3SKey - Troubleshooting Guide · The following table shows the changes to the March 2014 release of the 3SKey Troubleshooting Guide, ... • Windows 7 (32-bit or 64-bit), optionally

3SKey

Troubleshooting GuideThis document provides solutions to problems you can encounter when you install or use 3SKey.

06 March 2015

Connectivity

Table of Contents

.Preface .............................................................................................................................................................................3

1 Troubleshooting - Installation ................................................................................................................... 4

1.1 Latest Version of Installation Software .................................................................................................. 4

1.2 Install the SWIFT CA Certificate ............................................................................................................. 4

1.3 System Configuration Test Results ........................................................................................................ 5

1.4 SWIFT Token Client Menu Missing ...................................................................................................... 10

1.5 Incompatible Third Party Software ....................................................................................................... 10

2 Troubleshooting - Log-in ........................................................................................................................... 11

2.1 I cannot log-in .......................................................................................................................................... 11

2.2 I cannot see my token's certificate when I log in to the Treasury application, sign myfiles or log in to the 3SKey portal .......................................................................................................... 11

2.3 Website Security Certificate .................................................................................................................. 14

2.4 I cannot select the token on the login screen or the password field is greyed out ....................... 14

2.5 I see multiple certificates ........................................................................................................................ 15

2.6 Java.lang.NullPointerException ............................................................................................................ 16

2.7 01253: Signature verification failed. Please use a valid token. ....................................................... 16

2.8 Token and/or password incorrect ......................................................................................................... 17

2.9 04221: Certificate on token to reset is in renewal window. .............................................................. 18

2.10 The web page cannot be displayed (Windows 7 and 8) ................................................................... 19

2.11 Java has discovered application components that could indicate a security concern ................. 19

2.12 Login Failed .............................................................................................................................................. 21

3 Troubleshooting - 3SKey Portal ............................................................................................................. 25

3.1 Password rules ........................................................................................................................................ 25

3.2 Password on NG-Flash Tokens ............................................................................................................ 25

3.3 Password Error Messages ..................................................................................................................... 26

3.4 Your 3SKey Portal Session Ends When You Authorise a Pop-up .................................................. 28

3.5 Failure to download the Security Code using Internet Explorer 9 or higher .................................. 29

3.6 I need to use my token on a USB port that is write-protected ......................................................... 30

3.7 Incorrect Locked Token display during Reset .................................................................................... 31

3.8 When can I not reset a token? .............................................................................................................. 31

4 3SKey Support ............................................................................................................................................... 33

.Legal Notices ...............................................................................................................................................................36

3SKey

2 Troubleshooting Guide

PrefacePurpose of the document

This guide provides a troubleshooting section that explains how to resolve problems that maybe encountered during installation or when working on the 3SKey portal.

Audience

This document is for the following audience:

• 3SKey administrators

• 3SKey users

Significant changes

The following table shows the changes to the March 2014 release of the 3SKeyTroubleshooting Guide, but does not include general edits and minor updates.

New information Location

A new topic was added regarding the SafeNetClient software (SAC).

"Incorrect Locked Token display during Reset" onpage 31

Security settings for Internet Explorer and Javahave been added.

For a complete list of TLS and SSL settings, see"System Configuration Test Results" on page 5> Configure the browser and java settings.

Related documentation

• 3SKey Token Installation Guide

• 3SKey Portal User Guide

• 3SKey Getting Started for Corporates

Preface

06 March 2015 3

https://www2.swift.com/go/book/book131859/book131859/html





1 Troubleshooting - Installation

1.1 Latest Version of Installation SoftwareIntroduction

When you install the 3SKey token software on a user's PC, it is essential that you use the latestversion of the installation software.

A new 3SKey NG-FLASH token is always initially loaded with the most recent version of theinstallation software. However, if the 3SKey installer is updated after you receive the NG-FLASHtoken, then the installation software on it will no longer be up to date.

If you are not sure whether you have the latest version of the installation software on your NG-FLASH token, then SWIFT recommends that you refer to the Getting started page of the 3SKeyweb site and download the latest version by clicking the link Download the 3SKey InstallationProgram.

