HP Hewlett Packard Personal Computer 413742 001 User Manual

HP ProtectTools Troubleshooting  
Guide  
HP Compaq Business Desktops  
Document Part Number: 413742-001  
January 2006  
This document contains information and recommendations for the  
ProtectTools administrator concerning questions that may arise in the  
administration and operation of HP ProtectTools.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Overview  
HP ProtectTools Security is a new technology offered by HP on some Business PCs. This  
technology offers enhanced security support for file/folder encryption, user identity and  
protection, Single Sign On, multi-factor authentication, smart card, smart card preboot, token  
and biometric support and works natively with the operating system to enhance security aware  
applications, such as secure e-mail. The enhanced security is achieved through both hardware  
and software. Windows-based management of the BIOS is also incorporated through a BIOS  
Configuration module. All software is centrally managed through an HP Security Manager  
interface, which can be accessed from the task tray, start menu, or control panel. A properly  
enabled security system requires a TPM-enabled BIOS, versions 1.54 or greater, obtainable  
through www.hp.com support, and security software available via purchase.  
Administrators are encouraged to perform “best practices” in restricting end-user privileges and  
restrictive access to users.  
Hardware  
The hardware consists of a Trusted Platform Module (TPM) which meets the Trusted Computing  
Group requirements of TPM 1.2 standards. The card is integrated with the system board and is  
part of the NIC. The NIC and TPM solution contains on-chip memory and off-chip memory,  
functions and firmware are located on an external flash integrated with the system board. All  
TPM functions are encrypted or protected to ensure secure flash or communications.  
Software  
The software, HP ProtectTools, has two parts: HP ProtectTools Security Manager and HP  
plug-in modules. Security Manager is the interface (shell) that centralizes all security  
applications (plug-ins). The computer offers security in both configure-to-order and aftermarket  
configurations. Both offerings provide a CD which can be used in Microsoft Windows to install  
the HP ProtectTools security products. Customers using a non-HP corporate image are  
encouraged to use the provided CD to install security software. Some HP Web-based downloads  
(SoftPaqs) will not install unless previous versions of security software are already installed on  
the target PC.  
HP ProtectTools security applications for the computer are:  
HP ProtectTools Security Manager: The software is preinstalled on the hard drive and can be  
accessed from the Start Menu or Control Panel applet. The Security Manager shell interface  
provides a central point for administering all security plug-in modules. Security plug-ins like  
the TPM, Smart Card, and future security products cannot be installed unless the Security  
Manager interface is present.  
HP ProtectTools Embedded Security: This supports the TPM 1.2 hardware directly and is  
preinstalled on the imaged drive for desktop. In Windows 2000 and Windows XP  
environments, this software supports enhanced security for secure e-mail with Microsoft  
Technical Reference Guide  
1
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Outlook or Outlook Express, and it supports enhanced security for Microsoft EFS file/folder  
encryption. The software also provides a function called Personal Secure Drive (PSD). The  
PSD is a function in addition to the EFS-based file/folder encryption, and it uses the  
Advanced Encryption Standard (AES) encryption algorithm. It is important to note that HP  
ProtectTools Personal Secure Drive cannot function unless the TPM is unhidden, enabled  
with appropriate software installed with ownership, and the user configuration initialized.  
Additionally, the TPM also supports data management functions, such as backing up and  
restoring the key hierarchy, support for third-party applications that use MSCAPI (such as  
Microsoft Outlook and Internet Explorer) and applications that use PKCS#11 (such as  
Netscape) for protected digital certificate operations when using the Embedded Security  
software.  
HP ProtectTools TPM Firmware Update Utility: This utility is a Web-based SoftPaq for  
updating your TPM firmware.  
HP Credential Manager for ProtectTools: This tool provides identity management and has  
security features that protect against unauthorized access to your computer. These features  
include the following:  
Alternatives login capability as opposed to passwords when logging on to Windows,  
such as using a smart card or biometric reader to log on to Windows  
Single Sign On feature that automatically remembers credentials for Web sites,  
applications, and protected network resources  
Support for optional security devices, such as smart cards and biometric readers  
Support for additional security settings, such as requiring authentication with an optional  
security device to unlock the computer and access applications  
Enhanced encryption for stored passwords, when implemented with a TPM Embedded  
Security chip  
Smart Card Security for ProtectTools: This tool manages the smart card setup and  
configuration for computers equipped with an optional smart card reader. The smart card  
BIOS security mode is available on some models. When enabled, this mode requires you to  
use a smart card to log on to the computer.  
BIOS Configuration for ProtectTools: This configuration provides access to the Computer  
Setup Utility security and configuration settings. This allows users to access system security  
features managed by Computer Setup through Windows.  
Please consult the HP ProtectTools Security Manager Guide that shipped with the computer or  
access this online at http://www.hp.com along with the latest software, firmware, driver, and  
support materials. Help files provided with the installed product contain a variety of  
troubleshooting, configuration, and functional product data, and they are considered the first  
direct source of information.  
Table A Glossary of HP ProtectTools Embedded Security Related Terminology  
Acronym  
Term  
Detail  
AES  
Advanced Encryption  
Standard  
A symmetric 128-bit block data encryption technique  
API  
Application Programming A series of internal operating system functions that applications  
Interface  
can use to perform various tasks  
CSP  
Cryptographic Service  
Provider  
A software component that interfaces with the MSCAPI  
2
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Acronym  
Term  
Detail  
EFS  
Encryption File System  
A transparent file encryption service provided by Microsoft for  
Windows 2000 or later  
LPC  
Low Pin Count  
Defines an interface used by the HP ProtectTools Embedded  
Security device to connect with the platform chipset. The bus  
consists of 4 bits of Address/Data pins, along with a 33Mhz  
clock and several control/status pins.  
MSCAPI:  
PKCS  
PKI  
Microsoft Cryptographic  
API, or CryptoAPI  
An API from Microsoft that provides an interface to the  
Windows operating system for cryptographic applications  
Public Key Cryptographic  
Standards  
Standards generated that govern definition and use of Public  
Key/Private Key means of encryption and decryption.  
