The following are scenarios where the error "Failed connecting to the YubiKey. Make sure the application has the required permissions." can appear in YubiKey Manager, as well as what to do in each case. As an alternative, consider trying Yubico Authenticator instead.
In versions 1.2.0 and newer of YubiKey Manager, the following error messages may appear instead:
-
- Unknown error: Failed to open device for communication: -536870174
- No YubiKey present
Windows
You attempt to open Applications > FIDO2
Due to API changes in recent versions of Windows 10/11, in order to access FIDO protocols, YubiKey Manager needs to be run as administrator. This can be done by right-clicking the app's shortcut, and then clicking Run as administrator.
You plug in a Security Key by Yubico or a Security Key NFC, but the key is not detected
Since our Security Keys support FIDO protocols only, and API changes in recent versions of Windows 10 have restricted access to FIDO protocols so administrator elevation is required, YubiKey Manager needs to be run as administrator in order to detect a Security Key. This can be done by right-clicking the app's shortcut, and then clicking Run as administrator.
When using Remote Desktop Protocol (RDP)
This error will appear under certain circumstances when running YubiKey Manager within an RDP session. As an example, say you are remoting from Windows computer A to Windows computer B.
If a YubiKey is inserted and redirected from Windows computer A, you will receive this error when attempting to open Applications > OTP and Applications > FIDO2 (even if you run as administrator), but not when opening Applications > PIV.
If a YubiKey is inserted into Windows computer B, you will receive this error message only when attempting to open Applications > PIV. Applications > OTP and Applications > FIDO2 should open correctly, although you still need to run YubiKey Manager as administrator for FIDO2.
The cause of these phenomena is unfortunately outside of our control. If you need to manage the YubiKey's PIV function within an RDP session, you should plug the key in to the computer you are remoting from (Windows computer A). If management of OTP or FIDO is needed within RDP, the YubiKey should instead be plugged in to the computer you are remoting to (Windows computer B).
When creating a CSR
The error message may appear when creating a CSR with incorrect values for the Subject field. As an alternative, the CSR can also be created using Yubico Authenticator for Desktop by going to Certificates > Authentication > Generate Key, or the CSR can be created by using ykman, the command line version of YubiKey Manager.
macOS
You are running macOS Catalina or newer, and you attempt to open Applications > OTP
Starting in macOS Catalina, Apple includes a new security feature that requires YubiKey Manager to be granted Input Monitoring permission before it will be able to open the YubiKey's OTP application (this is because the YubiKey's OTP application is essentially a USB keyboard). To grant YubiKey Manager this permission:
- Quit out of YubiKey Manager completely (YubiKey Manager > Quit YubiKey Manager, or press ⌘+Q on your keyboard with the YKM window in focus).
- Open System Preferences.
- Click Security & Privacy.
- Click the Privacy tab.
- Scroll down until you see Input Monitoring and select it.
- Click on the padlock in the lower-left corner and authenticate so you are able to make changes.
- Click the + button.
- In the window that appears, select Applications in the left column if it is not already selected, then scroll down to and select YubiKey Manager. Click Open.
- Make sure YubiKey Manager now appears in the list of apps with Input Monitoring permission with its box checked.
- Click the padlock again to prevent further changes.
Once this has been done, you should be able to open Applications > OTP after reopening YubiKey Manager.
If you are still unable to access the OTP application, try rebooting your computer.
You are running macOS Catalina or older, and you attempt to open Applications > PIV
Under macOS Catalina and older, an issue may occur intermittently that will prevent one from opening Applications > PIV in YubiKey Manager with one of the errors above. Apple has released a fix for this that is currently only available for macOS Big Sur. For older versions of macOS, it should be possible to work around the issue by reinserting the YubiKey (sometimes multiple times), or rebooting the Mac.
Alternative causes in macOS
Since the YubiKey's OTP application works like a USB keyboard, pieces of software that modify keyboard operation (examples listed below) can interfere with YubiKey Manager's ability to communicate with the YubiKey, resulting in the aforementioned error. If you discover that this error is caused by an application that is not listed below, please feel free to let us know by clicking Send us feedback on this article at the bottom of this page, and fill out the resulting form.
Linux
You see this error after running a command beginning with ykman otp, or when attempting to open Applications > OTP
You may need to follow one or both of the following steps in order for your Linux installation to be able to interact with the YubiKey's OTP function.
- Follow the steps in this article to add udev rules to your system.
- Install the libyubikey-udev package, or equivalent for your distribution, which adds additional udev rules.
- If this package is not available for your distribution, you can instead add these udev rules manually.