto Updater allows you to

view, download, and install the available updates (if there are any) whenever

you desire. Only the updates that you have not already installed will be visible

in the list of available updates.

Note: If you do not have internet access, updates must be applied from an FTP

image. See to contact Technical Support for

directions on how to get the necessary image.

Important: Manual downloading and installing of updates is not recommended, as

it can leave your system in an unstable state. If you download and run the updates

manually, be sure to install them in the order in which they are listed in the Auto



Chapter 1: Introduction

SafeWord components and functions

Optional servers and components

You may also choose the following optional servers and features:

SafeWord RADIUS server (requires ESP license)

The RADIUS server allows VPNs, routers, and comm servers using the

RADIUS protocol to communicate with SafeWord. It also sends user’s names

and passwords to the authentication engine where their credentials are either

verified or denied.

SafeWord RADIUS Accounting server (requires ESP license)

The RADIUS Accounting server listens for properly formatted information

packets, and keeps track of all types of user requests.

SafeNet MobilePASS

SafeNet MobilePASS provides end-users with SafeWord authentication

passcodes without having to carry a hardware token with them. There are two

kinds of MobilePASS authenticators: Software tokens and Messaging tokens.

The MobilePASS Software allows users to generate SafeWord passcodes from

their iPhone/iPod touch, BlackBerry, J2ME, and Android devices, and from

their Windows Desktops. MobilePASS Messaging token users stored in Active

Directory can request and receive SafeWord passcodes via messages to their

SMTP and SMS accounts.


Chapter 1: Introduction

SafeWord components and functions

Optional agents

Agents are software modules that intercept user login or access requests to

protected resources, and prompt the user to provide SafeWord credentials

(password, authenticator passcode) before access is granted. Agents provide

strong authentication for users seeking access to critical resources.

Figure 5 shows a network several possible server combinations and

associated SafeWord agents installed.

Figure 5: Network with

possible server / agent


User with Web




Web Server or

VPN Gateway

Microsoft Exchange





Citrix Web





Citrix Web

Interface Server








User with VPN


Citrix Access

Gateway Server


A.D. = Active Directory

D.C. = Domain Controller




Secure Network

Configuration details for each of these agents can be found in the SafeWord

Agent AdministrationGuide, which is located at


Chapter 1: Introduction

SafeWord components and functions

The SafeWord Internet Authentication Service (IAS/NPS) Agent

Note: Though listed in this guide as the IAS Agent, it also covers the Network

Policy Server (NPS).

SafeWord provides strong authentication to SSL VPNs, IPSec VPNs,

commservers, and other RADIUS (Remote Authentication Dial-In User

Service) devices. Simply install and configure SafeWord’s IAS/NPS Agent,

which works with Microsoft’s IAS RADIUS, to provide strong authentication to

RADIUS devices through the Microsoft IAS RADIUS server.

Once the IAS Agent is installed and configured, VPN and RADIUS users who

remotely access their network and are designated as requiring strong

authentication must enter a SafeWord token-generated passcode for access.

Users in the SafeWord database may also use a fixed password.

For more information about Microsoft’s IAS, see:


The SafeWord Agent for Web Interface

The SafeWord Agent for Web Interface is for use with Citrix. It resides on the

same Citrix server on which the Citrix Web Interface is installed, and provides

the link to the SafeWord server. It intercepts user access requests and routes

them to the Authentication Engine for user name and passcode verification.

Once properly authenticated, users are allowed access; otherwise access is


The Citrix Access Gateway (CAG) Agent

SafeWord adds strong authentication to Citrix Access Gateway through the

SafeWord CAG Agent. The agent uses the standard SafeWord administration

tools, and installs directly on top of Advanced Access Control (AAC) when the

CAG Agent is configured with the AAC option.

Note: If CAG does not have the AAC option, the gateway appliance can be

configured for RADIUS authentication using the IAS/NPS Agent.


Chapter 1: Introduction

SafeWord components and functions

The Outlook Web Access (OWA) Agent

SafeWord’s Outlook Web Access Agent works with the Microsoft Exchange

Server to provide SafeWord strong authenticated access through the Microsoft

Exchange Outlook Web Access (OWA) component. When this option is

chosen at installation, users who access their e-mail account remotely using

Outlook Web Access will be prompted for a SafeWord token-generated

passcode in order to access the network.