Public Key Infrastructure  
A general term defining the implementation of security systems  
that use Public Key/Private Key encryption and decryption  
PSD  
Personal Secure Drive  
A feature that is provided by HP ProtectTools Embedded  
Security. This application creates a virtual drive on the user's  
machine that automatically encrypts files/folders that are moved  
into the virtual drive.  
S/MIME  
Secure Multipurpose  
Internet Mail Extensions  
A specification for secure electronic messaging using PKCS.  
S/MIME offers authentication via digital signatures and privacy  
via encryption  
TCG  
TCPA  
TPM  
Trusted Computing Group Industry association set up to promote the concept of a “Trusted  
PC.” TCG supersedes TCPA  
Trusted Computing Platform Trusted computing alliance; now superseded by TCG  
Alliance  
Trusted Platform Module  
TPM hardware and software enhances the security of EFS and  
the Personal Secure Drive by protecting the keys used by EFS  
and the Personal Secure Drive.  
In systems without the TPM, the keys used for EFS and the PSD  
are normally stored on the hard drive. This makes the keys  
potentially vulnerable. In systems with the TPM card, the TPM's  
private Storage Root Keys, which never leave the TPM chip, are  
used to “wrap” or protect the keys used by EFS and by the PSD.  
Breaking into the TPM to extract the private keys is much more  
difficult than hacking onto the system's hard drive to obtain the  
keys.  
The TPM also enhances the security of secure e-mail via  
S/MIME in Microsoft Outlook and Outlook Express. The TPM  
functions as a Cryptographic Service Provider (CSP). Keys and  
certificates are generated and/or supported by the TPM  
hardware, providing significantly greater security than  
software-only implementations.  
Technical Reference Guide  
3
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded If the user copies files and  
This is as designed.  
Security—Encrypting  
folders, sub folders, and  
files on PSD cause error  
message  
folders to the PSD and tries to  
encrypt folders/files or  
Moving files/folders to the PSD automatically  
encrypts them. There is no need to  
“double-encrypt” the files/folders. Attempting to  
double-encrypt them using on the PSD using EFS  
will produce this error message.  
folders/subfolders, the Error  
Applying Attributes  
message appears. The user  
can encrypt the same files on  
the C:\ drive on an extra  
installed hard drive.  
HP ProtectTools Embedded If a drive is set up for multiple This is as designed.  
Security—Cannot Take  
Ownership With Another  
OS In Multi-Boot Platform  
OS boot, ownership can only  
be taken with the platform  
initialization wizard in one  
operating system.  
For security reasons, the Embedded Security is  
designed to work with only one OS per system.  
HP ProtectTools Embedded Encrypting a folder does not This is as designed.  
Security—Unauthorized  
administrator can view,  
delete, rename, or move  
the contents of encrypted  
EFS folders  
stop an unauthorized user  
with administrative rights to  
view, delete, or move  
It is a feature of EFS, not the Embedded Security  
TPM. Embedded Security uses Microsoft EFS  
software, and EFS preserves file/folder access  
rights for all administrators.  
contents of the folder.  
HP ProtectTools Embedded Encrypted folders with EFS  
Security—Encrypted folders are highlighted in green in  
with EFS in Windows 2000 Windows XP, but not in  
are not shown highlighted Windows 2000.  
in green  
This is as designed.  
It is a feature of EFS that it does not highlight  
encrypted folders in Windows 2000, but it does  
in Windows XP. This is true whether or not an  
Embedded Security TPM is installed.  
HP ProtectTools Embedded If a user sets up the  
This is as designed.  
Security—EFS does not  
Embedded Security, logs on  
It is a feature of EFS in Windows 2000. EFS in  
Windows XP, by default, will not let the user  
open files/folders without a password.  
require a password to view as an administrator, then logs  
encrypted files in Windows off and back on as the  
2000  
administrator, the user can  
subsequently see files/folders  
in Windows 2000 without a  
password.  
HP ProtectTools Embedded If the user attempts to restore This is as designed.  
Security—Software should the hard drive using FAT32,  
not be installed on a restore there will be no encrypt  
Microsoft EFS is supported only on NTFS and  
will not function on FAT32. This is a feature of  
Microsoft's EFS and is not related to HP  
ProtectTools software.  
with FAT32 partition  
options for any files/folders  
using EFS.  
4
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded If the user restores the hard  
Security—Initialization fails drive from the restore CD,  
for TPM module after  
system restore.  
This is as designed.  
The TPM must be reset and enabled again in  
Computer Setup (F10) Utility prior to  
initialization.  
initialization of the TPM fails.  
HP ProtectTools Embedded Windows 2000 User can  
The PSD is not normally shared on the network,  
Security—Windows 2000 share to the network any PSD but it can be through the hidden ($) share in  
User can share to the with the hidden ($) share. The W2K only. HP recommends always having the  
network any PSD with the hidden share can be  
built-in Administrator account  
password-protected.  
hidden ($) share  
accessed over the network  
using the hidden ($) share.  
HP ProtectTools Embedded By design, the ACLs for this  
This is as designed.  
Security—User is able to  
encrypt or delete the  
recovery archive XML file  
folder is not set; therefore, a  
user can inadvertently or  
purposely encrypt or delete  
the file, making it  
inaccessible. Once this file  
has been encrypted or  
deleted, no one can use the  
TPM software.  
Users have access rights to an emergency  
archive in order to save/update their basic user  
key backup copy. Customers should adopt a  
'best practices' security approach and instruct  
users never to encrypt or delete the recovery  
archive files.  
HP ProtectTools Embedded Encrypted files interfere with To reduce the time required to scan HP  
Security—HP ProtectTools  
Embedded Security EFS  
interaction with Norton  
Antivirus produces longer  
Norton Anti Virus 2005 virus ProtectTools Embedded Security EFS files, the  
scan. During the scan  
user can either enter the encryption password  
before scanning or decrypt before scanning.  
To reduce the time required to encrypt/decrypt  
data using HP ProtectTools Embedded Security  
EFS, the user should disable Auto-Protect on  
Norton Antivirus.  
process, the Basic User Key  
password prompt asks the  
encryption/decryption and user for a password every  
scan times  
10 files or so. If the user does  
not enter a password, the  
Basic User Key password  
prompt times out, allowing  
NAV2005 to continue with  
the scan. Encrypting files  
using HP ProtectTools  
Embedded Security EFS takes  
longer when Norton Antivirus  
is running.  
