Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Smart card Pre-boot Authentication Failure

Created: 05 Oct 2012 | 1 comment

PGP US 3.2.0 (Build 2599)

Desktop 10.2.0.2599 (if there's a newer version, it's well hidden on Symantec's site)

We only use PGP for WDE. No email\NetShare.

Computers in question: Win 7 64bit SP1

Password enrollment works fine.

Server Key mode is set to SKM + CKM per PGP's instructions after multiple long calls last year finally landed me with some techs in Germany. I'm in the States. Our techs recently informed me that Smart cards never worked as expected with PGP's pre-boot and we're now entering the "Required" phase of smart card usage. On occasion a machine here and there will work, but PGP is one of many projects I handle so I don't have the time to monitor it the way I'd like to.

I created a separate policy for my account and tested with only CKM, but regardless, the card is does seem to be seen at pre-boot. We get the bad beep and "Incorrect authentication, please try again". I tried with 2 different laptops today and the PGP desktop software saw the card on one machine when logged into Windows, but failed at preboot. The other machine doesn't see the card in the PGP desktop software and fails at preboot, but Windows does see the card and will allow me to log on with it. ...I can log off, then use the Smart card to logon at the Windows prompt. Then try rebooting and the card still fails at pre-boot.

Any suggestions on how to get PGP's pre-boot to finally work with smart cards would be greatly appreciated.

 

Thanks,

-Steve

 

 

 

Comments 1 CommentJump to latest comment

PGP_Ben's picture

Sorry for the very long delay in responding to this forum thread. I just noticed this one, and maybe it's too late. But we actually have a hardware compatability list in our release notes of which Smart Cards and Smart card readers we are compatible with. This is because we have to have a different driver than just the windows driver to work in our preboot environment. See here for the latest version of Encryption Desktop (formerly PGP Desktop) release notes:

http://www.symantec.com/business/support/index?pag...

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.