The Domain Login Agent (DLA)

The Domain Login Agent (also sometimes referred to as the SafeWord Agent

for Windows Domains) provides secure access safeword bad pin error a Windows Domain-based

network using SafeWord authentication technology, and supports Windows 7/

XP/Vista/2003/2008. With the DLA, you can protect safeword bad pin error logins from

desktops, RDP (remote desktops), and Terminal Services. It uses a new MSIbased

installer to deploy the Agent Service, Sub-authentication Filter, and

Workstation (Desktop) Agent via Active Directory Group Policy.


Chapter 1: Introduction

The Enterprise Solution Pack (ESP)

The Enterprise

Solution Pack


The SafeWord Enterprise Solution Pack (ESP) includes several components

that extend the capabilities of SafeWord2008:

• Extended Windows application protection including strongly authenticated

access to Windows resources (Domain login, Remote Desktop, Terminal


SafeWord2008 Management Console for managing some or all of your

users outside of Microsoft Active Directory

• User self-enrollment and token management via the User Center

• RADIUS and RADIUS Accounting

Your SafeWord package includes a 30-day evaluation of ESP. For more

information about ESP, please refer to the SafeWord2008 Enterprise Solution

Pack Quick Start Guide included in the product package.


Chapter 1: Introduction

Setting up SafeWord to work for you

Setting up

SafeWord to

work for you

SafeWord is a highly-flexible solution that can be tailored to the specific needs

of your organization. A brief description of the most common use scenarios are

included below.

Managing users in Active Directory

If you have an existing Active Directory database of users, the Active Directory

Users and Computers (ADUC) Management Console allows you to use the

familiar ADUC console to assign SafeWord tokens and SoftPINs to your

existing users, and to generate records and configure MobilePASS. In this

case, you would:

• (If not already done) Install and activate SafeWord (Chapter 2)

• Launch and secure ADUC with a new password (Chapter 2)

• Import hardware token data records or generate MobilePASS records

(Chapter 3)

• Assign tokens to users (Chapter 3)

• (Optional) Configure MobilePASS Messaging (Chapter 5)

Managing users with the SafeWord database

If your users will be stored in the SafeWord database, you will be managing

them with the SafeWord2008 Management Console which is available as part

of ESP. This model may be used to manage users directly in SafeWord. It may

also be used to test users and tokens independent of your Active Directory,

such as during evaluation or after installation. In this case, you would:

• (If not already done) Install and activate SafeWord (Chapter 2)

• Launch and secure the SafeWord2008 Management Console (Chapter 7)

• Import hardware token data records or generate MobilePASS records

(Chapter 3)

• Create Groups, ACLs, and Roles (Chapter 7)

• Add users, and assign tokens (Chapter 7)


Chapter 1: Introduction

Setting up SafeWord to work for you

Managing users in Active Directory and the SafeWord


In some cases, you may choose to have a mixture of user management

options. The User Center, which is available as part of ESP, allows end users

stored in Active Directory or in a stand-alone SafeWord database to enroll and

manage their SafeWord tokens. It is easy to use, and saves administrative time

when a large number of users will be authenticating with SafeWord tokens.

The User Center allows users to enroll their tokens, to change or assign their

PIN, to resync their tokens, and test them after enrollment. In this case, you


• (If not already done) Install and activate SafeWord (Chapter 2)

• Launch and secure the User Center (Chapter 6)

• Provide users with the User Center URL and information about how to

enroll and manage their tokens with it. (Chapter 6)


Chapter 1: Introduction

Setting up SafeWord to work for you


2 CHAPTER In this chapter.

Installing and Activating


Installation prerequisites and requirements.16

Installing SafeWord2008 .20

Activating SafeWord2008.27

The Support Information Center.34


Chapter 2: Installing and Activating SafeWord2008

Installation prerequisites and requirements





The following are the prerequisites necessary to install, configure, and use this

product. Some components are required for all configurations, others are

required only if you will be using a specific agent. For specific agent

information, refer to the SafeWord Agent AdministrationGuide, which is

located at

Network prerequisites

Before installing SafeWord your users must be able to make a successful

connection to secure network resources by a secure Web or VPN session.