HP ProtectTools Embedded If the user inserts an MMC or This is as designed.  
Security—Cannot save  
emergency recovery  
archive to removable  
media  
SD card when creating the  
emergency recovery archive  
path during Embedded  
Security Initialization, an  
error message is displayed.  
Storage of the recovery archive on removable  
media is not supported. The recovery archive  
can be stored on a network drive or another  
local drive other than the C drive.  
Technical Reference Guide  
5
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded There is no Encrypt selection This is a Microsoft operating system limitation. If  
Security—Cannot encrypt when right-clicking a file icon. the locale is changed to anything else (French  
any data in the Windows  
2000 French (France)  
environment.  
(Canada), for example), then the Encrypt  
selection will appear.  
To work around the problem, encrypt the file as  
follows: right-click the file icon and select  
Property > Advanced > Encrypt  
Contents.  
HP ProtectTools Embedded If there is a power loss while Perform the following procedure to recover from  
Security—Errors occur after initializing the Embedded  
experiencing a power loss Security chip, the following  
the power loss:  
Use the Arrow keys to select various menus,  
menu items, and to change values (unless  
otherwise specified).  
while taking ownership  
during the Embedded  
Security Initialization  
issues will occur:  
• When attempting to  
launch the Embedded  
Security Initialization  
Wizard, the following  
error is displayed:  
1. Start or restart the computer.  
2. Press F10 when the F10=Setup message  
appears on screen (or as soon as the  
monitor LED turns green).  
The Embedded  
3. Select the appropriate language option.  
4. Press Enter.  
security cannot be  
initialized since the  
Embedded Security  
chip has already an  
Embedded Security  
owner.  
5. Select Security > Embedded Security.  
6. Set the Embedded Security Device option to  
Enable.  
7. Press F10 to accept the change.  
8. Select File > Save Changes and Exit.  
9. Press ENTER.  
• When attempting to  
launch the User  
Initialization Wizard, the  
following error is  
displayed:  
The Embedded  
security is not  
initialized. To use the  
wizard, the  
10. Press F10 to save the changes and exit the  
F10 Setup utility.  
Embedded Security  
must be initialized  
first.  
HP ProtectTools Embedded Enabling the TPM module  
Security—Computer Setup requires a Computer Setup  
(F10) Utility password can (F10) Utility password. Once  
be removed after enabling the module has been  
This is as designed.  
The Computer Setup (F10) Utility password can  
only be removed by a user who knows the  
password. However, HP strongly recommends  
having the Computer Setup (F10) Utility  
password protected at all times.  
TPM Module  
enabled, the user can remove  
the password. This allows  
anyone with direct access to  
the system to reset the TPM  
module and cause possible  
loss of data.  
6
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded When a user logs on the  
Security—The PSD system after creating a PSD,  
password box is no longer the TPM asks for the basic  
displayed when the system user password. If the user  
This is by design.  
The user has to log off and back on to view the  
PSD password box again.  
becomes active after  
Standby status  
does not enter the password  
and the system goes into  
Standby, the password  
dialog box is no longer  
available when the user  
resumes.  
HP ProtectTools Embedded Access to Security Platform  
This is by design.  
Security—No password  
required to change the  
Security Platform Policies  
Policies (both Machine and  
User) does not require a TPM  
password for users who have  
administrative rights on the  
system.  
Any administrator can modify the Security  
Platform Policies with or without TPM user  
initialization.  
HP ProtectTools Embedded An administrator can access The Data Recovery Policy is automatically  
Security—Microsoft EFS  
does not fully work in  
Windows 2000  
encrypted information on the configured to designate an administrator as a  
system without knowing the  
correct password. If the  
administrator enters an  
recovery agent. When a user key cannot be  
retrieved (as in the case of entering the wrong  
password or canceling the Enter Password  
incorrect password or cancels dialog), the file is automatically decrypted with  
the password dialog, the  
encrypted file will open as if  
the administrator had entered  
the correct password. This  
happens regardless of the  
security settings used when  
encrypting the data.  
a recovery key.  
This is due to the Microsoft EFS. Please refer to  
Microsoft Knowledge Base Technical Article  
Q257705 for more information.  
The documents cannot be opened by a  
non-administrator user.  
HP ProtectTools Embedded After setting up HP  
Self-signed certificates are not trusted. In a  
Security—When viewing a ProtectTools and running the properly configured enterprise environment, EFS  
certificate, it shows as  
non-trusted.  
User Initialization Wizard,  
the user has the ability to  
view the certificate issued;  
however, when viewing the  
certificate, it shows as  
certificates are issued by online Certification  
Authorities and are trusted.  
non-trusted. While the  
certificate can be installed at  
this point by clicking the  
install button, installing it  
does not make it trusted.  
Technical Reference Guide  
7
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded Extremely intermittent error  
Security—Intermittent during file encryption or  
To resolve the failure, the user can log off and  
back on to the system. Restart, log off, and log  
encrypt and decrypt error decryption occurs due to the back in to resolve the issue.  
occurs: The process file being used by another  
cannot access the file process, even though that file  
because it is being  
used by another  
process.  
or folder is not being  
processed by the operating  
system or other applications.  
HP ProtectTools Embedded Removing storage mediums  
Security—Data loss in such as a MultiBay hard drive accesses the PSD, then removes the hard drive  
removable storage occurs if still shows PSD availability before completing new data generation or  
storage is removed prior to and does not generate errors transfer. If the user attempts to access the PSD  
The issue is only experienced if the user  
new data generation or  
transfer  
while adding/modifying data when the removable hard drive is not present,  
to the PSD. After system  
restart, the PSD does not  
reflect file changes that  
an error message is displayed stating that the  
device is not ready.  
occurred while the removable  
storage was not available.  
HP ProtectTools Embedded During uninstallation, the user The Admin tool is used for disabling the TPM  
Security—During uninstall, has the option of uninstalling chip, but that option is not available unless the  
if user has not initialized  
the Basic User Key and  
opens the Administration  
either without disabling the  
TPM or by first disabling the has not, then select Ok or Cancel in order to  
TPM (through Admin. tool), continue with the uninstallation process.  
