HP ProtectTools Troubleshooting Guide HP Compaq Business Desktops Document Part Number: 413742-001 January 2006 This document contains information and recommendations for the ProtectTools administrator concerning questions that may arise in the administration and operation of HP ProtectTools.
© Copyright 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation in the U.S. and other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
HP ProtectTools Troubleshooting Guide Overview HP ProtectTools Security is a new technology offered by HP on some Business PCs. This technology offers enhanced security support for file/folder encryption, user identity and protection, Single Sign On, multi-factor authentication, smart card, smart card preboot, token and biometric support and works natively with the operating system to enhance security aware applications, such as secure e-mail.
HP ProtectTools Troubleshooting Guide Outlook or Outlook Express, and it supports enhanced security for Microsoft EFS file/folder encryption. The software also provides a function called Personal Secure Drive (PSD). The PSD is a function in addition to the EFS-based file/folder encryption, and it uses the Advanced Encryption Standard (AES) encryption algorithm.
HP ProtectTools Troubleshooting Guide Acronym Term Detail EFS Encryption File System A transparent file encryption service provided by Microsoft for Windows 2000 or later LPC Low Pin Count Defines an interface used by the HP ProtectTools Embedded Security device to connect with the platform chipset. The bus consists of 4 bits of Address/Data pins, along with a 33Mhz clock and several control/status pins.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details HP ProtectTools Embedded Security—Encrypting folders, sub folders, and files on PSD cause error message If the user copies files and folders to the PSD and tries to encrypt folders/files or folders/subfolders, the Error Applying Attributes message appears. The user can encrypt the same files on the C:\ drive on an extra installed hard drive.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded If the user restores the hard Security—Initialization fails drive from the restore CD, initialization of the TPM fails. for TPM module after system restore. This is as designed. The TPM must be reset and enabled again in Computer Setup (F10) Utility prior to initialization.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded There is no Encrypt selection Security—Cannot encrypt when right-clicking a file icon. any data in the Windows 2000 French (France) environment.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security—The PSD password box is no longer displayed when the system becomes active after Standby status When a user logs on the system after creating a PSD, the TPM asks for the basic user password. If the user does not enter the password and the system goes into Standby, the password dialog box is no longer available when the user resumes. This is by design.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security—Intermittent encrypt and decrypt error occurs: The process cannot access the file because it is being used by another process. To resolve the failure, the user can log off and Extremely intermittent error back on to the system. Restart, log off, and log during file encryption or decryption occurs due to the back in to resolve the issue.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround Root Cause suspicion is a timing issue in low memory configurations. HP ProtectTools Embedded Security—Intermittent system lockup occurs after creating PSD on 2 users accounts and using fast-user-switching in 128-MB system configurations System may lock up with a black screen and non-responding keyboard and mouse instead of showing welcome (logon) screen when using fast-switching with minimal RAM.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security—Application lock-ups occur when the connection with a TPM Module is lost When the TPM module is damaged or the connection is lost, the Security Manager locks up. Attempting to close the Security Manager causes Windows error messages.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description HP ProtectTools TPM Firmware Update Utility—The tool provided through HP support Web site reports ownership required Details Solution / Workaround Expected Behavior of TPM firmware Utility 1. Reinstall HP ProtectTools Embedded Security Software The firmware upgrade tool allows the user to upgrade the firmware, both when there is and when there is not an endorsement key (EK) present.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools user is only logged into the allows user to authenticate other accounts. Manager—Using local machine. Credential Manager Network Accounts option, a user can select which domain account to log into. When TPM authentication is used, this option is not available.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description HP ProtectTools Credential Manager—USB token credential is not available with login to Windows XP SP1 Details Solution / Workaround After installing USB token software, registering the USB token credential, and setting Credential Manager as primary login, the USB Token is neither listed nor available in the Credential Manager/gina logon.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description HP ProtectTools Security Manager—Intermittently, an error is returned when closing the Security Manager interface Details Solution / Workaround Intermittently (1 in 12 instances), an error is created by using the close button in the upper right of the screen to close Security Manager before all plug-in applications have finished loading.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security—PSD is disabled and cannot be deleted after formatting the hard drive on which the PSD was generated The PSD is disabled and cannot be deleted after formatting the secondary hard drive on which the PSD was generated. The PSD icon is still visible, but the error message drive is not accessible appears when the user attempts to access the PSD.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded If the user Security—An internal error 1. clicks Restore under has been detected restoring Backup option of from Automatic Backup Embedded Security in Archive HPPTSM to restore from the automatic backup Archive If the user selects the SpSystemBackup.xml when the SpBackupArchive.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description HP ProtectTools Embedded Security—Numerous end-task errors during reboot after uninstalling Details Solution / Workaround If the user uninstalls HP ProtectTools Embedded Security and waits a few minutes after the uninstall completes, when the user selects Yes to reboot, numerous end-task errors appear with Japanese (JP), Taiwanese (TW), Traditional Chinese (TZ). This occurs only on first uninstall attempt.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Embedded Security—Automatic backup does not work with mapped drive When an administrator sets up Automatic Backup in Embedded Security, it creates an entry in Windows > Tasks > Scheduled Task. This Windows Scheduled Task is set to use NT AUTHORITY\ SYSTEM for rights to execute the backup. This works properly to any local drive.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround The browse option was removed from current product offerings because it allowed non-users to delete and rename files and take control of Windows. HP ProtectTools Credential Manager—No option to Browse for Virtual Token during the login process User cannot move the location of registered virtual token in Credential Manager because the option to browse was removed due to security risks.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Manager—Domain administrators cannot change Windows password even with authorization This happens after a domain administrator logs on to a domain and registers the domain identity with Credential Manager using an account with Administrator's rights on the domain and the local PC.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Manager— When logging in using TPM authentication, the Back button skips the option to choose another authentication method HP is researching a workaround for future If user using TPM login authentication for Credential product enhancements. Manager enters his/her password, the Back button does not work properly, but instead immediately displays the Windows login screen.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Smart Card Manager—Smart card software displaying incorrect USB status Refresh the graphical user interface by closing After unplugging the USB and reopening the smart card software. cable of the Smart Card terminal, the status remains ´ blue.´ To get the correct status, ProtectTools Security Manager must be reopened.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Manager—Credential Manager logon window for Windows 2000 states insert card when no reader is attached The Windows Credential Manager Welcome screen suggests the user can logon with insert card when no smart card reader is attached. The purpose of the alert is to notify the user that smart card authentication is available, if it is configured.
HP ProtectTools Troubleshooting Guide Software Impacted-Short description Details Solution / Workaround HP ProtectTools Credential Manager—Credentials are lost from Credential Manager when Embedded Security is uninstalled The Embedded Security device encrypts and protects the credentials. Removing the Embedded Security software causes a loss of all encrypted data. Users should regularly back up their credentials, as referenced in help files.