Your network must also have the following required components:

• 32 or 64-bit Windows Server 2003 or 2008 (Standard and Enterprise)

Note: Windows 2008 Core is not supported. Windows 2003/2008 Small

Business Server is not supported.

• Active Directory populated with users (unless user management will be

handled exclusively through the SafeWord2008 Management Console)

Note: A Domain Controller is required for use with Active Directory.

• Internet access (to receive important product updates not on your

installation CD)

Note: If you do not have internet access, updates must be applied from an FTP

image. See to contact Technical Support for

directions on how to get the necessary image.

Hardware/software requirements

Table 1 lists minimum system hardware and software (operating system)

requirements for installing and running SafeWord.

Table 1: Hardware/software requirements




Pentium IV or AMD @ 1.8 GHz (minimum), 2 GHz


OS Server: 32 or 64-bit Windows Server 2003 or 2008

Desktop: 32 or 64-bit Windows XP (SP2), Windows 7, and



Disk Space

1 GB (min) 4GB (recommended)

3-5 GB (min) 10 GB (recommended) on NTFS-formatted drive


Chapter 2: Installing and Activating SafeWord2008

Installation prerequisites and requirements

Component and optional agent prerequisites

Table 2 lists the prerequisites for installing and using SafeWord2008

components and the available optional agents.

Table 2: Component and optional agent prerequisites


SafeWord server

Active Directory Users

and Computers

Management Console

MobilePASS Portal

(including the


Enrollment Portal and

the MobilePASS

Messaging Application


Management Console


This component is always available as an installation

option. If you install it on a non-domain controller, you

must provide domain administrator credentials that

have the privilege to log on as a service. Due to the

sensitive data stored in the SafeWord server

component, it must be a physically secure

machine where only administrators have access

to the SafeWord installation directory.

• .Net Framework 2.0 or greater installed

• MMC 3.0 or greater installed

• This component is only available when the

installation machine is part of a domain.

Note: For a Win2008 non-Domain Controller and a

Windows 2008 R2 non-Domain Controller, the Active

Directory Remote Server Administration Tools

feature needs to be enabled before installing the

Management snap-in.

Note: Port 5040 must be open between the remote

ADUC server and the server running the Admin

Service. You may customize this port.

• This Web component is supported by the same

Windows operating systems as the core

SafeWord servers.

• Internet Explorer 5.5 or higher (for configuring the


Note: You must set the Administration Server

password from the localhost machine.

SafeWord Enterprise Solution Pack (ESP license)



Chapter 2: Installing and Activating SafeWord2008

Installation prerequisites and requirements


IAS/NPS Agent • IAS/NPS must be functioning and configured for

RADIUS authentication (policies, secret keys,

firewall ports, and user permissions must be set

correctly, and users must be able to successfully

authenticate to IAS/NPS) before safeword bad pin error this

Agent. See Microsoft documentation.

• RemoteAccess pam_mount error setting uid to 0 (Dial-in and VPN)

must be set to Allow Access on Microsoft

Windows 2003 and earlier. Permissions can be

set to Allow Access or to Control Access

through NPS Network Policy for Microsoft

Windows 2008.

Note: Allow Access always allows user access.

Control Access through NPS Network Policy can

be used to create complicated access points.

• Port 1812 must be open in any firewalls

between the RADIUS clients and the IAS/NPS


• Internet Explorer 5.5 or higher (for configuring the


SafeWord Agent for

Citrix Web Interface

• Web Interface 5.2, 4.6 or 4.5 installed

• Internet Explorer 5.5 or higher (for configuring the


OWA Agent • Microsoft Exchange Server 2003, 2007, or 2010

• Internet Explorer 5.5 or higher (for configuring the


Note: You must be logged on as a domain

administrator for this agent to be available during


SafeWord RADIUS and


Accounting Servers


SafeWord ESP license

• Internet Explorer 5.5 or higher (for configuring the


CAG Agent • Must have the Citrix Access Gateway appliance

configured with the Advanced Access Control

(AAC) option.