Basic User Key has already been initialized. If it  
tool, the Disable option is then uninstalling. Accessing  
not available and the Admin tool requires Basic  
Uninstaller will not continue User Key initialization. If  
until the Administration tool basic initialization has not  
is closed.  
occurred, all options are  
inaccessible to the user.  
Since the user has explicitly  
chosen to open the Admin  
tool (by clicking Yes in the  
dialog box prompting Click  
Yes to open Embedded  
Security Administration  
tool), uninstall waits until the  
Admin tool is closed. If user  
clicks No in that dialog box,  
then the Admin tool does not  
open at all and uninstall  
proceeds.  
8
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded System may lock up with a  
Security—Intermittent black screen and  
system lockup occurs after non-responding keyboard  
Root Cause suspicion is a timing issue in low  
memory configurations.  
Integrated graphics uses UMA architecture  
taking 8 MB of memory, leaving only 120  
available to user. This 120 MB is shared by  
both users who are logged in and are  
creating PSD on 2 users  
accounts and using  
fast-user-switching in  
128-MB system  
and mouse instead of  
showing welcome (logon)  
screen when using  
fast-switching with minimal  
RAM.  
fast-user-switching when error is generated.  
configurations  
Workaround is to reboot system and customer is  
encouraged to increase memory configuration  
(HP does not ship 128-MB configurations by  
default with security modules).  
HP ProtectTools Security  
Manager—Warning  
All security applications such HP ProtectTools Security Manager software must  
as Embedded Security, smart be installed before installing any security  
received: The security  
card, and biometrics are  
plug-in.  
application can not be extendable plug-ins for the HP  
installed until the HP  
Security Manager interface.  
Protect Tools Security Security Manager must be  
Manager is installed  
installed before an  
HP-approved security plug-in  
can be loaded.  
HP ProtectTools Embedded The EFS User Authentication This is by design—to avoid issues with Microsoft  
Security—EFS User  
Authentication (password  
request) times out with  
access denied  
password reopens after  
EFS, a 30-second timer watchdog timer was  
clicking OK or returning from created to generate the error message).  
standby state after timeout.  
HP ProtectTools Embedded Functional descriptions during HP is aware of translation issues and will be  
Security—Minor truncation custom setup option during  
during setup of Japanese is installation wizard are  
observed in functional  
description  
translating in future Web release.  
truncated.  
HP ProtectTools Embedded By allowing prompt for User The ability to encrypt does not require password  
Security—EFS Encryption  
works without entering  
password in the prompt  
password to time out,  
encryption is still capable on Microsoft EFS encryption. The decryption will  
a file or folder. require the user password to be supplied.  
authentication, since this is a feature of the  
HP ProtectTools Embedded Embedded security software In future releases, the wizard and user policies  
Security—Secure e-mail is and the wizard do not control descriptions will be modified for better clarity.  
supported, even if  
settings of an e-mail client  
(Outlook, Outlook Express, or configured after Embedded Security is  
Netscape) initialized.  
This behavior is as designed. Encrypted mail is  
unchecked in User  
Initialization Wizard or if  
secure e-mail configuration  
is disabled in user policies  
Technical Reference Guide  
9
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded When the TPM module is  
If system appears not to function properly or the  
Security—Application  
lock-ups occur when the  
connection with a TPM  
Module is lost  
damaged or the connection is TPM is not found, perform the following manual  
lost, the Security Manager  
inspections to ensure the system is properly  
locks up. Attempting to close configured:  
the Security Manager causes  
• Check in the Computer Setup (F10) Utility to  
ensure that the TPM is unhidden.  
Windows error messages.  
• Check the Device Manager reports to  
ensure that the TPM Device Driver is  
installed:  
1. Click Start.  
2. Click Control Panel.  
3. Click System.  
4. Click System Devices.  
5. Click Broadcom TPM. (The device status  
should indicate This device is working  
properly.)  
A 3-minute delay occurs as applications and  
Windows services time out after attempting  
connection to the damaged TPM. The Security  
Manager recovers and the user can run the self  
test and confirm damaged module.  
HP ProtectTools Embedded Running Large Scale  
Security—Running Large Deployment on any  
Scale Deployment a second previously initialized HP  
time on the same PC or on ProtectTools Embedded  
a previously initialized PC Security system will render  
HP is working to resolve the xml-file-overwrite  
issue and will provide a solution in a future  
SoftPaq.  
overwrites Emergency  
existing Recovery Archives  
and Recovery Tokens useless  
by overwriting those xml files.  
Recovery and Emergency  
Token files. The new files  
are useless for recovery.  
10  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools TPM  
Firmware Update  
Expected Behavior of TPM  
firmware Utility  
1. Reinstall HP ProtectTools Embedded Security  
Software  
Utility—The tool provided  
through HP support Web  
site reports ownership  
required  
The firmware upgrade tool  
allows the user to upgrade  
the firmware, both when  
there is and when there is not  
an endorsement key (EK)  
present. When there is no EK,  
no authorization is required  
to complete the firmware  
upgrade.  
When there is an EK, a TPM  
owner must exist, since the  
upgrade requires owner  
authorization. After the  
successful upgrade, the  
platform must be restarted for  
the new firmware to take  
effect.  
2. Run the Platform and User configuration  
wizard.  
3. Ensure that the system contains Microsoft  
.NET framework 1.1 installation:  
• Click Start.  
• Click Control Panel.  
• Click Add or remove programs.  
• Ensure Microsoft .NET Framework 1.1  
is listed.  
4. Check the hardware and software  
configuration:  
• Click Start.  
• Click All Programs.  
• Click HP ProtectTools Security  
Manager.  
If the BIOS TPM is  
• Select Embedded Security from tree  
menu.  
factory-reset, ownership is  
removed and firmware  
update capability is  
prevented until the Embedded  
Security Software platform  
and User Initialization  
Wizard have been  
• Click More Details.  
The system should have the following  
configuration:  
—Product version = V4.0.1  
—Embedded Security State: Chip State =  
Enabled, Owner State = Initialized, User  
State = Initialized  
configured.  
*A reboot is always  
recommended after  
performing a firmware  
update. The firmware version  
is not identified correctly until  
after the reboot.  
