Back to Oracle Special Services
section of the secure network site

UVa Rainbow iKey Hardware Token
Oracle Special Services VPN Process and Troubleshooting


Overview of the Process and LSP actions
  1. Upon learning that one of your users has been told that they need Oracle Special Services VPN access, you can send a message to secnet-info@Virginia EDU and request a Rainbow iKey hardware token.

  2. You will receive an email back when the iKey token is ready to be picked up.

  3. The token may be picked up by either the end user or the user's LSP. If the user picks up the device, ITC staff will check the user's photo id and have the user sign the ITC Rainbow iKey Digital Certificate Form. If the LSP comes to pick up the iKey, they sign for the device and are then responsible for checking the user's photo identification and having the user sign the form. In this case the LSP signs the form as the "registrar" at the bottom of the form.

  4. Once the token has been received, the LSP helps the user install the iKey software and change the initial iKey device password.

  5. Once the signed form has returned to ITC and the iKey's password has been changed, the LSP can request that we activate the user's token for access to the Oracle Special Services VPN. The LSP requests account activation via and email to networks@Virginia EDU

Troubleshooting Procedures
  1. The first step is to determine if the problem is related to the VPN or the Rainbow iKey device.
    1. Does Step 3 of the installation instructions work? If so, it means that the Rainbow iKey software on the user's computer is able to see the iKey device. If this does not work and it had been working in the past, a simple system reboot may be all that is needed. You need to have this working before moving on to test other aspects of the system.
    2. If the above Step A is working, please try the web-based test at Step 3 of the installation instructions. If the web-based test is successful, the problem is most likely with the VPN client installation itself and not with the Rainbow iKey device or its software drivers.

  2. If the tests in Steps 1A and 1B above are successful, but VPN connections still fail, the problem is likely with the VPN itself and not with the iKey system.
    1. If your problem appears to be intermittent, remember that the iKey must be connected to your USB port for several seconds before you start the Cisco VPN client. Windows must have time to detect the iKey device and register its certificates before the VPN client is started.
    2. Verify the use configuration settings (Steps 6A through 6F) in the installation instructions.
    3. On the Cisco VPN client, select the Certificates tab, click on the certificate from the UVa High Assurance CA (a certificate in the Microsoft store that does not contain a number after the person's name) to highlight it, and press the Verify button. If the verify test fails, you are likely missing one of the certificates that are normally installed in Steps 1A an 1H.
    4. Try temporarily disabling the Windows XP or 3rd party firewall and see if the VPN connection succeeds. If so, the PC being used does not have the correct set of ports open in its firewall configuraton for the VPN connection to work. Changing the VPN client's transparent tunnel setting from TCP to UDP may enable the connection. You can also use the ITC Microcomputer Systems Group's Windows firewall configuration script to enable the needed set of ports.

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.