How to Help End Users with 604010 Error Issues
Written for: Campus Help Desks
On Sept 7, 2008, UCLA implemented a security measure in its web single sign-on service (ISIS) to protect the community from identity theft. This change protects an individual's authenticated web sessions by periodically verifying that their internet address, or "IP address", remains consistent. Shifting address is a potential sign that a hacker may have comprised the user's session and is accessing resources using their credentials from a different location.
However, some ISPs such as AOL serve user sessions using pooled IP addresses. This practice, along with some alternate network configurations, may cause an individual's address to change when visiting web sites, thus causing the single sign-on session to terminate. Follow these instructions if you suspect a user is encountering a 604010 error:
First, if you have not done so, collect the user's contact and platform information:
- User's Name.
- User's Logon ID.
- The name of the site the user is signing onto.
- The approximate time of the error.
- User's location (home, office, on/off campus etc.)
- Network information:
- Is the user using a wireless connection?
- Is the user using a VPN connection?
- Who is the ISP?
If the user is off campus, try the following troubleshooting steps with the user:
- Close all browsers.
- If the user is connected to a VPN, disconnect from VPN.
- If the user is a student or employee, ask the user to VPN to a UCLA VPN server. If required, the Bruin Onling VPN software is available at http://www.bol.ucla.edu/services/vpn/.
- Once successfully VPN'd in, open the browser and hit the web site user is trying to reach.
- Log in.
If the user continues to experience login problem, ask the user to take and submit a screen capture of the error to you. Once you receive the screen capture, submit it along with the user information you've captured to iamucla at ucla.edu (mailto:email@example.com?subject= experiencing 604010 error from off campus)
If the user is on campus, please do the following:
- Collect the user's exact location, as in the Building and Room number.
- If possible, find out the name of the CSC responsible for that location.
Note: Due to the particular network configuration between the Medical Enterprise (this may include some Life Sciences networks) and AIS networks, users coming from the Medical Enterprise networks may see increased incidents of 604010 errors. We have a way to work around the issue, but we need to know the IP address the user is coming from. If you have/can get that information, please by all means help us by collecting it as well.
Submit the information along with the rest to iamucla at ucla.edu (mailto:firstname.lastname@example.org?subject= experiencing 604010 error from on campus)
Download the Bruin Online VPN Software
Original posting on reinstating the IP Checking Rule
Developer's Guide to Handling 604010 Errors (for campus technical support staff)