—Component Info: TCG Spec. Version =  
1.2  
—Vendor = Broadcom Corporation  
—FW Version = 2.18 (or greater)  
—TPM Device driver library version 2.0.0.9  
(or greater)  
If the FW version does not match 2.18,  
download and update the TPM firmware. The  
TPM Firmware SoftPaq is a support download  
available at www.hp.com.  
Technical Reference Guide  
11  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential Using TPM authentication, the Using Credential Manager Single Sign On tools  
Manager—Using  
user is only logged into the  
local machine.  
allows user to authenticate other accounts.  
Credential Manager  
Network Accounts option,  
a user can select which  
domain account to log into.  
When TPM authentication  
is used, this option is not  
available. All other  
authentication methods  
work properly.  
HP ProtectTools Embedded The error occurs after user  
Use the Browse button to select the location,  
and the restore process proceeds.  
Security—Automated logon  
1. Initializes owner and user  
scripts not functioning  
in Embedded Security  
during user restore in  
(using the default  
Embedded Security  
locations—My  
Documents).  
2. Resets the chip to factory  
settings in the BIOS.  
3. Reboots the machine.  
4. Begins to restore  
Embedded Security.  
During the restore  
process, Credential  
Manager 1.5.0.631.35  
asks user if the system  
can automate the logon  
to Infineon TPM User  
Authentication. If user  
selects Yes, then the  
location of  
SPEmRecToken  
automatically appears in  
the text box.  
Even though this location is  
correct, the following error  
message is displayed: No  
Emergency Recovery  
Token is provided.  
Select the token location  
the Emergency Recovery  
Token should be  
retrieved from.  
12  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential After installing USB token  
Manager—USB token  
credential is not available token credential, and setting to correct.  
with login to Windows XP Credential Manager as  
This only occurs with Windows XP SP1; update  
software, registering the USB Windows version to SP2 via Windows Update  
To work around if retaining SP1, re-log back  
into Windows using another credential  
(Windows password) in order to log off and  
re-log back into Credential Manager.  
SP1  
primary login, the USB Token  
is neither listed nor available  
in the Credential  
Manager/gina logon.  
When logging back into  
Windows, log off Credential  
Manager, re-log back into  
Credential Manager and  
reselect token as primary  
login, the token login  
operation functions normally.  
HP ProtectTools Credential Some Web-based  
Credential Manager Single Sign On does not  
Manager—Some  
applications stop functioning support all software Web interfaces. Disable  
and report errors due to the Single Sign On support for the specific Web  
disabling functionality pattern page by turning off Single Sign On support.  
application Web pages  
create errors that prevent  
user from performing or  
completing tasks  
of Single Sign On. For  
example, an ! in a yellow  
triangle is observed in  
Internet Explorer indicating  
an error has occurred.  
Please see complete documentation on Single  
Sign On, which is available in the Credential  
Manager help files.  
If a specific Single Sign On cannot be disabled  
for a given application. Call 3rd level support  
for HP direct assistance.  
HP ProtectTools Credential System intermittently locks up Press the power button for 3 seconds to force the  
Manager—System  
and displays the going into system to reboot.  
intermittently locks up and hibernation screen when  
HP is working on a resolution. The resolution  
will be made available in future Credential  
Manager product development.  
goes into hibernation when APC Personal biometric USB  
an APC biometric  
fingerprint reader is  
configured as an  
Pod (BIOPOD) is configured  
as an authentication tool for  
Credential Manager.  
authentication tool for  
Credential Manager  
Technical Reference Guide  
13  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Security  
Manager—Intermittently,  
an error is returned when  
closing the Security  
Intermittently (1 in 12  
This is related to a timing dependency on  
instances), an error is created plug-in services load time when closing and  
by using the close button in  
the upper right of the screen is the shell housing the other applications  
to close Security Manager (plug-ins), it depends on the ability of the plug-in  
before all plug-in applications to complete its load time (services). Closing the  
restarting Security Manager. Since PTHOST.exe  
Manager interface  
have finished loading.  
shell before the plug-in has had time to complete  
loading is the root cause.  
To resolve, allow Security Manager to complete  
services loading message (seen at top of  
Security Manager window) and all plug-ins  
listed in left column. To avoid failure, allow a  
reasonable time for these plug-ins to load.  
No corrective action is planned by HP for the  
Security Manager product.  
HP ProtectTools Embedded Using the Embedded Security The system administrator can resolve this by  
Security—Guest User Task Notification Area (task deleting the guest-user-created PSD.  
account can violate policy tray) icon, a guest user can  
HP is working with plug-in suppliers to be aware  
of limited/guest user capabilities for future  
product enhancements.  
through the PSD interface  
bypass Security Manager  
and initialize a basic user.  
During the basic user  
initialization, the guest could  
create a PSD that  
monopolizes the hard drive.  
HP ProtectTools Embedded The following error message Guest user support is not provided by HP, HP  
Security—Guest User  
receives message that  
PTHOST.exe has not  
been approved by  
Hewlett-Packard Company Files\HPQ\HP Protect  
Tools  
appears when a guest user  
opens HP ProtectTools  
Security Manager: this  
module ‘C:\Program  
recommends limited user support by the  
administrator.  
Future improvements are planned to prevent  
Security Manager runtime in Guest mode.  
Security\PTHOST.EXE’  
has not been approved  
by Hewlett-Packard  
Company. Do you want  
to continue?  
HP ProtectTools Embedded This error occurs when  
The second user's PSD will only be available if it  
is reconfigured to use another drive letter or if  
Security—Multiple User  
PSDs do not function in a  
fast-user-switching  
multiple users have been  
created and given a PSD with the first user is logged off.  
the same drive letter. If an  
attempt is made to  
environment  
fast-user-switch between users  
when the PSD is loaded, the  
second user's PSD will be  
unavailable.  
14  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded The PSD is disabled and  
Security—PSD is disabled cannot be deleted after  
and cannot be deleted after formatting the secondary  
As designed: If a customer force-deletes or  
disconnects from the storage location of the PSD  
data, the Embedded Security PSD drive  
formatting the hard drive  
on which the PSD was  
generated  
hard drive on which the PSD emulation continues to function and will produce  
was generated. The PSD icon errors based on lack of communication with the  
is still visible, but the error  
message drive is not  
accessible appears when  
the user attempts to access  
the PSD.  
missing data.  
