SafeNet Authentication Client (SAC) is middleware software by Thales — one of the most commonly used solutions for working with USB tokens in Montenegro. When SAC or the token it runs stops working, access to the Tax Administration portals (IRMS), eGovernment, SEP and electronic signing of PDF documents grinds to a halt. Understanding what really lies behind "the token doesn't work" is the first step to getting back to normal quickly.
⚠ Common symptoms that indicate a problem
In practice the same problem can show up in several different ways — from the token being completely invisible to a failure only at the moment of signing. The most common states:
- •Token is not in the SAC Tools list even though it is physically plugged into the USB port
- •The error "Buffer can not be empty" or a similar hang during signing
- •The certificate is not offered when logging in to IRMS, SEP or eGovernment
- •The token worked on the old computer, but after a new laptop or a Windows 11 upgrade it no longer works
- •"Unknown Device" or a yellow exclamation mark in Device Manager
What must be set up correctly
For a SafeNet token to work with portals and applications at all, the system requires several mandatory conditions — each of them a frequent source of problems when skipped or done incorrectly:
- 1 SafeNet Authentication Client (SAC) installed from the official Thales/SafeNet site, in a version compatible with your Windows. Without this software the token is just an unknown USB device to the system.
- 2 A clean system with no conflict with other middleware — Gemalto, IDPrime or old SAC drivers left in the Windows registry often block the new SAC from working correctly.
- 3 Proper integration with the Windows Certificate Store and the applications that use the certificate (Adobe Reader, browser, IRMS client) — without this integration the certificate "exists" but no application can see it.
⚡ Silent problems users don't notice
Besides visible errors, there are situations where the system "seems to work" — but in the background there are conditions that, at an unpredictable moment, stop the whole process:
- •The token can lock after 3 wrong PIN entries — unlocking is only possible with the PUK code, which is often not at hand
- •Windows 11 has stricter security policies for drivers — older SAC versions often stop working after a security update
- •Antivirus or Windows Defender in certain configurations block PKCS#11 communication between the token and the application
- •The certificate on the token may expire without it being obvious — the token still works, but the certificate is no longer valid on portals
Without systematic diagnosis it is easy to spend hours trying solutions that may even make things worse.
Why an independent technical service pays off
The SafeNet stack — drivers, middleware, Windows Certificate Store, integration with a specific portal — requires knowledge of nuances you rarely find in one place. Our approach is different from blind trial and error: first we diagnose exactly where the blockage is, then we apply a proven solution.
Remotely via AnyDesk, usually in 20–40 minutes. Diagnosis is free; you pay only when we confirm the problem is solvable. So instead of lost hours or days wandering through forums, you get a safe return of your certificate to working order.