Hello all, Im new to the MEE. I have a question concerning invalidated Users. I use SafeSign PKI Smartcards on a Test Notebook. The user is invalidated after three incorrect logins. Now i use the Recovery (User Recovery) and i change the users token to password only. (Referring to the manual all other options wont work when a user is invalidated).
Now im able to login again (with password only token). Now i want to change the Password Only Token back into a SafeSignPKI Token or try to generate a new Token. This ends up with the error 0xe0010003 Unsupported Token Type. I could use the Machine Recovery to boot once but that doesnt helpt to activate that user again.
If i dont change the token to password only i can reset the token with the Token Administration Software from Safe Sign. After doing this i can use the card again. This is nice in my test environment where my "User client" and card is in front of me.
But what happens if a user who is for example in a foreign country forgets his Smartcard PIN ? I can change his token to password only and he can login but his Smartcard is worthless now. And How can i reactivate this card again ? Do i have to completely delete the user and recreate it ? Are there any other possibilties ?
I have no official support from AET (Safe Sign). I worked through some documentations about their SafeSign Middleware and i found nothing. I think a solution could be to use this Administration -Tool on every Client and use The Machine Recovery Option from Endpoint Encryption. (User has to reset his token on his own). But i see that this is not the responsibility of Endpoint Encryption.
But whats about the changing of a token ? Is it generally not possible to change a password back into a safesign token? And another Question Pops up: Is it possible to assign 2 tokens to one user ? Lets say a password only token and a safe sign smart card token ?