The Client Security Solution User Guide cannot be opened from the Help Menu
	The Client Security Software v5.4x install wizard will not accept the hardware password
	The passphrase policy states a user cannot change a password within 3 days of previously changing the password
	"This instance of cssppchange.exe cannot start because there was an initialization error" error message
	After the security chip is cleared (or after the system board is replaced), the password recovery questions are not accepted
	The "Set up hardware password reset" dialog refers to an "administrator password" in the BIOS. There is no administrator password.
	Client Security Solution errors occur when the security chip is disabled after the Client Security Solution program is installed
	When a user changes the Startup option for PrivateDisk Volume "PrivateDisk" to "Mount when volume file is accessible," a password prompt will display after every reboot
	Created backups do not appear in the Rescue and Recovery workspace
	Deleted files on the PrivateDisk are not restored when the user performs a restore and selects "I want to save all the files that have been created or changed since my last backup."
	The name of a PrivateDisk volume that was changed using the PrivateDisk Settings dialog does not reflect the change
	The user gets an error message from PrivateDisk when using a certificate to authenticate a PrivateDisk volume
	The PrivateDisk online help indicates a PrivateDisk icon appears in the Windows Task bar. This icon does not exist.
	A message similar to the following is displayed: "Unable to save file C:\Windows\Downloaded Installations\{0C529225-BDD7-404A-AA0D-240B and Recovery - Client Security Solution.msi"
	Migration file passwords containing a space are not recognized when the file is applied to the target system
	When no certificates are selected for transfer, no action is taken
	"The disk file does not exist" error message
	The Next button is not grayed out when a user enters the secure OS to recover a lost hardware (power on) password
	The exported Password Manager database file is corrupt and cannot be imported
	"The System Restore filter encountered the unexpected error..." error message
	The fingerprint device is not displayed as a policy option immediately following Client Security Solution enrollment
	PrivateDisk volumes that are protected with certificates fail to mount
	The Remote Desktop feature might fail when using the Client Security Solution login interface
	The Password Manager recall hotkey does not work when using a Mozilla browser
	"Fingerprint not enrolled" error message
	User is locked out of the computer immediately following Client Security Solution user enrollment
	Translation error in Password Manager Export Entries interface
	The check box for Enable Password Manager might not save the desired state
	After changing the Enable Hotkeys check box state, the hotkeys are still in the same state (either enabled or disabled)
	Upgrade considerations for the OEM version of the Rescue and Recovery program
	An unexpected background image is displayed during enrollment of subsequent users via the Security Wizard
	Logon failure using the CSS logon interface after changing the Windows userID
	The PrivateDisk configuration screen is displayed unexpectedly
	Must install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support
	Users are unable to access the My Recent Documents folder
	Password Manager does not populate fields in some applications and Web pages
	Recommended procedure when upgrading from Rescue and Recovery 3.0 and Client Security Solution 6.0 to Rescue and Recovery 3.1
	Microsoft Internet Explorer crashes when using ThinkVantage Client Security Solution 7 Password Manager

The Client Security Solution User Guide cannot be opened from the Help Menu because the Acrobat reader is not yet installed on the system.

Install the Adobe Acrobat reader.

Back to top

If the user installs, and configures CSS 6.0, then uninstalls it, and then installs CSS 5.4x, the 5.4x install wizard will not accept the hardware password. The hardware password is not recognized because the method for storing the passwords between the two software programs is not compatible.

Turn the computer off, wait five seconds, and then restart the computer. During startup, enter the BIOS Setup utility, go to BIOS settings, and clear the security chip.

Back to top

The passphrase policy states a user cannot change a password within 3 days of previously changing the password. Under certain situations, the user is able to change the password within 3 days.

The two situations where the user is allowed to change his password within 3 days are as follows:

• The first time after the initial installation when running the Client Security Solution setup wizard.
• If the user forgets his passphrase, it can be reset within three days, but cannot be reset again without waiting three days.

Back to top

A user might get the following message: "This instance of cssppchange.exe cannot start because there was an initialization error."