1.2 Install the SWIFT CA CertificateImportant

It is only necessary to carry out this procedure if you did not install the SWIFT CA certificatewhen you installed the token software.

The procedure installs the SWIFT CA certificate for all users of the PC.

Procedure

During the installation process, the installer installs the SWIFT CA certificate by default. If youchose not to install the SWIFT CA certificate at that time, then you must use this procedure toinstall it:

1. If you are using a 32-bit system, then open windows explorer and navigate toC:\Program Files\SWIFT\SWIFT Token Client\_uninst.

If you are using a 64-bit system, then open windows explorer and navigate toC:\Program Files (x86)\SWIFT\SWIFT Token Client\_uninst.

2. Double-click ca.reg.

3SKey


http://www.swift.com/3skey/getting_started.html

The system prompts you to confirm that you want to add the certificate information to theregistry:

3. Click Yes .

The system confirms that the registry has been updated:

4. Click OK .

1.3 System Configuration Test ResultsIntroduction

Before installation of the token software starts, the System Configuration Test Resultswindow shows the settings that the token software requires for successful installation.

Troubleshooting - Installation

06 March 2015 5

Free disk space

Minimum disk space required for successful installation is 500 MB on each PC on which thetoken software is to be installed.

You must remove files stored on the PC until the minimum disk space requirement is met.

Installed patches

A minimum level of service pack compliance is required for each PC on which the tokensoftware is to be installed. The service pack compliance level depends on the operating systemresident on the PC.

Operating system (OS) version

Your PC must run one of the following operating systems:

• Windows Vista (32-bit) with Service Pack 1 or higher

• Windows 7 (32-bit or 64-bit), optionally with a Service Pack

• Windows 8 (32-bit or 64-bit)

• Windows Server 2008 R2 (32-bit or 64-bit)

You must install the appropriate level of the operating system on each PC on which the tokensoftware is to be installed.

Internet Explorer

You can install the token software on a computer that is running either version 7.0, 8.0, 9.0,10.0 or 11.0 of Internet Explorer (32-bit).

Note For Windows 8 users: make sure that you have switched to desktop mode beforelaunching internet explorer.

Java

To access the the 3SKey portal, your system requires a 32-bit version of the Java RuntimeEnvironment (JRE).

The minimum supported versions are:

• Java 6: 1.6.0_32

• Java 7: 1.7.0_07

• Java 8: 1.8.0_01

You must download and install Java from the Java web site.

Privilege

Administrator rights are required to install the necessary drivers and software.

You must have administrator rights on each PC on which the token software is to be installed orcontact a system administrator to perform the installation.

System configuration test results confirmation

After installation of the token software has occurred, the installation results appear.

3SKey


http://www.3skey.com

http://www.java.com

The test can also be run manually after the installation by going to Start > All programs > SwiftToken Client and clicking on SelfTest. To do this requires administrator rights.

Safenet Authentication Client

If you requested the installation of the Safenet Authentication Client as part of the installationprocess, then the result appears as OK.

If the software does not install correctly (or at all), then:

• uninstall the SWIFT token client

• restart the PC

• reinstall the token software

If the Safenet Authentication Client still shows an error, then contact SWIFT for support. See"3SKey Support" on page 33 for support details.

Next generation Java plugin

If there is an error result for the Next Generation Plugin test, then take the following steps:

1. Navigate to the Windows Control Panel and open the Java Control Panel.

2. Click the Advanced tab and expand Java Plug-in.


06 March 2015 7

3. Select Enable the next-generation Java plug-in (requires browser restart):

4. Click OK to close the window and save your settings.

Java network proxy settings

If there is an error result for the Java Network Proxy Settings test, then take the followingsteps:


2. Click Network Settings .

3. Make sure that the Use browser settings option button is selected:

Internet Explorer Uses Proxy

If there is an error result for the Internet Explorer Uses Proxy test, then the Self Test hasdetected that the Internet Explorer proxy on your system is enabled.

The use of the Internet Explorer proxy with the SWIFT Token Client is not qualified. It is possiblethat the proxy will block access to https://www.3skey.com.

