Troubleshooting "Failed connecting to the YubiKey. Make sure the application has the required permissions." in YubiKey Manager


Following are scenarios where the error "Failed connecting to the YubiKey. Make sure the application has the required permissions." can appear in YubiKey Manager, as well as what to do in each case.

In versions 1.2.0 and newer of YubiKey Manager, the following error messages may appear instead:

 

      • Unknown error: Failed to open device for communication: -536870174
      • No YubiKey present

 

Windows

You attempt to open Applications > FIDO2

Due to API changes in recent versions of Windows 10, in order to access FIDO protocols, YubiKey Manager needs to be run as administrator. This can be done by right-clicking the app's shortcut, and then clicking Run as administrator.

 

You plug in a Security Key by Yubico or a Security Key NFC, but the key is not detected

Since our Security Keys support FIDO protocols only, and API changes in recent versions of Windows 10 have restricted access to FIDO protocols so administrator elevation is required, YubiKey Manager needs to be run as administrator in order to detect a Security Key. This can be done by right-clicking the app's shortcut, and then clicking Run as administrator.

 

When using Remote Desktop Protocol (RDP)

This error will appear under certain circumstances when running YubiKey Manager within an RDP session. As an example, say you are remoting from Windows computer A to Windows computer B.

 

If a YubiKey is inserted and redirected from Windows computer A, you will receive this error when attempting to open ApplicationsOTP and ApplicationsFIDO2 (even if you run as administrator), but not when opening Applications > PIV.

 

If a YubiKey is inserted into Windows computer B, you will receive this error message only when attempting to open ApplicationsPIVApplicationsOTP and ApplicationsFIDO2 should open correctly, although you still need to run YubiKey Manager as administrator for FIDO2.

 

The cause of these phenomena is unfortunately outside of our control. If you need to manage the YubiKey's PIV function within an RDP session, you should plug the key in to the computer you are remoting from (Windows computer A). If management of OTP or FIDO is needed within RDP, the YubiKey should instead be plugged in to the computer you are remoting to (Windows computer B).

 

macOS

You are running macOS Catalina, and you attempt to open Applications > OTP

macOS Catalina includes a new security feature that requires YubiKey Manager to be granted Input Monitoring permission before it will be able to open the YubiKey's OTP application (this is because the YubiKey's OTP application is essentially a USB keyboard). To grant YubiKey Manager this permission:

 

  1. Quit out of YubiKey Manager completely (YubiKey Manager > Quit YubiKey Manager, or press ⌘+Q on your keyboard with the YKM window in focus).
  2. Open System Preferences.
  3. Click Security & Privacy.
  4. Click the Privacy tab.
  5. Scroll down until you see Input Monitoring and select it.
  6. Click on the padlock in the lower-left corner and authenticate so you are able to make changes.
  7. Click the + button.
  8. In the window that appears, select Applications in the left column if it is not already selected, then scroll down to and select YubiKey Manager. Click Open.
  9. Make sure YubiKey Manager now appears in the list of apps with Input Monitoring permission with its box checked.
  10. Click the padlock again to prevent further changes.

Once this has been done, you should be able to open Applications > OTP after reopening YubiKey Manager.

 

You are running macOS Catalina or older, and you attempt to open Applications > PIV

Under macOS Catalina and older, an issue may occur intermittently that will prevent one from opening Applications > PIV in YubiKey Manager with one of the errors above. Apple has released a fix for this that is currently only available for macOS Big Sur. For older versions of macOS, it should be possible to work around the issue by reinserting the YubiKey (sometimes multiple times), or rebooting the Mac.

 

Linux

You see this error after running a Terminal command beginning with ykman otp

Udev rules need to be added to your Linux installation in order for YubiKey Manager to be able to interact with the YubiKey's OTP application. Please refer to this article for instructions on how to do this.