This error occurs because the security keys are no longer tied to the security chip. This occurs after the security chip is cleared or the system board is replaced.

Run cssplanarswap.exe from the "Client Security Solution" folder, which is usually in the Program Files folder.

Back to top

After the security chip is cleared (or after the system board is replaced), the password recovery questions are not accepted. In addition the following error is displayed: "The answers you provided to the recovery questions were not correct. Would you like to retry?"

When the system board is replaced or the security chip is cleared, the security keys must be associated to the security chip. If this is not done, the Client Security Solution application will not function properly.

1. Run cssplanarswap.exe from the "Client Security Solution" folder to associate the keys with the security chip.
2. Run the Client Security Solution setup wizard to reconfigure the computer.

Back to top

The "Set up hardware password reset" dialog refers to an "administrator password" in the BIOS. There is no administrator password. The correct terms are "user" password and "supervisor" password.

The text is incorrect; this should be "supervisor password."

Back to top

Client Security Solution errors occur when the security chip is disabled after the Client Security Solution program is installed.

If you set the security chip to Disabled in BIOS then it is as though you have removed the security chip from the computer. This is similar to what happens with network and audio systems when you disable them from within the BIOS; they do not appear to be installed in the computer at all.

Uninstall and reinstall the Client Security Solution.

Note: It is NOT sufficient to simply rerun the Client Security Solution setup wizard. If you do this, the application will run in emulation mode.

Back to top

When a user changes the Startup option for PrivateDisk Volume "PrivateDisk" to "Mount when volume file is accessible," a password prompt will display after every reboot. However, the password is unknown to the user because it is randomly generated by the installation.

• Change the Startup setting to "Mount after user is logged on to the system."
• Click Cancel. The PrivateDisk will automatically mount itself using the system generated password.

Back to top

Created backups do not appear in the Rescue and Recovery workspace when SafeGuard Easy is installed before Rescue and Recovery / Client Security Solution.

Run the winperepair.exe file from the C:\Program Files\Utimaco\SafeGuard Easy directory before entering the Rescue and Recovery workspace. The backups will be visible and the restore operation can be completed.

Back to top

Deleted files on the PrivateDisk are not restored when the user performs a restore and selects "I want to save all the files that have been created or changed since my last backup."

A PrivateDisk volume is a virtual disk which resides on the hard drive as a single file located in the current user's My Documents folder as pdisk001.vol. When the user modifies, changes, or deletes any file contained on the PrivateDisk volume, the physical file (the single pdisk001.vol file) on the hard drive changes. Therefore, when a user elects to save changed files during a restore operation, the software treats the pdisk001.vol file the same as any other changed file and does not restore it. Consequently, the files contained therein which were deleted are not recovered, because the backed up PrivateDisk file is not restored.

Complete the following procedure:

1. Initiate a full hard disk backup operation.
2. Create a new (temporary) PrivateDisk volume using the following procedure:
   1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
   2. Select Protect Data. The PrivateDisk Settings dialog displays.
   3. Click New and follow the instructions on the screen to create a new PrivateDisk.
3. Copy the files from the old PrivateDisk volume to the new, temporary PrivateDisk volume using Windows Explorer.
4. Unmount and rename the existing PrivateDisk volume. This will enable you to restore the old PrivateDisk volume from a backup.
   1. Select SecureDrive.
   2. Click the Unmount icon at the upper part of the window.
   3. Go to the My Documents folder and rename this file securedrive.vol.
   4. Click Yes to the warning about renaming a read-only file.
5. Restore the securedrive.vol file from a backup.
6. Reboot the computer. Now the PrivateDisk file which will be mounted is the version from the backup.
7. Mount the temporary PrivateDisk volume:
   1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
   2. Select Protect Data. The PrivateDisk Settings dialog displays.
   3. Select your temporary drive.
   4. Click Mount and enter the password you specified earlier.
8. Copy the changed files from the temporary PrivateDisk volume to the restored PrivateDisk volume.
9. Delete the temporary PrivateDisk volume using the following procedure:
   1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
   2. Select Protect Data. The PrivateDisk Settings dialog displays.
   3. Right-click your temporary drive and select Unmount.
   4. Right-click your temporary drive and select Remove from List. This procedure results in a new PrivateDisk volume containing the deleted files and files that had been altered.