The token accesses the the 3SKey portal on port 443, which is the default port for HTTPStraffic. The best practice is to open this port in your Internet Explorer proxy. If this is not

3SKey


https://www.3skey.com


compliant with your security policies, then please ensure that an exception is put in place forhttps://www.3skey.com.

Alternatively, you can disable the proxy, using the following procedure:

1. In Internet Explorer, click the Tools menu and select Internet Options.

2. Click the Connections tab and then click LAN Settings .

3. If allowed within your organisation, make sure that the settings Use automaticconfiguration script and Use a proxy server for your LAN are not selected:

Internet Explorer secure protocols

If there is an error result for the Internet Explorer Secure Protocols test, then take thefollowing steps:

1. In Internet Explorer, click the Tools menu and select Internet Options.

2. Click the Advanced tab.

3. In the Security settings, make sure that the Internet Explorer advanced settings areenabled as follows.

Item Setting

HTTP 1.1 settings > Use HTTP 1.1 Must be selected

HTTP 1.1 settings > Use HTTP 1.1 through proxy connections Must be selected

Security > Check for server certificate revocation Must NOT be selected

Security > Use SSL 2.0 Must NOT be selected

Security > Use SSL 3.0 Must NOT be selected

Security > Use TLS 1.0 Must be selected

Security > Use TLS 1.1

Security > Use TLS 1.2

Optional, but recommended

Security > Warn about certificate address mismatch Must be selected

SWIFT CA certificate

If there is an error result for the SWIFT CA Certificate test, then the SWIFT CA Certificate isnot installed. To install the SWIFT CA certificate, see "Install the SWIFT CA Certificate" on page4.


06 March 2015 9

https://www.3skey.com

1.4 SWIFT Token Client Menu MissingDescription

You want to run the SWIFT Token Client Self Test, but the SWIFT Token Client menu is notavailable on the Start menu.

Solution

Either the software installation has failed, or the menu option has been deleted.

• To run the Self Test, open Windows Explorer, navigate to the installation software folder,open the PDI subfolder and run PDISelfTest.vbs.

Note The Windows Script Host (WSH) must be enabled for the .vbs scripts used bythe installer to execute properly.

The default installation folder is C:\Program Files\Swift\Swift Token Client for a 32-bitsystem.

The default installation folder is C:\Program Files (x86)\Swift\Swift Token Client for a 64-bit system.

• The software installation has failed, and the installation software folder is missing.

You must reinstall the software as described in the 3SKey Token Installation Guide.

• The SWIFT Token Client has been uninstalled.

If the SWIFT Token Client has been uninstalled, then only log files are still available. Youmust reinstall the software as described in the 3SKey Token Installation Guide.

1.5 Incompatible Third Party SoftwareIncompatible software list

A list of programs that are potentially incompatible with the installation of the 3SKey software ispublished on the 3SKey portal.

3SKey


https://www2.swift.com/uhbonline/books/public/en_uk/3skey_inst_guide/index.htm


http://www.swift.com/3skey/help/incompatible_software.html

2 Troubleshooting - Log-in

2.1 I cannot log-inI cannot log in to the 3SKey portal

If you experience log-in problems and cannot connect to the 3SKey portal, then please carry outthe following checks.

Log-in checks

1. Check that your Internet connection is available by trying to connect to another web site.

2. Check that your token is correctly inserted into the USB port. Connect the token to anotherUSB port and try to log in again.

3. Check that the version of Internet Explorer is 7.0 or higher and check that the correctversion of Java is installed. The Java version is 1.6.0_32 or higher for Java 6, 1.7.0_7 orhigher for Java 7, or Java 8.

4. If you are running a 64-bit system, then check that you are using both Internet Explorer 32-bit and Java 32-bit.

5. Make sure that your firewall and proxy settings have not changed and that the SSL port isnot blocked. You can verify the proxy configuration in the "System Configuration TestResults" on page 5.

6. Check that the token software is correctly installed as described in the 3SKey TokenInstallation Guide and that the system is configured properly by running the SelfTest underStart > All Programs > Swift Token Client..

7. Check that the certificate on your token has not expired. You can check the expiry date atInternet Explorer > Tools > Internet Options > Content > Certificate.

If this does not solve the problem, then see the section "3SKey Support" on page 33 forthe next step.

