Lenovo ThinkPad T400 (English) Hardware Password Manager Deployment Guide - Page 54

If you have already restored your system (for example, lost your CAPI key store), deregister and reregister in Hardware Password Manager. • Symptom: When registering in Hardware Password Manager, if network connectivity is lost during the suspend/resume operation and the user logs off before network connectivity resumes, the client application completes the registration process normally. However, the Hardware Password Manager server shows that the PC failed to register. Problem description: Problem occurs because the client application is unable to report the successful completion of registration to the Hardware Password Manager server. Solution: Deregister and reregister in Hardware Password Manager. • Symptom: A device that has been registered with Hardware Password Manager, meaning hardware passwords have been set, is deleted from the Hardware Password Manager devices view under Computers. Problem description: In this case the device can still be logged in to using the hardware account that was created when registered. However, the device cannot be managed or registered again with HPM until the hardware passwords are cleared. Solution: In the console's Network View ➙ Hardware Password Manager devices ➙ Computers view, right-click Computers and click View all. The computers that were previously deleted from the console will be shown. Obtain the hardware passwords or the Emergency Admin password for the device in question and use these credentials to start the computer to the BIOS Setup Utility. Select Security and then select Password. Disable Hardware Password Manager. This will clear all hardware passwords. Immediately enable Hardware Password Manager and press F10 to save and exit. After Windows loads again, the Hardware Password Manager client portal will prompt to register the device again automatically if this policy is set. Now the device can be registered again if required. • Symptom: Receive the Hardware account does not exist message when updating your Windows password. Problem description: This problem occurs under the following conditions: 1. Server policy is set to not synchronize Windows and Hardware accounts. 2. User registers with a Hardware Account name that differs from their Windows user name. 3. The IT Administrator changes server policy to force Windows and Hardware accounts to be synchronized. 4. User later changes their Windows password. 5. The next time the user logs into Windows, the client application notifies the user that their Hardware Account needs to be updated to reflect their new Windows password. 6. User is prompted for intranet credentials to authenticate with Active Directory before updating the hardware account. 7. Client application displays a message indicating the hardware account does not exist. This is because the user's windows user name does not match the hardware account name (it is expected to match based on the current policy setting). Solution: If this problem occurs, the recommendation is to deregister and register in Hardware Password Manager. To prevent this problem from occurring, the IT Administrator should decide on the desired policy setting for synchronizing Windows and intranet account credentials and stick with it (do not change after users have registered). • Symptom: No information in Help files regarding the extent of wireless support in the BIOS. Problem description:Hardware Password Manager supports all Windows-based functions via wireless connections, such as registration, renew vault, restore vault, and the execution of remote actions. However, BIOS does not support wireless network connections. So, the computer must have a hard-wired network connection for any BIOS-based functions that requires a network connection, such as intranet login (which is needed only if the user forgot their user login credentials). 46 Hardware Password Manager Deployment Guide