Back to top

The name of a PrivateDisk volume that was changed using the PrivateDisk Settings dialog does not reflect the change. The PrivateDisk Settings dialog only changes the logical name for use within the PrivateDisk Settings dialog. The name of the disk file, which is the name that appears in Windows Explorer, does not change.

None.

Back to top

The user gets an error message from PrivateDisk when using a certificate to authenticate a PrivateDisk volume. This issue occurs because PrivateDisk tries to access the certificate before the security service is ready. Both PrivateDisk and the security service are started by the run key in the registry. Consequently, it is impossible to guarantee their respective start order. When the PrivateDisk volume is configured to mount automatically, it might be mounted before the security service is started. When this occurs, the certificate will not be available and PrivateDisk will display an error message.

• Authenticate with the Client Security Solution program. This will ensure that the security service is started and initialized before the PrivateDisk volume.
• Mount the certificate-protected PrivateDisk volume manually.

Back to top

The PrivateDisk online help indicates a PrivateDisk icon appears in the Windows Task bar. This icon does not exist.

The user can run the PrivateDisk Settings dialog using the following procedure:

1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
2. Select Protect Data.

Back to top

A message similar to the following is displayed: "Unable to save file C:\Windows\Downloaded Installations\{0C529225-BDD7-404A-AA0D-240B and Recovery - Client Security Solution.msi."

The Rescue and Recovery 3.0 and Client Security 6.0 application must be installed by a user with administrative privileges. When a non-administrator user tries to install Rescue and Recovery 3.0 or Client Security 6, the above message is displayed because InstallShield will try to create a cached copy of the installation source in the C:\Windows\Downloaded Installations folder before executing the Windows Installer setup package. A limited user does not have access to this folder.

Log on as a user with administrative privileges to run the Rescue and Recovery 3.0 or Client Security Solution 6.0 installation.

Back to top

Migration file passwords containing a space are not recognized when the file is applied to the target system.

The "Create a migration file" interface allows spaces to be included in a password; however, the entirepassword is not recognized. It is only recognized up until the space.

Do not use a password containing a space.

If a migration file was created that uses a password containing a space, enter only the portion of the password that precedes the space. For example, if the password is "pass word," use "pass" as the password when applying the migration file on target system.

Back to top

When no certificates are selected for transfer, no action is taken.

The Certificate Transfer Wizard only notifies users about certificates which were transferred between the Microsoft and the Client Security Solution certificate store. Consequently, if the user does not select any certificates to transfer, no messages are displayed.

If no messages are displayed after the user clicks Finish in the certificate transfer wizard, then no certificates were transferred.

Back to top

When a user uninstalls the Rescue and Recovery with Client Security Solution application, the PrivateDisk volume is not deleted. When the Client Security Solution Setup Wizard runs upon reinstallation, the PrivateDisk setup procedure attempts to unmount the existing PrivateDisk, generating the first error message: "The disk file does not exist."

A second error message is generated when the PrivateDisk application attempts to make a new volume and finds the existing file on the hard drive. A message is generated asking the user if he wants to overwrite the disk: "The file already exists. Do you want to overwrite it?"

The old PrivateDisk volume has a filename of SecureDrive.vol_"date." PrivateDisk passwords are randomly generated and are not known by the user. Therefore, old PrivateDisk volumes will never be accessible again and should be deleted.

Before uninstalling the Rescue and Recovery with Client Security Solution application, create a PrivateDisk volume manually using the PrivateDisk settings interface. Manually create a known password for this volume. This drive can then be mounted after the reinstall and the files copied to the new system-generated PrivateDisk volume.