2.2 I cannot see my token's certificate when I log into the Treasury application, sign my files or log into the 3SKey portal

This page cannot be displayed

If you cannot see your token's certificate because you cannot view the web page (as below),then refer to the section "The web page cannot be displayed (Windows 7 and 8)" on page 19.

Troubleshooting - Log-in

06 March 2015 11



I cannot see my token's certificate when I log in to the Treasury application, sign my files or login to the 3SKey portal

If you cannot see your token's certificate when you attempt to log in, then please perform thefollowing actions to ensure that the certificate is detected correctly:

1. Go to Internet Explorer, select Tools > Internet Options > Content > Certificates.

2. Verify the validity of the certificate by making sure that the Expiration date value has notpassed yet. If the date has passed, this means that your certificate is expired and needsrecovery.

If your certificate has not expired, then proceed with the next steps.

3. Unplug your token.

4. Go to Internet Explorer, select Tools > Internet Options > Content > Certificates.

5. On the Personal tab, you can see all the certificates on your PC.

If there is a corporate certificate in the Issued To column (format = corp12345678) andIssued By SWIFT, then you can safely delete it, but only if there is no token plugged in.

Click Remove .

Important Other personal certificates can be installed on your system, so only delete thecorporate certificate of your unplugged token.

3SKey


6. Click Close to return to the Content tab.

Click Clear SSL State . Do not close the window.

7. Reinsert your 3SKey token.

Wait for 5 seconds and then click on Certificates .

If you see your corporate certificate in the list again, then you can try to log in to the portal.

If you can log in but still have problems with the signing application, then please contactyour bank or your signing application support provider.

If the token certificate is not in the list (that is, it is not detected), then check the following:

• Go to Start > All Programs. There should be a group called Swift Token Client presentin the list of programs. If it is not present, then you must install the token software onyour PC.

• Check that the token software (also called SafeNet Authentication Client) is running. Ifthe software is running, then you see the following icon in the notification area of thebottom-right corner of your task bar.

If the token software is not running, then you can start it manually as follows:

Go to Start > All Programs > SafeNet > SafeNet Authentication Client > SafeNetAuthentication Client.



06 March 2015 13


2.3 Website Security CertificateI receive a security warning about the website certificate after I click on login and enter thetoken password a first time

You receive this error message because some elements needed for the connection to the3SKey portal were not installed properly.

Procedure

1. Browse to Start > All Programs > Swift Token Client and run the SelfTest.

2. If the SelfTest does not exist, then download and install the latest version of the 3SKeysoftware. If you have a previous version then it will be updated automatically.

3. If the SelfTest indicates that the SWIFT CA certificate is missing, refer to the section "Installthe SWIFT CA Certificate" on page 4.

2.4 I cannot select the token on the login screen orthe password field is greyed out

I cannot select the token on the login screen or the password field is greyed out

If this window appears and you cannot select the unique ID of your token in the Token dropdown list, then check the following procedure.

3SKey


Procedure

1. Make sure that the token software has been properly installed on your PC and that thecomputer has been restarted after installation.

Check the menu Start > All Programs. If you see a submenu Swift Token Client, then thetoken software is present.

For more information about installing the token software, see the 3SKey Token InstallationGuide.

2. Check that Java is configured properly. You can check the latest self-help instructions onthe 3SKey portal.

3. Go to Start > All Programs > Swift Token Client > Self Test. You will need administratorrights to run the Self Test.

Check that all the Self Test results show as OK. If you are using a proxy, then make surethat your proxy settings are correctly configured as described in "System Configuration TestResults" on page 5.


2.5 I see multiple certificatesMultiple certificates display

The portal displays all of the certificates that are currently available on your system, andprompts you to select a certificate. You must select the 3SKey certificate, which corresponds tothe unique ID of the inserted token (corpxxxxxxxx).

If this does not solve the problem, then see the section "3SKey Support" on page 33 for thenext step.


06 March 2015 15



http://www.swift.com/3skey/help/java_installed.html

2.6 Java.lang.NullPointerExceptionJava.lang.NullPointerException

During login to the portal, you might see the following window.