Resolution: After the next reboot, the emulations  
fail to load and user can delete the old PSD  
emulation and create a new PSD.  
User is not able to delete the  
PSD and a message appears  
that states: your PSD is still  
in use, please ensure  
that your PSD contains  
no open files and is not  
accessed by another  
process. User must reboot  
the system in order to delete  
the PSD and it is not loaded  
after reboot.  
HP ProtectTools *  
Numerous risks are possible Administrators are encouraged to follow “best  
with unrestricted access to the practices” in restricting end-user privileges and  
General—Unrestricted  
access or uncontrolled  
administrator privileges  
pose security risk  
client PC:  
restricting user access.  
Unauthorized users should not be granted  
administrative privileges.  
• deletion of PSD  
• malicious modification of  
user settings  
• disabling of security  
policies and functions  
HP ProtectTools Embedded Hiding the TPM chip in the  
Security—Hiding the BIOS with Embedded  
Broadcom TPM in the BIOS Security software loaded  
Hiding the TPM in BIOS makes the TPM invisible  
to the ACPI table and Windows, and installed  
software cannot recognize the device.  
causes the Embedded  
Security Software to stop  
functioning and produce  
error messages  
stops functioning if Security  
Manager is launched in  
Windows. User will  
eventually see two errors  
indicating inability to connect  
to the TPM three minutes after  
the application hangs up.  
This behavior is as designed, as the Security  
Manager requires the TPM hardware.  
Customers wishing to avoid this behavior should  
re-enable their TPM or remove the HP  
Embedded Security software through  
Add/remove programs.  
Technical Reference Guide  
15  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded If the user  
Security—An internal error  
has been detected restoring  
from Automatic Backup  
Archive  
If the user selects the SpSystemBackup.xml when  
the SpBackupArchive.xml is required,  
Embedded Security Wizard fails with: An  
internal Embedded Security error has  
been detected.  
User must select the correct .xml file to match the  
required reason.  
1. clicks Restore under  
Backup option of  
Embedded Security in  
HPPTSM to restore from  
the automatic backup  
Archive  
The processes are working as designed and  
function properly; however, the internal  
Embedded Security error message is not clear  
and should state a more appropriate message.  
We are working to enhance this in future  
products.  
2. selects  
SPSystemBackup  
.xml  
the Restore Wizard fails and  
the following error message is  
displayed: The selected  
Backup Archive does not  
match the restore  
reason. Please select  
another archive and  
continue.  
HP ProtectTools Embedded During the restore process, if The non-selected users can be restored by  
Security—Security System the administrator selects users resetting the TPM, running the restore process,  
restore error with multiple  
users  
to restore, the users not  
selected are not able to  
restore the keys when trying overwrites the non-restored users and their data  
to restore at a later time. An is lost. If a new system backup is stored, the  
error that a decryption  
process failed message is  
displayed.  
and selecting all users before the next default  
daily back runs. If the automated backup runs, it  
previous non-selected users cannot be restored.  
Also, user must restore the entire system backup.  
An Archive Backup can be restored individually.  
HP ProtectTools Embedded After reinstalling Embedded A reboot is not requested, but it is required. The  
Security—After reinstalling Security, either by setup.bat reinstallation of Embedded Security produces  
Embedded Security, user  
sees general driver error  
or through supplemental CD this error if it is used before the computer is  
autorun, a general driver  
error is displayed when  
opening Security Manager,  
Embedded Security, user  
settings, configure, check  
PSD.  
rebooted.  
HP is working on an enhancement to be made  
available in future product versions.  
HP ProtectTools Embedded Resetting the system ROM to Unhide the TPM in BIOS:  
Security—Resetting System default hides the TPM to  
ROM to default hides TPM. Windows. This does not  
allow the security software to  
Open the Computer Setup (F10) Utility, navigate  
to Security > Device security, modify the  
field from Hidden to Available.  
operate properly and makes  
TPM-encrypted data  
inaccessible.  
16  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded If the user uninstalls HP  
This occurs only on first uninstall attempt. Allow  
more time and the stalled process will  
successfully complete.  
Security—Numerous  
end-task errors during  
reboot after uninstalling  
ProtectTools Embedded  
Security and waits a few  
minutes after the uninstall  
completes, when the user  
selects Yes to reboot,  
numerous end-task errors  
appear with Japanese (JP),  
Taiwanese (TW), Traditional  
Chinese (TZ).  
These end tasks include:  
• persistWnd  
• hkem.exe  
• conime.exe  
• ccapp  
• PSD  
• HP ProtectTools  
Embedded Security Icon  
tray  
Technical Reference Guide  
17  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Embedded When an administrator sets The workaround is to change the NT  
Security—Automatic up Automatic Backup in AUTHORITY\SYSTEM to (computer  
backup does not work with Embedded Security, it creates name)\(admin name). This is the default setting  
mapped drive  
an entry in Windows >  
Tasks > Scheduled Task.  
This Windows Scheduled  
Task is set to use NT  
AUTHORITY\ SYSTEM for  
rights to execute the backup.  
This works properly to any  
local drive.  
if the Scheduled Task is created manually.  
HP is working to provide future product releases  
with default settings that include computer  
name\admin name.  
When the administrator  
instead configures the  
Automatic Backup to save to  
a mapped drive, the process  
fails because the NT  
AUTHORITY\SYSTEM does  
not have the rights to use the  
mapped drive.  
If the Automatic Backup is  
scheduled to occur upon  
login, Embedded Security  
TNA Icon displays the  
following message: The  
Backup Archive location  
is currently not  
accessible. Click here if  
you want to backup to a  
temporary archive until  
the Backup Archive is  
accessible again. If the  
Automatic Backup is  
scheduled for a specific time,  
however, the backup fails  
without displaying notice of  
the failure.  
HP ProtectTools Embedded The current 4.0 software was HP will address this issue in future releases.  
Security—Unable to designed for HP Notebook  
disable Embedded Security 1.1B implementations, as  
State temporarily in  
Embedded Security GUI  
well as supporting HP  
Desktop 1.2 implementations.  