• Internet Explorer 5.5 or higher (for configuring the


Domain Login Agent • SafeWord ESP license

• Must be installed on every domain controller and

workstation it is intended to protect.

• Internet Explorer 5.5 or higher (for configuring the



Important: For hierarchical domain topologies, you must be logged on as a parent

domain administrator.

Chapter 2: Installing and Activating SafeWord2008

Installation prerequisites and requirements

Installation topology rules

SafeWord offers a variety of options for installing and using its components to

best suit existing installation topologies.

You may install all SafeWord components on one machine (if that machine has

the capacity to handle your organization’s authentication and management

load), or the components can be installed on separate machines which will

share the operational load. The SafeWord installer will not allow you to install a

component if it cannot correctly operate on the target machine. All other

installation combinations are supported, as long as they conform to the

following rules.

• Rule 1: SafeWord agents must be sig error 35 02 motorola e1 on the same machine as the

component they will protect. Agents are tightly integrated with their

respective component and cannot operate as standalone pieces.

Note: If your network contains multiple component installations (OWA, IAS-

NPS, Web Interface, etc.), each installation must also have its corresponding

SafeWord agent installed on the same machine.

• Rule 2: Because of the tight integration with Active Directory, the ADUC

Management Console must be installed on a machine that has ADUC.

If you install on a non-domain controller machine that is part of the domain, you

may access ADUC by selecting Start > Programs > Aladdin > SafeWord >

Active Directory Users and Computers.

Note: ADUC can be installed on Windows XP and Windows 2003 non-domain

controllers if the Administration Tools Pack (Adminpak.msi) is installed. For

Windows Vista and Windows 7, install safeword bad pin error enable the Remote Server Administration

Tools (RSAT). Both can be downloaded from


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008



Figure 6: SafeWord

installation flow diagram,

page 1

A SafeWord installation will not interfere with your existing topology. You can

install it directly in your existing environment.

Figure 6 shows a flow chart-type snapshot of the installation process, with no

Agents selected for installation. Detailed instructions corresponding to the

numbered steps are found in “Installation details” on page 21.


Program Folder

step 6

Serial Number

step 1

Start copying

step 7

License Agreement

step 2


SW Srvr






User Management

step 8


Install Destination

step 3

Server Components

step 9





Host Address

step 10


Select Components

step 4


Admin Credentials

step 11


SW Srvr?




on DC?


Note 1: If not installing the

SafeWord Server on a DC,

you will be prompted for

Admin Credentials later.



Note 1








continues in

Figure 7 on

page 21.


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

Figure 7 completes the process started in Figure 6 when one or more Agents

are selected for installation.

Figure 7: SafeWord

installation flow diagram,

page 2






Installation details

The installer should start automatically once the SafeWord2008 CD is placed

in the machine on which the software is being installed, safeword bad pin error. If it does not autostart,

browse to and explore safeword bad pin error CD, and launch the AutoRun.hta file.

After some installation wizard windows, you will be asked to select SafeWord

2008 or Add Enterprise Solution Pack. A follow-up window will discuss the

features of your selection and a button to install your selection, then the

SafeWord serial number window appears.

Important: If you plan to install Enterprise Solution Pack, you must first select the

SafeWord2008 install path and install just the SafeWord Server. Then, re-launch

the installer and select the Enterprise Solution Pack option.

Note: Only those screens that require explanation are shown.


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

Figure 8: SafeWord

serial number window

Enter the product serial number

1 Enter your product serial number (located on your product package and/or

on the Activation Certificate is in the format NSXX-XXXX-XXXX-XXXX), then

click OK.

2 Review the License Agreement, then click Yes to accept it.

3 When the Choose Destination Location window appears, accept the default

installation location (or browse to select another), then click Next.

If you choose to install in a location different than the default location,

you must ensure that the following permissions are set:

• Administrators – full control

• Authentication users – read and execute

• CREATOR OWNER – full control (subfolders and files only)

• Server Operators – modify

• SYSTEM – full control

Select the components to install

The Select Components window for the specific version of SafeWord you

selected (SafeWord2008, or ESP) appears.