Check that the token that you are using to log in has not already expired. You cannot log inusing an expired token. If your token has expired, then contact your 3SKey administrator torecover its Unique ID on a new token.

This error message can also appear if the system time and date or time zone settings are notcorrect. If necessary, check your system settings.

2.7 01253: Signature verification failed. Please use avalid token.

01253: Signature verification failed. Please use a valid token.

During login to the portal, you might see the following window.

This error displays if you attempt to login using a revoked token. Contact your 3SKeyadministrator.

3SKey


2.8 Token and/or password incorrect00021: Token and/or password incorrect

When you login to the 3SKey portal you need to provide your password once in a Token Logonwindow (twice if you are in a new browser session).

Then you need to provide it once more in the Login window below.

The password that you need to provide in the Login window is the same password as the oneprovided in the Token Logon window, but there are two situations when a correct passwordmight be rejected with error 00021: Token and/or password incorrect on the Login window.

The two situations are:

1. You have updated Java to version 8 or later but your version of the 3skey software is stillusing an outdated client (eToken PKI Client).

Please update your system to the most recent version: Token software upgrade.

2. The password contains non supported characters.

For the list of supported characters, see "Password rules" on page 25.

Note If you are not in one of the above situations then verify that the password wasentered properly. Restart the Internet Explorer browser and log back in to the3SKey portal to check that the same password is accepted in the TokenLogon window.


06 March 2015 17

http://www.swift.com/3skey/help/token_upgrade.html

http://www.swift.com/3skey/index.html

The 3SKey portal prevents you from setting non-supported characters on the token.However, you can set a password containing non-supported characters using the SafenetAuthentication Client software.

To modify the password again, right-click the icon in the system tray and click ChangeToken Password.

Once a valid password has been reconfigured, the best way to modify a token password isto log in to the 3SKey portal and click Change Password.

2.9 04221: Certificate on token to reset is in renewalwindow.

04221: Certificate on token to reset is in renewal window.

When you try to reset the certificate on the token, you might see the following window.

A token in the renewal window cannot be reset. Contact your 3SKey administrator to recover itsUnique ID on a new token.

3SKey


2.10 The web page cannot be displayed (Windows 7and 8)

Page cannot be displayed

If the following message appears, then you may need to disable the TLS 1.1 and TLS 1.2settings on the PC.

To disable the TLS settings refer to the procedure described in "Internet Explorer secureprotocols" on page 9.

If this does not work or the settings were already disabled, then your certificate is not beingdetected by the PC. To correct this, refer to the procedure in the section "I cannot see mytoken's certificate when I log in to the Treasury application, sign my files or log in to the 3SKeyportal" on page 11.

2.11 Java has discovered application componentsthat could indicate a security concern

Introduction

If you are running Windows Vista, Windows 7 or Windows 8 you could see the following errormessage when you attempt to log in to the 3SKey portal.

If you see this, then proceed as follows.

Procedure


The Java Control Panel opens.


06 March 2015 19

2. In the General tab, click Settings... .

The Temporary Files Settings window opens.

3. Click Delete Files... .

The Delete Temporary Files window opens.

4. Select Applications and Applets or Cached Applications and Applets (depending onthe version of Java that is installed).

Click OK .

3SKey


5. Restart Internet Explorer and try again to log in to the 3SKey portal.


2.12 Login FailedProcedure

If you see the following WatchforTokenRequest error message, then it is due to the version ofJava running on the PC.

You can either update your version of Java to the latest supported version here or adjust theJava security settings on the PC.

Adjust security settings


The Java Control Panel opens.

2. Select the Security tab.

Depending on your version of Java the procedure is different. If you see this screen, thenproceed as follows.


06 March 2015 21

http://www.swift.com/3skey/help/java_installed.html

If not, go to step 6 to continue.

3. Lower the slider to Medium.

4. Click Apply and close the Java Control Panel.

5. Restart Internet Explorer and try again to log in to the 3SKey portal.


3SKey


6. If you see this window, then proceed as follows.

Click Edit Site List...

7. The following window appears.

Click Add .

8. The following window appears.


06 March 2015 23

Add the address https://www.3skey.com as an exception.

Click OK .

Restart Internet Explorer and try again to log in to the 3SKey portal.