This option to disable is still  
supported in the software  
interface for TPM 1.1  
platforms.  
18  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential User cannot move the  
The browse option was removed from current  
Manager—No option to  
Browse for Virtual  
Token during the login  
process  
location of registered virtual product offerings because it allowed non-users  
token in Credential Manager to delete and rename files and take control of  
because the option to browse Windows.  
was removed due to security  
risks.  
HP ProtectTools Credential Using the Network  
HP is researching a workaround for future  
Manager—Login with TPM Accounts option, a user can product enhancements.  
authentication does not  
give the Network  
Accounts option  
select which domain account  
to log into. When TPM  
authentication is used, this  
option is not available.  
HP ProtectTools Credential When registering a password HP is researching workaround for future product  
Manager—Credential  
Manager creates long  
account names that are  
truncated.  
in Credential Manager, the  
user can click Options and  
select Prompt to select  
account for this  
enhancements.  
application. User must then  
enter a unique name for each  
document so Credential  
Manager can tell which  
password to apply. When  
creating these unique names,  
Credential Manager fills in  
the application name and the  
user enters the document  
name. In this window, the  
user can scroll to view the  
document name. When  
reopening the  
password-protected  
document, the document  
names cannot scroll.  
Credential Manager  
automatically fills in the  
application name; only 9  
characters can be viewed  
when selecting the unique  
name.  
Technical Reference Guide  
19  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential This happens after a domain Credential Manager cannot change a domain  
Manager—Domain  
administrators cannot  
change Windows  
password even with  
authorization  
administrator logs on to a  
domain and registers the  
domain identity with  
Credential Manager using an passwords. The domain user can change  
account with Administrator's his/her password through Windows security  
rights on the domain and the > Change password option, but, since the  
local PC. When the domain domain user does not have a physical account  
user's account password through Change  
Windows password. Credential Manager  
can only change the local PC account  
administrator attempts to  
change the Windows  
on the local PC, Credential Manager can only  
change the password used to log in.  
password from Credential  
Manager, the administrator  
gets an error logon failure:  
User account restriction.  
HP ProtectTools Credential Single Sign On default is set HP is researching a workaround for future  
Manager—Credential  
to log users automatically.  
product enhancements.  
Manager Single Sign On However, when creating the  
default settings should be  
set to prompt to prevent  
loop  
second of two different  
password-protected  
documents, Credential  
Manager uses the last  
password recorded—the one  
from the first document.  
HP ProtectTools Credential If the user logs in to  
HP is researching a workaround for future  
Manager—Incompatibility Credential Manager, creates product enhancements.  
issues with Corel a document in WordPerfect  
WordPerfect 12 password and saves with password  
gina  
protection, Credential  
Manager cannot detect or  
recognize, either manually or  
automatically, the password  
gina.  
HP ProtectTools Credential If the Single Sign On  
HP is researching a workaround for future  
product enhancements.  
Manager—Credential  
Manager does not  
recognize the Connect  
button  
credentials for Remote  
Desktop Connection (RDP)  
are set to Connect, Single  
Sign On, upon relaunch,  
always enters Save As  
instead of Connect.  
HP ProtectTools Credential Credential Manager Single  
Disable the Credential Manager Single Sign  
Manager—ATI Catalyst  
Sign On conflicts with the ATI On.  
configuration wizard is not Catalyst configure wizard.  
usable with Credential  
Manager  
20  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential If user using TPM login  
HP is researching a workaround for future  
Manager— When logging authentication for Credential product enhancements.  
in using TPM  
Manager enters his/her  
authentication, the Back  
button skips the option to  
choose another  
password, the Back button  
does not work properly, but  
instead immediately displays  
the Windows login screen.  
authentication method  
HP ProtectTools Credential When use Credential  
With no administrator password set, user  
Manager—Credential  
Manager opens out of  
standby when it is  
Manager log on to  
cannot logon to Windows through Credential  
Windows is not selected as Manager because of account restrictions  
an option, allowing the  
system to go into S3 suspend  
and then waking the system  
causes the Credential  
Manager logon to Windows  
to open.  
invoked by the Credential Manager.  
Without smart card/token:  
User can cancel the Credential Manager login  
and user will see the Microsoft Windows login.  
User can log in at this point.  
configured not to  
With smart card/token:  
The following workaround allows the user to  
enable/disable opening of Credential Manager  
upon smart card insertion.  
1. Click Advanced Settings.  
2. Click Service & Applications.  
3. Click Smart Cards and Tokens.  
4. Click when smart card/token is inserted.  
5. Select the Advise to log-on checkbox.  
HP ProtectTools Smart Card The Settings button, at HP The message box that asks the operator for a  
Manager—The option to  
Require PIN at Boot  
does not work  
ProtectTools Security  
Manager > Smart Card on the card. This method requires the operator  
Security > BIOS > Smart to have a card and optionally, determined by  
Card BIOS Password  
Properties, is a function of the computer.  
PIN at boot time is then determined by the data  
the card owner, know a PIN to gain access of  
the card properties, as the  
name states. This button is  
functional for any supported  
card placed in the reader.  
The button becomes grayed  
out if there is no smart card  
administrator or user  
For the computer power-on authentication to  
work, the BIOS Security Mode, at the top of  
the Smart Card Security > BIOS page must  
be enabled. If not enabled, the PIN at boot time  
will not have any functionality.  
HP is researching a resolution for next product  
offering.  
password on the card and it  
is available if there is a  
password on the card. This  
allows the card owner to  
change the card PIN at boot  
properties at any time.  
Technical Reference Guide  
21  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Smart Card After unplugging the USB  
Refresh the graphical user interface by closing  
and reopening the smart card software.  
Manager—Smart card  
software displaying  
incorrect USB status  
cable of the Smart Card  
terminal, the status remains  
´blue.´ To get the correct  
status, ProtectTools Security  
Manager must be reopened.  
