Technicians captured the exact transponder/RFID UID by presenting the chip to an on-site reader (commonly elevator/reader 73A or other installed readers) and recorded the reader-read hex/UID in Kentix and the access inventory. Where on-site UID-reading hardware was available, the specific Elatec reader model (TWN4 MultiTech, 13.56 MHz, NXP/NFC) was used to map physical chip labels to system TransponderIDs; lack of such a reader prevented mapping and required bringing a reader or using an available local reader. Inventory entries were corrected when reader-reported IDs differed from prior records and ownership was verified before granting access to sensitive areas; chips already assigned to other users or companies were identified and handled according to ownership (reassignment or deactivation) before issuing access. Inactive or blocked badges were enabled/unblocked and programmed in Kentix; replaced or returned chips were disabled/locked and marked available in the inventory. Users with partial access received consistent Kentix/AD group membership or explicit access profiles (sometimes copied from a reference user) so all required doors and elevator access reflected the same permissions. Locker-specific issues were resolved by swapping incompatible physical badge types and performing on-site locker-controller programming. Provisioning for related systems (for example Deskbird room-booking) was coordinated alongside Kentix assignments. Technicians observed that Kentix/transponder activations required time to propagate to readers (approximately 30 minutes) and confirmed successful resolution by testing the badge at the relevant reader. Non-personal/generic badges (for example exam-proctor “Prüfungschips”) were created and named per requester requirements without binding them to individual user accounts. Where ticketing metadata conflicted with on-site work (for example a ticket later marked “Won't Do” despite an activation being performed), technicians logged the actual activation time and test confirmation so the physical activation and inventory state reflected the real outcome. Users were informed where and how to collect issued badges after provisioning.

Access and enrollment failures were resolved by establishing a valid, correctly scoped reference user or creating the required identity record when the person was absent from the directory. Where immediate physical access was required, a transponder was issued manually, annotated and handed to an authorized requester for pickup and signature so scheduled activities could proceed. Incorrect or global-scoped reference accounts were replaced with user-scoped accounts and tokens were explicitly assigned to a single user when multiple matches existed; misnamed or ambiguous tokens were renamed and access-control records were updated so events tied unambiguously to one chip. Logged reader events (timestamp and reader location) were used during triage to confirm chip presentation and location even when activation could not proceed; synchronization delays were recorded as a frequent cause of apparent non‑functioning permissions. Faulty or unreadable badge chips were inspected, reconfigured, or replaced. It was observed that some activation requests remained unactivated when requesters did not provide required follow-up and the tickets were auto-closed; additionally, some provisioning requests were closed by approval automation as 'Won't Do' before provisioning, and those cases were resolved by reissuing requests or completing the approval path prior to assignment. Kentix badge transfers were completed by handing the badge to the new owner and updating asset/access records.

Physical badge pickup and provisioning were centralised at the Berlin IT office (Frankfurter Allee 73d, 6th floor; rooms 6.12 and 6.23) and handovers were standardised and recorded. Known pickup windows and office hours were used for handover (dedicated handover window: Tue/Thu 10:00–15:00; broader IT office hours Mon, Tue, Thu, Fri 08:30–16:30). Handover required the presenting recipient’s personal signature and IT staff recorded badge/transponder identifiers; badges were issued only to the presenting recipient unless an alternate recipient or delivery address had been explicitly arranged. In‑person requests were commonly fulfilled immediately: badges were created, programmed by designated administrators and handed over to the requester. Badge requests also arrived via email (including barrier‑free/accessibility requests); these were created in the access system and made available to the requester or arranged for collection. Where building‑ or room‑managed access applied, requests were routed to the appropriate local owner or campus management/study guides opened tickets for room‑managed tokens. Student transponders (e.g., Med‑Lab) were issued under a deposit/sign‑in policy (personal ID held as deposit and a name+signature sign‑in list) and handed at the front desk or forwarded to the Examination Office with required paperwork when appropriate. When reception pools lacked spare or temporary transponders and Deskbird bookings failed, permanent transponders or dedicated access cards were issued and handed over with equipment or left at reception under an arranged signed transfer. Known contributors to delays were Automation for Jira auto‑closing after 14 days, stale Kentix records or approver/cost‑center/reference‑user metadata, incorrect routing/request types and changes in Kentix authorisation ownership; tickets were closed only after provisioning appeared in Kentix/access records and handover or arranged delivery was confirmed.

Defective transponders and detached key-number tags were handled by asking senders to return the items by mail to Campus Management/Office Support, IU Internationale Hochschule, Frankfurter Allee 73a, 10247 Berlin (named contacts used in correspondence). No ticket/reference/inventory number was required for those returns. Lost or missing badges/transponders assigned to users or to loanable key boxes were deactivated or removed in the Kentix access-control system so the credential became unusable and associated permissions were revoked; support informed users when deactivation occurred. In at least one case where a badge that had been reported lost was later handed in to Lost & Found, the outstanding replacement/block request was cancelled and no blocking or reissue was performed. When a badge that was still assigned stopped working, support re-enabled/reset the user's access in Kentix which restored entry. Support checked issuance records and Kentix logbook excerpts to confirm ownership and history; if no record existed support requested the badge/transponder number from the user or advised obtaining a new badge from campus issuance contacts. Replacement badges required a €25 deposit; proof of payment was accepted and verified in person at an IT office and a replacement badge was issued (example: badge 147), and replacements/collections were also coordinated via named campus contacts. For missing loanable/shared transponders or when a key-box code was suspected compromised, support removed/deleted the transponder ID in Kentix, verified issuance lists and logs with local custodians, and changed the keybox code to mitigate misuse; log review determined whether further action was required.