3SKey


3 Troubleshooting - 3SKey Portal

3.1 Password rulesOverview

The token is protected by a password. You use this password both to log in to the 3SKey portaland to sign your transactions.

Important The password does not expire, but SWIFT recommends that you change thepassword every three months.

To change the password, make sure that you are logged in with the token for which you want tochange the password. Then click the Key management menu and select theChange password menu item.

Password rules

Provide a strong password. Use the following guidelines when creating a password:

• the minimum length is four characters

• the maximum length is sixteen characters

• You can use the following characters:

– 0-9 A-Z a-z and space

– ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

• you must use at least two different characters. For example, you cannot set the password toaaaa or 11111

• you cannot use accented characters (for example, é or ö)

• you cannot reuse the current or previous password

3.2 Password on NG-Flash TokensLock.exe on NG-Flash tokens

NG-Flash tokens have a virtual CD drive that holds a lock.exe application.

This application protects the files located on the Flash partition of the token with a password.This password is not linked to the password used to access the certificate on the token andlocking the Flash partition has no impact on the signing operations performed with the token.

Troubleshooting - 3SKey Portal

06 March 2015 25

Password on NG-Flash tokens

If a password has been set on the NG-Flash partition, then the following window appears eachtime the token is plugged in.

If you click the disable password icon a password prompt appears and the Flash partition isautomatically unlocked.

With the password feature active, you must enter the password each time the token is pluggedin. If six wrong passwords are entered, then the Flash partition is formatted and unlocked.

The following window appears.

If this happens, then all files stored on the Flash partition are deleted. However, this has noimpact on the certificate and the token can still be used to sign as before.

3.3 Password Error MessagesWhere can I find the password that I need to connect to the 3SKey portal for the first time?

3SKey User - If you received your token from your 3SKey administrator, then contact him forthe password.

3SKey Administrator - If you did not receive a default password with the new tokens that youreceived from your 3SKey distributing bank, then contact your bank for the password.

I entered my password and nothing happened. I still see the token logon window

The first time that you connect to the 3SKey portal on a given PC, you receive three prompts toenter the token's password: twice in the Token Logon window, then once more on the portalitself.

These passwords have different purposes:

• The first password entry is for client authentication while establishing the connection to thesecure web site.

• The second password entry is to perform the client authentication for Java. This establishes aseparate HTTPS connection to the 3SKey portal secure web site in order to download theapplet.

When the applet is downloaded, it will be cached and so you will no longer see this passwordprompt.

3SKey


• The third password entry is the authentication to the 3SKey portal itself.

If you are logging back in to the 3SKey portal from the same PC:

• from within the same browser session, then the password is required only once.

• from a new browser session, then the password is required twice.

I receive an error message after entering my password

Check that you entered your password according to the password rules.

If the token is not activated, then check with your 3SKey administrator for the password.

If the token is activated, then the password is the one that you chose during activation.

If you have any doubts about the activation status of your token check with your 3SKeyadministrator.

If you get error 00021 Token and/or password incorrect when you enter your password and youhave doubts about your password, then please restart your browser before trying to login again.In a new browser session, the portal displays the Token Logon window, which indicates howmany attempts are remaining and whether your token is locked.

I have forgotten my password. Can someone reset it?

Yes, please refer to the 3SKey Portal User Guide for Corporates for the reset procedure.

You have five attempts to enter the password. After five consecutive incorrect attempts, theportal locks the token and you will have to reset it.

Why does a token get locked?

If you enter five consecutive incorrect passwords, then the token locks. Whenever you enter thecorrect password, the count of incorrect passwords restarts at 0.

If your token is locked, then an administrator will have to set up the token for reset and then theuser must complete the reset. Refer to the 3SKey Portal User Guide for Corporates for the resetprocedure.

How can I tell if my token is locked?

Go to SAC tools > Advanced View, select SWIFT PDI and check the line "Token Passwordretries remaining". If the number is equal to 0, then your token is locked.


06 March 2015 27

https://www2.swift.com/uhbonline/books/public/en_uk/3sk_ptl_ug_corp/index.htm


When a token is locked, the 3SKey administrator will have to set up the token for reset and theuser must reset it.

