HP ProtectTools User Guide
11 Troubleshooting
Credential Manager for HP ProtectTools
Short description Details Solution
Using the Credential
Manager Network
Accounts option, a user
can select which domain
account to log on to. When
TPM authentication is
used, this option is not
available. All other
authentication methods
work properly.
Using TPM authentication, the user is
only logged on to the local computer.
Using Credential Manager Single Sign On tools allows
the user to authenticate other accounts.
Smart cards and USB
tokens are not available in
Credential Manager if
installed after the
Credential Manager
installation.
In order to use smart cards or USB
tokens in Credential Manager, the
supporting software (drivers, PKCS#11
providers, etc.) must be installed prior to
Credential Manager installation.
If you already have the Credential
Manager installed do the following steps
after installing smart card or token
supporting software:
Log on to Credential Manager.
In HP ProtectTools Security Manager, click Credential
Manager, click Advanced Settings, and then click the
Smart Cards and Tokens tab. A list of available tokens
is displayed under Local Tokens.
Access a popup menu by right-clicking the Local
Tokens node, and then select Scan for New Smart
Cards and Tokens.
Restart your computer if prompted.
Some application Web
pages create errors that
prevent the user from
performing or completing
tasks.
Some Web-based applications stop
functioning and report errors due to the
disabling functionality pattern of Single
Sign On. For example, an ! in a yellow
triangle is observed in Internet Explorer,
indicating an error has occurred.
Credential Manager Single Sign On does not support
all software Web interfaces. Disable Single Sign On
support for the specific Web page by turning off Single
Sign On support. See complete documentation on
Single Sign On, which is available in the Credential
Manager software Help files.
If a specific Single Sign On cannot be disabled for a
given application, call HP technical support and request
3rd-level support through your HP Service contact.
The option to Browse for
Virtual Token is not
displayed during the logon
process.
The user cannot move the location of a
registered virtual token in Credential
Manager because the option to browse
was removed to reduce security risks.
The browse option was removed because it allowed
non-users to delete and rename files and take control
of Windows.
Domain administrators
cannot change Windows
password even with
authorization.
This happens after a domain
administrator logs on to a domain and
registers the domain identity with
Credential Manager using an account
with Administrator's rights on the domain
and the local PC. When the domain
administrator attempts to change the
Credential Manager cannot change a domain user's
account password through Change Windows
password. Credential Manager can only change the
local PC account passwords. The domain user can
change his/her password through the Change
password option of Windows security, but, since the
domain user does not have a physical account on the
80 Chapter 11 Troubleshooting ENWW










