Problem:
The contents of AirKey control panel is not displayed when the panel is opened. However, no error occurs.

Cause:
The interface of Indeed AirKey Enterprise control panel is implemented using Qt Quick 2 dynamic library, which requires OpenGL and hardware graphics acceleration. These might not be supported in some PC and OS configurations. 

Solution:
To use Qt Quick 2 in configurations with no OpenGL support, you need to resort to Qt Quick 2D Renderer.
To enable Qt Quick 2D Renderer, add QMLSCENE_DEVICE variable to OS environment parameters and set this variable to softwarecontext value.
The QMLSCENE_DEVICE variable can be propagated to all computers of a domain via group policies or manually by editing the registry (see the example below or use the attached QMLSCENE_DEVICE.reg file):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"QMLSCENE_DEVICE"="softwarecontext"

The workstation has to be restarted after making changes.

Problem:
An error occurs when attempting to issue a card:

Failed to connect an AirKey card
Timeout

However, a card can be successfully issued via management console (icm application) within RDP session from the same workstation.

Cause:
An AirKey card cannot be issued via Self Service when connected via RDP. This happens due to some features of using smart cards in terminal sessions: you have to connect a card somewhere to forward it via RDP. With hardware card, it can be a USB port of hardware workstation. But AirKey card is created exactly at the moment of issuance. And Indeed СМ servers waits for a token to be connected to the workstation and forwarded via RDP. But this is not possible, since the created virtual token is beyond this RDP session.

However, an AirKey can be issued via administrator console (icm) within RDP session, since Middleware is not used in this case: the card is issued on the AirKey server and PCs are added to the card without physical connection to a workstation.

Solution:
To issue an AirKey via Self Service, you have to use a local session on a workstation with AirKey Runtime and AirKey Middleware installed. If it is necessary to issue an AirKey from a virtual or remote workstation via Self Service, then you have to use TeamViewer or similar tool to connect to that workstation.

Description:

1. The AirKey Enterprise data storage resides in MSSQL. MSSQL account is used to login to database.
2. The AirKey Enterprise data storage resides in Active Directory. Active Directory user service account is used to connect to storage.

Problem:
The following error occurs while configuring the Indeed AirKey Enterprise via Indeed CM.

Setup Wizard:
HTTP 500 - Internal Server Error

Cause:

1. For MSSQL:
    - SQL Server and Windows Authentication mode is disabled
    - The account used for connection does not have db_owner privilege for the SQL database.
    - Error in Indeed AirKey Enterprise server configuration file.
2. For Active Directory - The service account probably does not have privileges for container where the data storage resides.

Solution:

1. For MSSQL:
   - Run Microsoft SQL Server Management Studio, connect to SQL server, open its Properties and switch to Security tab. Enable SQL Server and Windows Authentication mode and restart the MSSQLSERVER service.
   - Run Microsoft SQL Server Management Studio, connect to SQL server and switch to Security - Logins. Switch to User Mapping section of account properties and add db_owner permission, then click OK.
   - Verify the Web.config file of AirKey server:
   • It might be that quotation mark, a character or a part of  <...></...> tag is accidentally deleted in the  <connectionStrings>...</connectionStrings> section.
   • <Add.../> parameters might be deleted partially or completely.
   • A mistype is possible in parameter names (Server, Initial Catalog, Integrated Security, User ID, Password).
   • Data for connection to database might be incorrect.
2. For Active Directory, allow for full access to container with data storage and all of its child objects.

Problem:
You receive an error message when you try to issue an AirKey card in Self Service:

This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server

Solution:
The reason may be the lack of a reverse lookup DNS zone in your infrastructure. Having a reverse lookup zone is a prerequisite for using Indeed AirKey Enterprise.

Question: 
How a document is signed with a certificate when Indeed AirKey is used?

Answer:
To sign a document with digital signature, the document (a letter, file etc.) in question is hashed at first by standard means Microsoft Base CSP at the client side (user workstation). The document hash is sent to the AirKey Enterprise server to sign. The AirKey does not perform any operations with the document itself. The AirKey server performs digital signing and data decryption operations that require private key. In case of Indeed AirKey Enterprise, the certificate private key always resides in the Indeed AirKey Enterprise data storage (Microsoft SQL database or Active Directory) that the server interacts with. HTTPS protocol is used for connection between the client and AirKey Enterprise server. The operations that do not require private key and can be performed with public key only, are executed in Microsoft Base CSP at the client side.

Problem:
When using the AirKey card for connecting via RDP (from any OS) to workstations running Windows 7, 8, 2008 R2 and 2012 R2, the Indeed AirKey Enterprise control panel closes with an OpenGL error if you try to open it after installing the RDP connection:

Cause:
The Indeed AirKey Enterprise control Panel interface is implemented using the Qt Quick 2 library, which requires OpenGL and hardware graphics implementation, which are not supported in RDP for all versions of Windows prior to Windows 10. This is the cause of the error.

Solution:
To use Qt Quick 2 in configurations with no OpenGL support, you need to resort to Qt Quick 2D Renderer.
To enable Qt Quick 2D Renderer, add QMLSCENE_DEVICE variable to OS environment parameters and set this variable to softwarecontext value.
The QMLSCENE_DEVICE variable can be propagated to all computers of a domain via group policies or manually by editing the registry (see the example below or use the attached QMLSCENE_DEVICE.reg file):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"QMLSCENE_DEVICE"="softwarecontext"

Variable setting is required only for workstations to which users connect via RDP (terminal servers), with the OS version lower than Windows 10 / Windows Server 2016. Restart the workstation after making changes.

Problem:
The installation of Indeed AirKey Runtime is completed prematurely.

Cause: 
The reason may be the outdated version of the User-Mode Driver Framework (UMDF). When installing a component, Windows tries to download a new version, but cannot do it (Windows Update service is disabled or there is no connection to the Internet) and the installation ends with an error.

Solution:
Try installing the User-Mode Driver Framework version 1.11 or later manually and then reinstalling the AirKey Runtime.
Download UMDF from Microsoft Download Center.