Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 53

• Symptom: You receive the Failed to generate encryption key error message during the Hardware Password Manager registration. Problem description: Users with a Windows user name containing any of the characters !@#$*() will receive an error message when trying to register. Solution: Change your user name to exclude the special characters shown above. • Symptom: The Hardware Password Manager registration wizard does not prompt to set a Windows password if it is blank. Problem description: Since Hardware Password Manager requires a Windows password in order to register, it is expected that the Hardware Password Manager client would prompt to set a Windows password if one is not set. Instead, the HPM client just doesn't allow the user to click Next if their Windows password is blank. Solution: the user should have a Windows password set prior to registering in Hardware Password Manager. • Symptom: SGE or SGN installation fails if the Hardware Password Manager client is installed . Problem description: If installing SGN or SGE on Windows XP when the Hardware Password Manager client is installed, an error is displayed indicating the Lenovo GINA is active and the installation fails. Solution: Uninstall the Hardware Password Manager client, restart the system, install SGE or SGN, restart again, then reinstall the client. • Symptom: When entering the BIOS version into the BIOS version exclude list for ThinkCentre system, the last character of the BIOS version cannot be entered into the text box in the Admin Console. Problem description: The problem is because the Hardware Password Manager server supports a maximum of 8 characters for the BIOS version. ThinkCentre systems have a 9 character BIOS version. This is not likely to pose a problem since exact matches are not required (first 8 characters are matched regardless of the 9th character). Solution: None • Symptom: Received the error message PSI.DLL is missing. Problem description: The error message PSI.DLL is missing is displayed if the client agent was not installed correctly. Solution: Uninstall the client agent, restart the system, then reinstall the client agent. Make sure the Hardware Password Manager checkbox is selected when installing the client agent if you wish to use Hardware Password Manager on that system). • Symptom: You can create two hardware accounts associated with one Windows account. Problem description: This problem occurs when restoring a system from a backup that was taken prior to registering in Hardware Password Manager. When enrolling in Hardware Password Manager, the user's Windows credentials are stored in secure storage within the Windows CAPI key store. Furthermore, the association between the Windows credential and the intranet account is maintained. When restoring a system to a point prior to the user being enrolled in Hardware Password Manager, the CAPI key store can be lost (since it is stored in the Windows registry), which means the Windows credentials and associations with the intranet account are lost even though the system is actually registered. In this case, the client application will continue to prompt you to enroll (if policy indicates to do so). Furthermore, if you try to enroll and you specify the same intranet account as you previously used to enroll, the client application will fail indicating you already enrolled. If you were to enroll again using a different intranet account, the client application will allow the enroll to complete - now you will have two hardware accounts associated with the same Windows account (which is not recommended). Solution: To prevent this problem from occurring, make sure your backup is taken after the system is registered in Hardware Password Manager (when using Rescue and Recovery or any backup tool that performs a full disk backup, for example. Appendix C. Hints and tips 45