Known Issues or Errors
What is browser capability for FIDO Security Keys?
The following browsers are supported:
– Google Chrome
– Microsoft Edge
– Firefox
– Safari
The following browsers are NOT supported:
– Internet Explorer
– Google Chrome
– Microsoft Edge
– Firefox
– Safari
The following browsers are NOT supported:
– Internet Explorer
What do I do if the Security Key option does not display in my browser?
This could mean the browser or system policy blocks WebAuthn/CTAP2 access, preventing FIDO from displaying. Confirm you are on
Chrome, Edge, or Firefox (latest 2 versions) and supported OS. Ensure key inserted before setup. If the Security Key option is still missing, work with IT/Security to verify WebAuthn/CTAP2 or USB/NFC are not restricted.
Chrome, Edge, or Firefox (latest 2 versions) and supported OS. Ensure key inserted before setup. If the Security Key option is still missing, work with IT/Security to verify WebAuthn/CTAP2 or USB/NFC are not restricted.
I’m receiving a PIN Not Set or Incorrect PIN error when I authenticate. What do I do?
This error could mean a PIN was not created during the initial set-up process OR too many failed attempts were made, thus locking the key. You may be re-prompted to set a PIN after repeated failures. If you are not prompted to set-up a new PIN or you lock your token, use the vendor utility (YubiKey Manager) to reset the PIN. After you reset the PIN, re-register the key and create a new PIN.
I’m receiving a Browser or Version Incompatibility error. What do I do?
This means you are using an outdated browser or have restricted WebAuthn support. To fix this, update your browser to the latest two versions of Chrome, Edge, FireFox, or Safari (16+). You must then restart the browser and ensure WebAuthn is enabled.
Partially Registered FIDO / Passkey Token
Issue: In some cases, a FIDO security key (passkey) may become partially registered during setup. When this occurs, the key cannot be re-registered by the user without Support intervention.
Who is Impacted: Users attempting to register a FIDO / passkey credential when their account or subscription does not include FIDO / Passkey support, or when registration is interrupted before completion.
User-Visible Symptoms:
Users may see one or more of the following:
– “Try a different device. You already registered this device. You don’t have to register it again.”
– Registration fails immediately on retry
– The security key appears unusable despite never completing setup
– “Try a different device. You already registered this device. You don’t have to register it again.”
– Registration fails immediately on retry
– The security key appears unusable despite never completing setup
Root Cause:
The system begins the FIDO registration process and creates a credential record before licensing or policy validation is fully completed. When registration fails mid-process, a partial credential remains associated with the user.
This prevents subsequent registration attempts with the same physical key.
This prevents subsequent registration attempts with the same physical key.
What Should Users Know?
Retrying registration, switching browsers, or using another computer will not resolve this issue. The partial registration must be removed by Support before the key can be registered again.
What Information Users Should Provide to Support: To resolve the issue quickly, users should provide:
– Screenshot of the error message
– Security key model
– AAGUID (if available)
– Browser and operating system used
– Approximate time the error occurred
What Information Users Should Provide to Support: To resolve the issue quickly, users should provide:
– Screenshot of the error message
– Security key model
– AAGUID (if available)
– Browser and operating system used
– Approximate time the error occurred
How Will Support Resolve the Issue?
Support will:
– Verify whether the user’s license includes FIDO / Passkey support
– Remove the partially registered credential from the system
– Confirm entitlement updates if a license change is required
– Guide the user to re-register the security key successfully
– Verify whether the user’s license includes FIDO / Passkey support
– Remove the partially registered credential from the system
– Confirm entitlement updates if a license change is required
– Guide the user to re-register the security key successfully
What is the Status or Workaround for this Issue?
This is a known issue. Improvements are planned to prevent partial registrations and provide clearer user messaging when licensing prerequisites are not met.
There is no user-side workaround. Support cleanup and license validation are required.
There is no user-side workaround. Support cleanup and license validation are required.
Additional Notes:
This issue does not indicate a problem with the physical security key. Once the partial registration is removed and licensing is correct, the same key can be reused.
Extract AAGUID
How to Extract Your AAGUID and Device Details
This steps below explain how to extract the AAGUID and device details from your FIDO/passkey security key. Support uses this information to confirm device compatibility and troubleshoot registration issues.
Step 1. Open FIDO2 Key Data Explorer
Open the following link in a supported browser: https://tools.token2.com/fido2/info/index.php
(We recommend using the following browsers, Chrome or Edge).
You should see a page titled ‘FIDO2 Key Data Explorer.
(We recommend using the following browsers, Chrome or Edge).
You should see a page titled ‘FIDO2 Key Data Explorer.
Step 2. Connect your Security Key
Insert your FIDO security key into your computer’s USB port, or prepare to tap via NFC if your key supports it. Leave the key connected during the process.
Step 3. Retrieve Device Data
1. Click the ‘retrieve data’ button
2. When prompted by your browser, select ‘Security Key’
3. Touch the key or press its button when it blinks
4. Enter your PIN if prompted
2. When prompted by your browser, select ‘Security Key’
3. Touch the key or press its button when it blinks
4. Enter your PIN if prompted
Step 4. Locate AAGUID and Device Information
After completion, scroll to the Summary section and capture the following:
– Name (example: YubiKey 5 Series with NFC)
– AAGUID (example: d7781e5d-e353-46aa-afe2-3ca49f13332a)
– Supported Protocols
– Certifications (if shown)
Note: You may see ‘Failed or not a Token2 Device’. This is expected for non-Token2 keys and does not indicate an issue.
– Name (example: YubiKey 5 Series with NFC)
– AAGUID (example: d7781e5d-e353-46aa-afe2-3ca49f13332a)
– Supported Protocols
– Certifications (if shown)
Note: You may see ‘Failed or not a Token2 Device’. This is expected for non-Token2 keys and does not indicate an issue.
Step. 5 Verify Device is Supported
Check whether your key appears on our accepted authenticator list:
https://www.myexostar.com/knowledge-base/accepted-passkey-authenticators/
If your device is listed, include that confirmation when contacting Support. If not listed, still provide the AAGUID.
https://www.myexostar.com/knowledge-base/accepted-passkey-authenticators/
If your device is listed, include that confirmation when contacting Support. If not listed, still provide the AAGUID.
Step 6. Provide Information to Support
When contacting Support, include:
– The AAGUID
– Device name/model
– Screenshot of the tool results
– The error message you encountered during registration
– The AAGUID
– Device name/model
– Screenshot of the tool results
– The error message you encountered during registration
Important Notes: The AAGUID identifies the device type, not you. No personal information is exposed. If a key is partially registered, Support may need to remove it before you can re-register.