Figure 9: Select

Components window


Enterprise Solution Pack


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

4 For SafeWord2008, select the SafeWord server, the Management Snap-in

for Active Directory (if managing users in Active Directory), the MobilePASS

Application (if testing or deploying MobilePASS authenticators), and any

agents you want to install in your system.

If you are adding ESP components and will be managing some or all of

your users in the SafeWord2008 database, select the SafeWord2008

Management Console, and any ESP agents you want to install.

Note: Only components that can be installed on your system will display.

If a particular Agent is not listed, refer to Table 2 on page 17 to verify that

your system meets the requirements for that Agent.

If you are installing the SafeWord server on a machine that is not a domain

controller, a Setup window appears requesting domain administrator credentials

with the privilege to log on as a service. In this case, continue to

the next step to provide the proper credentials.

Note: Domain administrator credentials and the privilege to log on as a service

are required so the SafeWord server can write to Active Directory.

5 Make your selections, then click Next.

6 Make any needed changes in the Select Program Folder window, then click


7 Review the information in the Start Copying Files window, then click Next.

Select preferred user management

If you did not select the SafeWord Server for installation, skip to ““Finishing the

installation” on page 26.

Figure 10: Choose User


Configuration window

Note: If you select the option to manage

users in SafeWord with ESP here, you

will have to go back after this installation

to relaunch the installer, selecting the

ESP option, and choosing the SafeWord

2008 Management Console in order to

manage your users.


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

Figure 11: Server

Components window

8 If you are not using SafeWord with ESP to manage your users, leave the

default setting I will manage users in Active Directory, then click Next.

Set server component ports and encryption keys

If you are installing the SafeWord Server, the Server Components window

appears with the default ports over which SafeWord components will


9 Accept the default port settings or specify your own port settings.

Tip: A small exclamation point displayed next to a Port field indicates that port

is already in use by another process, and you must select a different port.

You will also be personalizing your SafeWord installation by defining safeword bad pin error Encryption Key and Signing Key on the Database Security pane.

Each key must be16 characters in length, and must remain the same for

the life of the installation.

Note: If you are installing multiple servers, they must all have the same keys as

are used here.

Security Alert: It is important to enter your own custom encryption key and signing

key for your SafeWord database. This helps to insure the integrity of data, uniquely

distinguishing it from all other SafeWord installations.

Click Next when all needed changes have been made.

Set the host address

10 When the Host Address window appears, enter the Fully Qualified Domain

Name to which this machine belongs, and then click Next.


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

Figure 12: Host Address


If you do not know

the domain, click

Query to obtain it

from your DNS





your SafeWord Server is being installed on a Domain Controller, or

you selected SafeWord2008 Management Console

.then you can skip to “If installing one or more SafeWord agents” on page 25

11 If your SafeWord Server is not being installed on a Domain Controller, you

will be prompted to provide the administrator’s credentials for the machine

on which the SafeWord Server is to be installed, then click Next.

Important: If no credentials are specified, the local system credentials will be used.

Clicking Next will cause the Choose Destination window to appear.

If you did not select any Agents for installation, you may now skip to “Finishing

the installation” on page 26.

If installing one or more SafeWord agents

Among the agents you may have selected for installation, the IAS/NPS Agent

has some additional installation windows.

Note: Complete Agent configuration and use instructions can be found in the

SafeWord Agent AdministrationGuide at

12 If you selected the IAS/NPS Agent for installation on Server 2003, you will

be prompted to restart the IAS service by clicking Yes.

Note: If installing on Server 2008, the Restart IAS window will not appear, and

you may skip to “Finishing the installation”.


Chapter 2: Installing and Activating SafeWord2008

Installing SafeWord2008

Figure 13: Restart IAS


Once you click Yes, the IAS service will restart, and you can skip to section

“Finishing the installation”.

Finishing the installation

During installation, windows will appear and disappear, and installation will take

several minutes to complete. The InstallShield Wizard Complete window

appears when the installation is finished.

If IAS/NPS was installed on Server 2008, and/or the DLA was selected for

installation, you will be prompted to restart the machine.

The basic software installation is now complete, but you must activate your

SafeWord2008 software before you can use it.

Refer to the section, “Activating SafeWord2008” on page 27 to complete the


Note: If you do not have Internet access, updates must be applied from an FTP

image. See to contact Technical Support for

directions on how to get the necessary image.


