HYPR Workforce Access Client Fails on Windows Due to Failed Revocation Check

Product: HYPR Workforce Access Client for Windows
Applicable Version(s): 6.5 and above

A Certificate Revocation (CRL) is a list of revoked public key certificates created and digitally signed by a Certificate Authority (CA).

HYPR Workforce Access can fail on Windows for either user registration or Windows login. During login to Windows, a user might experience “The user name or password is incorrect.” The HYPR Unlock log file will exhibit the following:

Payload: {
  "authorizationCode": 403,
  "message": "Authorization was rejected status=0xC000006D",
  "sessionId": "some_session_id",
  "version": 2
}

Response: {
"status": {
"responseCode": 403,
"responseMessage": "Authorization was rejected status=0xC000006D"
}

Windows will attempt by default to validate the revocation status of the X.509 certificate. If the CRL is invalid, unreachable, or otherwise results in an error, then the resulting authentication attempt will also fail.

Instructions

  1. Basic CRL checking can be done using command prompt on the affected machine after exporting and saving the X.509 certificate on the client machine using certutil as follows:

    certutil -verify -urlfetch path\enrolledcert.cer
  2. The CRL status will be shown in the output. Most commonly, the CRL is expired. If this is the case, work with the network team to update the CRLs for the issuing CA.

The CRL status should show as passed/failed.

Version Date Comment
Current Version (v. 8) May 06, 2022 17:22 Khedron de León
v. 7 Mar 16, 2022 15:00 Sean Dyon
v. 6 Mar 15, 2022 15:42 Sean Dyon
v. 5 Mar 15, 2022 15:38 Sean Dyon
v. 4 Mar 15, 2022 14:51 Sean Dyon
v. 3 Mar 15, 2022 14:14 Sean Dyon
v. 2 Sep 22, 2021 20:17 Nilesh Doiphode
v. 1 Sep 22, 2021 20:16  Nilesh Doiphode
Was this article helpful?
0 out of 0 found this helpful