HP ProtectTools Smart Card If the customer set up the  
There is a BIOS limitation of available  
Manager—Smart Card  
Security Manager allows  
user to enter Japanese  
system to request PIN input,  
fonts/characters. Multi-byte characters stored on  
the BIOS screen stays on with smart card are not correctly displayed. At this  
garbage admin name and  
point, there is no real solution for this.  
characters for the name of prompts for corresponding  
the card owner, but password, so the customer  
Japanese name will be in impact is not minimal. It may  
HP is working to add information in product  
help files to further clarify this limitation in future  
product offerings.  
garbage characters in  
authentication  
lead customer to type wrong  
password and lock up the  
system.  
HP ProtectTools Credential If the TPM module is removed This is as designed.  
Manager—Users lose all  
Credential Manager  
credentials protected by the TPM.  
TPM, if the TPM module is  
removed or damaged  
or damaged, users lose all  
credentials protected by the  
The TPM Module is designed to protect the  
Credential Manager credentials. HP  
recommends that the user back up identity from  
Credential Manager prior to removing the TPM  
module.  
HP ProtectTools Credential During Windows 2000  
This is as designed.  
Manager—Credential  
install, the logon policy is set  
If user wishes to modify operating system level  
settings for auto admin logon values for  
bypassing the edit path is:  
HKEY_LOCAL_MACHINE/Software/Microsoft/  
WindowsNT/CurrentVersion/WinLogon  
Manager not being set as for manual or auto logon  
primary logon in Windows admin. If auto logon is  
2000  
chosen, then the Windows  
default registry settings sets  
the default auto admin logon  
value at 1, and Credential  
Manager does not override  
this.  
Use Registry Editor at your own risk!  
Using the Registry Editor (regedit) incorrectly  
Å
can cause serious problems that may require  
you to reinstall your operating system. There  
is no guarantee that problems resulting from  
the incorrect use of Registry Editor can be  
solved.  
HP ProtectTools Credential If user selects Windows  
The purpose of the desktop alert is to notify the  
Manager— Fingerprint  
logon message appears  
logon, the following desktop user that fingerprint authentication is available,  
alert appears in the  
if it is configured.  
whether or not fingerprint Credential Manager task bar:  
reader is installed or  
registered  
You can place your  
finger on the fingerprint  
reader to log on to  
Credential Manager.  
22  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential The Windows Credential  
Manager—Credential Manager Welcome screen  
The purpose of the alert is to notify the user that  
smart card authentication is available, if it is  
Manager logon window for suggests the user can logon configured.  
Windows 2000 states  
insert card when no  
reader is attached  
with insert card when no  
smart card reader is  
attached.  
HP ProtectTools Credential After allowing system to  
This issue appears to be resolved in SP2 from  
Microsoft. Refer to Microsoft knowledge base  
Manager—Unable to log  
into Credential Manager  
after transitioning from  
transition into hibernation  
and sleeping, Administrator article 813301 for more information on the  
or user is unable to log into cause of the issue.  
sleeping to hibernation on Credential Manager and the  
Customer Workaround:  
Windows XP SP1 only  
Windows logon screen  
remains displayed no matter  
which logon credential  
(password, finger print or  
smart card) is selected.  
In order to logon, user must select Credential  
Manager and log in. After logging into  
Credential Manager, user is prompted to log in  
to Windows (user may have to select the  
Windows login option) to complete login  
process.  
If user logs into Windows first, then user must  
manually log into Credential Manager.  
HP ProtectTools Credential Credential Manager fails to The HP Credential Manager for ProtectTools  
Manager—Restoring register any credentials after fails to access the TPM if the TPM was reset to  
Embedded Security causes the TPM Embedded Security factory settings or replaced after the Credential  
Credential Manager to fail Module is restored.  
Manager installation.  
Workaround:  
1. Back up the user identity before replacing  
or resetting the TPM.  
2. Uninstall the Credential Manager.  
3. Enable and initialize the TPM.  
4. Install the Credential Manager.  
5. Restore the user identity.  
HP is investigating resolution options for future  
customer software releases.  
Technical Reference Guide  
23  
Download from Www.Somanuals.com. All Manuals Search And Download.  
HP ProtectTools Troubleshooting Guide  
Software  
Impacted-Short  
description  
Details  
Solution / Workaround  
HP ProtectTools Credential The Embedded Security  
Users should regularly back up their credentials,  
Manager—Credentials are device encrypts and protects as referenced in help files. The Credential  
lost from Credential  
Manager when Embedded Embedded Security software available on the Credential Manager menu. If  
Security is uninstalled causes a loss of all encrypted the user does not back up credentials prior to  
the credentials. Removing the Manager Backup and Restore options are  
data.  
removing the embedded Security Manager,  
his/her credentials are lost.  
Users who have backed up encrypted  
credentials should:  
1. Reinstall HP ProtectTools Embedded Security  
software.  
2. Perform the restore option for both their  
Embedded Security device and their  
Credential Manager backup files.  
HP ProtectTools Credential Cannot register Smart Card This functionality was not originally designed  
Manager—Security cannot in Credential Manager into the product. This is being implemented in  
register smart card in  
Credential Manager  
through the More option  
through the My Identity > future product revisions being designed by HP.  
More > Register  
Credentials option. User  
must use Register Smart  
Card or Token option.  
HP ProtectTools Credential When user restores identity, This is currently by design.  
Manager—Security  
Credential Manager can lose  
When uninstalling Credential Manager without  
keeping identities, the system (server) part of the  
token is destroyed, so the token cannot be used  
anymore for logon, even if the client part of the  
token is restored through identity restore.  
HP is investigating long-term options for  
resolution.  
Restore Identity process association with the location  
loses association with  
virtual token  
of the virtual token at login  
screen. Even though  
Credential Manager has the  
virtual token registered, user  
must reregister the token to  
restore association.  
24  
Technical Reference Guide  
Download from Www.Somanuals.com. All Manuals Search And Download.  

Hearth and Home Technologies Stove SANTAFEI B User Manual
Heath Zenith Home Safety Product SH 5316 User Manual
Honeywell DVR HRXD16 User Manual
Hotpoint Washer WMEF 702 User Manual
HP Hewlett Packard Projector 760c User Manual
HP Hewlett Packard Speaker System HP E1433A User Manual
Hunter Fan Fan 22787 User Manual
Hypertec Mouse KYBAC100 00BEIHY BEIGE User Manual
IBM Computer Hardware HOTR User Manual
IKEA Dishwasher IUD4000R User Manual