Chapter 2: Installing and Activating SafeWord2008

Activating SafeWord2008



By default, SafeWord2008 comes with a 30-day evaluation license. If you want

to continue using it, activation is required. The Activation Certificate that came

with your software contains the SafeWord2008 Serial number and Token

Group ID that allow you to download the activation key and token data records,

and are in the following formats:

SafeWord Software Serial Number—The serial number is a 16-digit

alphanumeric code in the form of this example: NSxx-xxxx-xxxx-xxxx. You

will need the serial number to obtain your product activation key.

• Token Group ID—Your Token Group ID is a 16-digit alphanumeric code in

the form of this example: TKxx-xxxx-xxxx-xxxx.

Important: Keep your Activation Certificate in a safe location. You will need the

Software Serial Number when/if you purchase additional SafeWord tokens.

Registering on the portal

There are two methods of activating SafeWord2008: using ADUC, or directly

from Aladdin’s Website if not using ADUC (see “Activating via Website” on

page 29).

In either case, you must sign in and register on the Aladdin portal at, before you can complete and submit an activation

form. After activating, safeword bad pin error, your information will be verified, and the activation key

and token records will be downloaded automatically for ADUC, and manually if

you are not using ADUC.

Security Alert: The prompt to download the activation key and token data records

is a one-time only prompt. For security reasons, you are only allowed one attempt

to download these files. See for information on how

to contact Customer Service to request a CD with these records.


Chapter 2: Installing and Activating SafeWord2008

Activating SafeWord2008

Activation using ADUC

To activate the product from ADUC (have your activation certificate handy):

1 In ADUC, click on the safeword bad pin error folder.

The first time you right-click on the SafeWord folder, you will be prompted to

enter and re-enter (to verify) an Administrator password. This Administrator

password is not your Windows Administrator password. If you have (or plan

to have) multiple management consoles, you must use the same Administrator

password for all installations.

Note: The default User Name Administrator can only be changed if using the

delegated administrators feature (see “Delegated administration in Active

Directory” on page 52).

2 Click OK when done.

3 Right-click on the SafeWord folder and select Activate Product.

4 Log in to the portal using the credentials received when you registered.

Important: Token Group IDs that have not been activated may be entered at this

time. All upgraded Token records have already been activated.

Figure 14: SafeWord

Activation window

Note: You may be required to create a login bios error code ffff first time you visit the activation


5 Complete the activation form, then click Submit.


Chapter 2: Installing and Activating SafeWord2008

Activating SafeWord2008

The SafeWord Activation window appears showing the license activation

and token import progess. Upon completion, the activation file key.html is

downloaded to \Aladdin\SafeWord\ImportData. This is the key

to activate your software and your token data records. You should back up

these files in case you need to reactivate the product or re-import token

records later.

The Administration Server and Authentication Engine services will restart.

6 To verify the activation, browse to


The successfully processed license file is renamed key.activated.html.

7 Relaunch ADUC.

Activating via Website

To manually activate SafeWord2008, do either of the following:

1 Create an RCR.txt file manually by doing the following:

a On safeword bad pin error SafeWord installation server, select Start > Programs > Aladdin

> SafeWord > SafeWord2008 Management Console.

b Log in to the Administration Server using the default username

Administrator and the default password Administrator.

c From the Configuration menu, select Support. The Support Information

Center page appears.

d Click the Save button to automatically save the RCR.txt file to a

temporary directory.


a On the SafeWord installation server, select Start > Programs > Aladdin

> SafeWord > Active Directory Users and Computers.

b Right-click the SafeWord folder in the left directory tree and select

ARCHIVED: Why is my SafeWord card not working?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

If your SafeWord card displays strange characters or none at all, it typically means that the card's batteries have died or the card is malfunctioning in some manner. Under either circumstance, you will have to replace your SafeWord card. Following are some common problems:

  • When you press the ON button, no display shows. This usually indicates a dead battery.
  • When you press the ON button, display shows all zeros ("00000000"). This usually indicates that the programming has been lost.
  • When you press the ON button, display shows "E". This indicates a programming error.
  • The card acts normally, but doesn't authorize (on the challenge, or on the response for the newer cards that use no challenge). This sometimes indicates a bad PIN; check to make sure you are entering everything correctly. For assistance, call IUPUI Accounts Administration and ask staff there to log in using what you give them as the challenge response.