Support removed the badge from the employee's Kentix profile and created a new visitor badge profile (named 'Office Support Besucher:innen') with only the required standard visitor/elevator permissions. All other permissions and employee-level access were removed or deactivated, and the repurposed badge was operated under the visitor profile.

An electrician corrected the wiring errors introduced during the vendor installation, repaired or replaced the defective Kentix card reader, and installed the additional relay required for the elevator control interface. After these hardware and wiring fixes both elevators were tested and the 5th and 6th floor access functioned correctly.

Requests for Kentix devices, corrected door hardware, or repairs were routed to Real Estate or contracted building‑services vendors when IT confirmed it would not perform procurement or installation; responsibility was transferred accordingly. Tickets documented Kentix unit model, door‑handle handedness, whether locks were battery‑operated, and integration needs with existing Kentix APs, access profiles, and transponder assignments; some requests were placed on hold while ownership or funding was clarified and access‑system unification work was considered. When internal parts were available, staff located and released them for Real Estate pickup and reinstall; on at least one occasion a Kentix lock battery was replaced on site and the lock was restored. Transient authentication failures sometimes resolved when users re‑presented their badge; technicians validated lock operation by testing with user chips (occasionally recording the test). Where DoorLock behavior left doors unsecured, administrators changed DoorLock configuration to enable auto‑relock and applied the new setting. Mechanical faults, jammed doors, and vandalism were classified as facilities/Real‑Estate matters and routed to Haustechnik/Vinci or building maintenance; janitorial staff occasionally completed repairs and confirmed access. Vandalism incidents included locks forced open (reported coin‑forcing) and intentionally damaged Kentix units; these cases required measuring the door cylinder per vendor guidance to procure replacement/upgrade Kentix locks. Technicians who found locks appearing non‑responsive verified device operation and identified time‑of‑day schedules (commonly daytime unlocked, off‑hours locked) as the cause in several incidents. Detached Kentix Access Managers were temporarily secured (for example with adhesive tape) while cabling and mounting work were arranged, constrained by available LAN outlets and the need to preserve radio coverage for doorlocks. Network connectivity faults were resolved by replacing the network switch serving the Kentix device, which restored correct lock behavior in incidents that raised safety concerns. When a Kentix electronic knob had a fully discharged battery and required tools or a Low Power Adapter that were not available on site, technicians replaced the electronic knob with a standard mechanical cylinder to immediately restore door locking function. Reported privacy issues (accessible WCs) noted that Kentix locks do not detect occupancy, so multiple issued disabled‑WC badges could allow entry while the room was occupied; procurement requests for replacement/upgrade locks were raised with cost centers recorded. Ongoing onsite maintenance and battery‑replacement responsibilities for battery‑operated locks were assigned to Real Estate or the external service provider when ownership was transferred.

Work was scheduled and on-site technicians obtained required physical access or local coordination as needed and documented room conditions with photographs. In server-room and rack cases technicians coordinated with on-site contacts and facilities (CPS/infrastructure) to remove combustible materials near racks, reroute and secure cabling inside cabinets, and restore cabinet doors or closures, eliminating immediate fire-loads and cabling obstructions prior to inspection. When cabinets were unsecured or lockable issues occurred, technicians identified alternative key holders or access paths, photographed cabinets and rooms, and uploaded photos to the related Jira subtasks to record conditions. In one case a basement cabinet serving the Café and HR tower was found to be not lockable and had a front-facing cable feed; technicians determined a full reinstallation was not the preferred option and escalated improvement options to the infrastructure team for follow-up. In office/workspace cases technicians re-laid and tidied power and equipment cabling under desks to remove cable clutter and reduce short-circuit and electric-shock hazards. For floor-level trip hazards created by cable covers and floor openings, sites applied yellow-dot floor markings per DGUV to highlight trip points. These interventions removed the immediate physical and workplace-safety hazards and restored safe access to the affected equipment and areas, with infrastructure follow-up documented where structural changes were required.

Site administrators resolved incidents by modifying badge/transponder access profiles in the physical access control system (Kentix or equivalent) to add the missing door- or room-level permissions, recording sponsor/stakeholder approval where required, and logging the administrative changes. Examples included enabling building-services (Haustechnik) badge access to the 5th and 6th floors, granting a reception transponder access to the bicycle cellar (access became effective after a short propagation period of approximately five minutes), and restoring professors' office profiles so affected users could enter normally. Administrators noted occasional user requests to check Kentix hardware (battery) levels; those checks were recorded in tickets but confirmation of battery status was not always documented. After changes were applied, administrators verified access with users and communicated local token-management and pickup points (site administration/reception) and on-site support contacts as appropriate.

Technicians confirmed the delivered locks were present but the cable length was insufficient. Longer cables and spare locks were located in inventory (Bochum warehouse and from a colleague named Chris). Two longer cables (and precautionary spare locks) were packed and shipped via DHL (tracking numbers 00340434494863696171 and 00340434494863696744). The items were received on site and the longer cables/locks were installed and mounted on the iMacs; the iMacs were verified as secured afterwards.

The issue was addressed by proposing and planning a dedicated emergency password safe to hold site-specific door codes and make them available to a small, named group. 1Password was selected as the vault solution, stakeholders and project management were assembled (including Kai, Roland, Monika, Stephan Hieke, Dominik Utz and representatives from REM / FK Verwaltung / FK Prüfungsamt), and planning meetings were scheduled to define access membership and operational procedures for the emergency-safe.