Password lost or token locked

If the token owner lost his password, or if the token is locked because the password wasentered incorrectly five times, then the token must be reset. In this case, a new token is notrequired.

To reset the token, please refer to the 3SKey Portal User Guide for Corporates.

Token lost, damaged or expired

In this case, you must recover the certificate on a new token.

To recover the token, please refer to the 3SKey Portal User Guide for Corporates.

3.4 Your 3SKey Portal Session Ends When YouAuthorise a Pop-up

Why is my portal session terminated?

When you click the link to the 3SKey portal online help, the portal opens a pop-up window todisplay the help.

If the Internet Explorer Pop-up Blocker is turned on, then you are prompted to authorise thepop-up. If you click Authorize , then your portal session is terminated and you are returned to the

3SKey




portal landing page. This behaviour is standard for Internet Explorer, because enabling a pop-up forces a refresh of the page.

Please re-enter your password to log back in. When you next access the portal online help, noauthorisation is required.

To avoid this happening, you must allow Internet Explorer to allow pop-ups from 3SKey.

Allow pop-ups from 3SKey

To allow pop-ups from 3SKey in future, you can add the portal to the list of allowed sites in thePop-up Blocker Settings:

1. In Internet Explorer, select Tools > Pop-up Blocker > Pop-up Blocker Settings.

The Pop-up Blocker Settings window appears.

2. In the Address of website to allow field, type https://www.3skey.com/:

3. Click Add .

The address is added to the Allowed sites list.

4. Click Close .

3.5 Failure to download the Security Code usingInternet Explorer 9 or higher

Overview

During your token activation on the 3SKey portal you must download the code.txt file thatcontains the security code for your token.

If you are using Internet Explorer 9 or higher, you might encounter the following error messageon the Generate security code page:


06 March 2015 29

To fix this, you must deactivate the option Do not save encrypted pages to disk.

In Internet Explorer, go to Tools > Internet Options > Advanced > Security and click to clearthe check mark from the option Do not save encrypted pages to disk.

Click OK .

3.6 I need to use my token on a USB port that iswrite-protected

Description

The USB port used for your token should not be write-protected. However, if there is a need touse the token on a USB port that must be write-protected, then proceed as follows.

1. Open the Windows Registry Editor and navigate to the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies.

2. Create a new DWORD under this key and name it WriteProtect.

3SKey


3. Give it a value of 1.

The USB ports on your computer are now read-only.

To deactivate the read-only mode, change the value of the WriteProtect key to 0.

3.7 Incorrect Locked Token display during ResetToken reset

If you are running an older version of the 3SKey software that uses the eToken PKI Clientinstead of the newer Safenet Authentication client, then when you try to reset a locked token thefollowing window appears.

The portal does not detect that the token is locked and returns a value of No in this field.

So, because the portal does not detect that the token is locked, the user must manually selectthe option I do not know the token password and continue with the reset, otherwise thepassword will not be reset. For the reset procedure refer to the 3SKey Portal User Guide forCorporates > Set Up a Token for Reset.

To fix this problem, SWIFT recommends that you upgrade to the latest version of the 3SKeysoftware. You can do this by upgrading your token software on the 3SKey portal.

3.8 When can I not reset a token?04221: Certificate on token to reset is in renewal window.

You cannot reset a token that is expired, revoked, or that got locked during its renewal window.

For example, if you try to reset the certificate on a token that is in the renewal window, then youwill see the following.


06 March 2015 31

https://www2.swift.com/go/book/book122078/prot140877/html

https://www2.swift.com/go/book/book122078/prot140877/html

http://www.swift.com/3skey/help/token_upgrade.html

In all cases, contact your 3SKey administrator to recover the certificate's Unique ID on a newtoken.

3SKey


4 3SKey SupportSupport for 3SKey customers

This section describes the types of help that SWIFT provides to 3SKey users.

SWIFT is the single point of contact to report all problems and queries that relate to the 3SKeytoken installation, activation and management on the 3SKey portal.

For all other questions corporate customers should contact their bank.

Please take the following steps to resolve your problem:

1. Consult the 3SKey Troubleshooting Guide.

If this does not solve the problem, then go to the next step.