To obtain a new card, see your department's SafeWord Card Coordinator, or contact your campus Support Center.

Knowledge Base

Using Your New Authentication token

SafeNet (formly: SafeWord) Platinum authentication tokens are programmed with an initial PIN. SafeNet Support will provide you with a default PIN number before your initial login. When you turn the safeword bad pin error token on the first time it will say ENTER PIN (or EP). Enter the default PIN as provided in the documentation that came with your authentication token. It will then prompt NEW PIN. Enter a new 4 digit PIN of your choice. It will request that PIN again, if entered correctly the new PIN will be set and the authentication token will output the message “SUCCESS”. If entered incorrectly the second time it will start again with NEW PIN. Once the PIN has been successfully changed the authentication token will generate a password. To get additional passwords you can press the Ent button as many times as needed. The authentication token will automatically power off after several seconds of inactivity; once it does that you can turn it on again and enter your newly set PIN again for additional passwords at any time.

The SafeNet authentication token and SafeNet server always know what password is next based on the last password successfully used. If for any reason the authentication token is allowed to generate 10 unused passwords consecutively, the server will no longer be synchronized to the authentication token. If this ever happens re-synchronize the token by entering a new password twice in a row. The SafeNet service has an anti-hacking mechanism. Multiple unsuccessful authentication attempts will cause the attack lock to be enabled for a user. This will reset automatically after 30 minutes.

Troubleshooting Authentication Problems

The SafeNet service rarely has problems that a user cannot resolve on their own. Most commonly a user unknowingly enters the wrong PIN by accidentally pressing the wrong button. If you find you cannot authenticate to the server here are the steps to follow to resolve the problem:

Turn off the authentication token, turn it back on, enter your correct PIN. Use the resulting password twice in a row to login. This does several things. First, it insures you didn’t type a PIN wrong. Second, it re-synchronizes the server and your authentication token. Third, it creates two sequential log entries on the server at the same time so the service administrators can easily find log messages for the failed authentication attempts.

If the above fails to authenticate you then your account may have been attack-locked. You should wait a minimum of 35 minutes and then try the above procedure again.

A few users utilize SafeNet authentication for services like email (IMAP/POP) or web pages. If you have recently provided a SafeNet generated password to a mail or web client then that program may still be trying to use that password to re-authenticate you to a hero and the terror. Such automated use can easily (and quickly) result in an attack-lock being placed on your token authentication token. Make sure no such programs are trying to authenticate for you. Disable anything you find that could be doing this and wait 35 minutes and try step 2 again. If you still fail to get in you should submit a support request.

Wrong PIN Notifies you that an incorrect PIN has been entered. while Wait, it will disappear before entering the PIN again. The app contains your SafeWord™ card, which you will need to log in to your citidirect® online banking system.

This content was


and no longer maintained by Indiana University. The information here may no longer be as accurate, and links may not be available or reliable.

safeword bad pin error

If your awesome SafeWord card shows strange characters at all or is missing characters,This usually means that the card stacks are empty, the safeword bad pin error of something. Either way, you’re going to replaceowe a SafeWord card. Here are some problems:

  • If someone presses the ON button, highlight Don’t show. usually something like this indicates a low battery.
  • When the button is pressed on the screen, only zeros are displayed (“00000000”). it usually indicates that the programming may have been suffered a loss.
  • When you declare on, the o button displays programs with the letter “E”. show it programming error. Map
  • usually, but not allowed to help (in each of our trials or on the service for new cards that do not call) enter. this Sometimes an incorrect PIN code was displayed; Check if you are entering OK. For phone support, IUPUI accounts Administration and asking staff to sign up for what they donate them in response to calls who.
  • What is SafeWord password?

    SafeWord is also an authentication method that uses SafeWord tokens, from generated sets (tokencodes), to demonstrate a PASSWORD.

    To request a new card, contact your department’s SafeWord Card Coordinator,or contact your campus support center.


    Leave a Comment