Client Security SecureDrive password problem

[zhenya]

Hi all. I had been using my SecureDrive that was setup when I first installed my computer with no problems. I then decided that I wanted a larger secure drive, so I created it - no problems. Since then, whenever I log-in to my computer, after the Client Security pop-up goes away, it displays the "wrong password, next attempt is delayed" dialog box. If I delete all of my secure drives, then I don't get the wrong password warning. However, as soon as I create a new secure drive, and enter a new password - the wrong password warning comes back. I don't know what's causing it, because I can mount my secure drive just fine - I KNOW that the password is correct! (Although previously the secure drive mounted automatically at start-up, I now must do it manaully) This is largely just an irritation, that it's not working as it should, but I'm also concerned that it has some sort of "counter" and if it thinks it's getting the wrong password every time I log on, it could cause problems down the road. Help much appreciated!

[egibbs]

It sounds like you have a certificate stored on your computer that is supplying an old set of credentials.

Not sure how to delete a certificate, but Google is your friend.

Ed Gibbs

[Jona]

Exactly the same happened to me recently. The Securedrive I created during installation mounted automatically, even if I told it to start up manually, so I deleted it and created a new one. Since then I get that same message, warning me about a incorrect password and delaying the next attempt. Every time at bootup it pops up again with a longer delay because of the incorrect password, so it gets more annoying every time.

Seems like a bug to me. Has anyone found a solution for this?

[zhenya]

Jona - I still haven't solved this problem. I don't think it's an issue of a certificate supplying old credentials for two reasons - one, because I never set up certificate authentication, and two, I've uninstalled the entire program and started again from scratch - same issue! Please post if you come up with anything!

[Jona]

I have no certificates set up on my computer either.

I named the new secured volume Securedrive after the one that I deleted and set another password. Could it be that CSS still thinks it is the same drive and is trying to mount it automatically with the old password? That would explain the incorrect password messages.

[xcoll2001]

I just posted in another thread about the same issue. CSS 7 isn't working with the secure disk. I also opened the Password manager and see if it is actually storing the right password. In fact it is not. While with other entries i can check to display the encrypted text but for the ones in securedisk that feature isn't working. And you can't edit the password either with the manager.

I have also found problem not working with Maxthon/IE.

[Tony's X60s]

I have only ever used the certificate option for private disks - which I think means that the CSS7 authentication based on fingerprints or Windows password applies also to private disk access. Because of this Password Manager is not involved.

Is there some reason why using a password is better? The warning message that pops up indicates that certificates are regarded as better, so I'm interested to know why the separate password option is provided.

[Zvi]

This Thread SEEMS to be the current one discussing "Virtual Disk" issues so I will throw in my $0.02 to see if anyone has any ideas.
I just got a ThinkPad R52. I updated just about all of the software bringing it up to current spec. This included installing the CSS 7 and creating a "SecureDrive".
The problem is that I cannot seem to supply an appropriate "Administrator Password" to the CSS software that administers this "Drive".
Now, I only have ONE password for "Administrator", and one for each of two users -- each with admin rights. None of these is acceptable when I enter it!
I *did* locate on one of the "hints and tips" items that the Admin Password for the SecureDrive is generated randomly (!!!) which means that I can have this "Disk" mounted when I boot up but, if I unmount it for any reason, I can NOT remount it for any reason until I log off and log back on.
This sounds utterly idiotic to me. Further, I can not see ANY way to delete this particular Private Disk (although I could -- apparently -- create new Private Disks and delete those).
I cannot find any documentation that really discusses this. Has anyone found anything on this?
I did submit a query to IBM Support -- however, since this was a TP bought on the IBM EPP "Used" site, the 6 month warranty apparently does not include software (as I found out AFTER getting this thing!). So, I am not sure if I will receive an answer -- even though this is a question about NEW software!
Can nayone help here???

Thank you!

[Zvi]

The problem that you describe appears to similar to the one that I saw in "HInts and Tips". You may have to change your "options" to something like "Mount after user is logged in" rather than "mount manually". According to the "Hints and Tips", since the Password is system-generated, it would be impossible for you to respond correctly to it....

I did NOT make this up... and it sounds like one of the more off-the-wall "features" that someone could come up with!....

[cyberjas]

well here's the reason for the password issue, and a solution for those who haven't re-configured their CSS securedrive, for those who have, like me, I'm still waiting for response from Lenovo on the issue:
https://www.utimaco.com/internet/Uti_Kn ... enDocument

[Tony's X60s]

Everything I read in the Utimaco knowledge base and the SecureDrive Help file says certificates are better than passwords. Every post here says passwords create problems. Am I missing something? Why is anyone ever using them? I don't mean to sound smart about this - I am genuinely puzzled.

BTW, this little gem is also on the Utimaco knowledge base about how to preserve your securedrive data when upgrading CSS: "Article 107242. What should be considered before uninstalling CSS when SafeGuard PrivateDisk is installed?"

Given that I have upgraded to CSS7 (with some problems), then uninstalled CSS7 and reinstalled CSS7 in complete ignorance of what they recommend and still have trouble free access to my main working secure drive (certificate authentication!), I don't understand the basis of their advice and I don't recall seeing it anywhere on Lenovo or IBM's upgrade notes.

Maybe my lack of problems is because I have never used the secure drive that is created in the initial wizard, but have always created my own later and specified certificate based authentication? Others' experience recorded here makes me ensure I have a back up of everything in my secure drive at all times.

[cyberjas]

I think the problem stems from the lack of documentation when CSS has been downloaded and there was no dialogue boxes to tell user to back up decrypted data before the the install. and we trust and upgrade would definitely work. also because it's a "IBM version" it's very hard to report a fault since they insisted there's no warranty nor support on the software and the only way to rectify the issue is to restore to factory image.

[Zvi]

Well, I did get a phone call from someone (sorry, I do not remember who). He confirmed that I was correct -- that with the system-generated password, once you unmount the "SecureDrive" during a session, you cna never remount it because the system generated password for that session is unknown to you. the only way to remount it is to end the session. This seems to me to be REALLY stupid.

I also noted that the ONLY way that I can get a SecureDrive mounted is to specify "Mount Manually". What happens is that after system start-up, I get prompted for a password -- but it is the password that I originally set up when the SecureDrive was created as part of the install of CSS-7. If I choose ANY other option (e.g., Mount after User is logged in) then I get prompted for a password -- which is the system-generated one so that the Mount fails. I also believe that "Mount Manually" was the default option when I first put the SecureDrive in as part of the CSS-7 install.

I further noted that it is IMPOSSIBLE to ever change your original password (from CSS-7 install) since you would have to specify the current password -- and that password is the system-generated one! That is -- to me -- an absolutely idiotic design.

It appears from the SecureGuard documentation that the ONLY secure drives that can be mounted and unmounted would have to be created by the user searately.

I do not recall now (although a few people mentioned it to me) how to destroy the "default" Securedrive which borders on being useless once you created other such drives manually (which you can then control better).

Hope that this helps....

--Zvi

[cyberjas]

mmm...so does that mean if the SecureDrive I use was generated and they lost my session the volume is eternally unreadable ??
....thanks Lenovo...not !!

[Tony's X60s]

According to the Utimaco doco, if you set it to "Mount after logon" then reboot and logon, you should have access to it again. However, I have not tested this.

If it works as they recommend, I suggest you create a new securedrive selecting certificate authentication and copy the contents to the new drive, then export the certificate to a safe place.

Good luck.

[cyberjas]

I'll have a go and see if that works on the weekend.