2. Consult the self-help links on the portal.

To access 3SKey self help, go to www.3skey.com, click Need help logging in?.

The list of 3SKey self help topics appears.


3. Check the table below to determine the most appropriate contact point.

Type of problem Contact SWIFT Contact Bank

Activated token registration X

Activation password for newtokens

X

Install token software X

Log in to the 3SKey portal X

Managing the token on the3SKey portal(1)

X

Order tokens X

Password, after activation X

Transaction rejected X

Treasury / signing application(certificate configuration)

X (or treasury / signingapplication)

Treasury / signing application(general issues)

X (if log in to the 3SKey portalis not possible)

X (if log in to the 3SKey portalis ok, then contact bank orvendor of the treasury / signingapplication)

(1) Token management includes "user group creation, user group management, activation, change password,

generate security code, add user, recovery, reset, renewal, revoke".

If the appropriate point of contact is an entity other than SWIFT, then contact as stated.

If the appropriate point of contact is SWIFT, then go to the next step.

4. Contact 3SKey e-mail support (see the E-mail support section below).


5. Contact a support analyst (see the Telephone support section below).

3SKey Support

06 March 2015 33


http://www.swift.com/3skey/help/index.html

E-mail support

If you have not been able to resolve your problem with the 3SKey Troubleshooting Guide orwith the 3SKey self help, then you can send an e-mail to [email protected].

Please include the following information in the mail message. A support analyst will investigateyour problem and contact you.

Note The analyst will provide you with a case number that you must keep for reference ifyou need to call the support help line.

1. Contact information

– First name and family name

– E-mail address

– Telephone number

– Mobile phone number

– Company name

– Clear description of the problem

– Serial number displayed on the token

2. What action are you performing on the 3SKey portal?

– Installing the token software

– Creating a user group

– Logging in

– Activation

– Recover

– Revoke

– Reset

– Renewal

3. What error message did you receive?

4. What is your role on 3SKey and are you the owner of the token?

Important Please zip and attach the installation log files to the e-mail.

Here are the default locations where you can find the log files depending on the version of theinstaller that you used :

• 3SKey_token_install.exe (released in March 2013)

– C:\Program Files\Swift\Swift Token Client\logs (32-bit system)

– C:\Program Files (x86)\Swift\Swift Token Client\logs (64-bit system)

• SwiftTokenClient-2.0x64wrapper.exe or SwiftTokenClient-2.0x32wrapper.exe (released inFebruary 2012)

3SKey



http://www.swift.com/3skey/help/index.html

– C:\Program Files\Swift\Swift Token Client 2.0\logs

• 3SKeyinstall.exe (prior to February 2012)

– C:\Program Files\3SKey\logs\

If you have not installed the 3SKey software yet, then please provide your operating systemdetails. These details must be the version and service pack of Windows, the version of internetexplorer and the version of Java that you are using.

Telephone support

If your question cannot be solved by any of the above means, then you can call a supportanalyst. Our support analysts are available to help you during business hours from Monday toFriday.

Asia-Pacific: +33-1 57 32 35 36 from 09:00 to 12:00 and from 14:00 to 17:00 CET (GMT+2)

Europe, MiddleEast & Africa:

+33-1 57 32 35 36 from 09:00 to 12:00 and from 14:00 to 17:00 CET (GMT+2)

Americas: +1-540 727 1685 from 09:00 to 18:00 EST (GMT-4)

3SKey Support

06 March 2015 35

Legal Notices

Copyright

SWIFT © 2015. All rights reserved.

Disclaimer

The information in this publication may change from time to time. You must always refer to the latestavailable version.

Translations

The English version of SWIFT documentation is the only official and binding version.

Trademarks

SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: the SWIFTlogo, SWIFT, SWIFTNet, Accord, Sibos, 3SKey, Innotribe, the Standards Forum logo, MyStandards, andSWIFT Institute. Other product, service, or company names in this publication are trade names, trademarks,or registered trademarks of their respective owners.

3SKey


Documents

3SKey - Troubleshooting Guide · The following table shows the changes to the March 2014 release of the 3SKey Troubleshooting Guide, ... • Windows 7 (32-bit or 64-bit), optionally