Back to top

The Next button is not grayed out when a user enters the secure OS to recover a lost hardware (power on) password. Thus, if the user incorrectly presses the Enter key to switch tabs before all the questions have been answered, the system thinks he wants to proceed. Without all of the correct answers, the system fails the check. After three fails, the user is booted out of the secure OS interface.

Do not press the Enter key until all three questions are completed.

Back to top

The exported Password Manager database (.PWM or .EXE) file is corrupt and cannot be imported when using a device with less than 1.7MB of free space.

When a user exports the Password Manager database file to a device with less than 1.7MB of free space, the exported Password Manager database file becomes corrupted and no error message is generated to warn the user about the file corruption.

To avoid this issue, export the database file to a device with at least 1.7MB of free space.

Back to top

PrivateDisk "Fixed Drive" option causes an Event Viewer - System error when Windows System Restore is running causing the System Restore Points to disappear.

The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'M .. s' on the volume 'PrivateDiskVolume000000000000000a'. It has stopped monitoring the volume.

Do not use the PrivateDisk "Fixed Drive" option when running Windows System Restore. Assign a drive letter without making the volume a fixed drive.

Back to top

When a user enrolls fingerprints after having enrolled with the Client Security Solution application, the fingerprint device is not displayed as a policy option until after the computer is rebooted.

Reboot the computer immediately after enrolling with the Client Security Solution application.

Back to top

PrivateDisk volumes that are protected with certificates might fail to mount when the option 'Mount after user logged on to the system' is selected.

This issue might occur after the following steps have been taken:

1. A PrivateDisk volume is created.
2. A certificate is used to protect the volume.
3. The 'Mount after user logged on to the system' startup option is selected. Upon a subsequent reboot the following error message might display: 'An error occurred while opening the virtual disk using the certificate'

This is an intermittent error and might not occur on every reboot.

To avoid this problem, complete the following procedure:

• Select Mount manually as the startup option for the PrivateDisk volume.

To recover from a broken state, complete the following procedure:

• Mount the PrivateDisk volume manually using the PrivateDisk Mount option.

Back to top

The Remote Desktop feature might fail when using the Client Security Solution login interface.

When attempting to logon remotely to a computer that uses the Client Security Solution logon interface, the authentication process appears to function correctly. However, just before the user is logged on, the "control-alt-delete" screen is displayed and the user is not able to log on.

Use the Policy Manager application to disable the Client Security Solution logon interface.

Back to top

Information saved in the Password Manager application is not automatically populated in the Web site fields by the Ctrl+F2 recall hotkey when using a Mozilla browser.

Use the Microsoft Internet Explorer browser.

Back to top

Secondary users, with the exception of the master administrator, will experience a "Fingerprint not enrolled" error message following Client Security Solution enrollment.

Enroll fingerprints before completing the Security Setup Wizard enrollment or simply continue with fingerprint enrollment.

Back to top

If the user enters a locked state immediately after enrolling with the Client Security Solution application, the user will not be able to log on even if the correct authentication information is provided.

Reboot the computer immediately after enrolling a user using the Security Setup Wizard.

Back to top

Translation error in Password Manager Export Entries interface.

When exporting Password Manager data to a file, the export entry interface is displayed. This interface has two text fields that enable a user to create a password to protect the generated Password Manager Export file.

The Japanese language labels for the text boxes are translated incorrectly.

The correct English interface is shown below.

None.

Back to top

The state of the Enable Password Manager check box might not save properly. The check box always displays as checked when you open the Advanced tab of the Password Manager Preferences interface.

To disable the Password Manager application, clear all of the other check boxes in the Application Support sub-section of the Advanced tab of the Password Manager Preferences interface.

Back to top

After changing the Enable Hotkeys check box state, the hotkeys are still in the same state (either enabled or disabled).

The keyboard references are established during the initialization of the Password Manager application. Consequently, the Password Manager application must be re-initialized for the hotkey changes to take effect.

Log off and log back on the Password Manager application, or reboot the computer, to ensure that the changes take effect.

Back to top

When upgrading from the OEM version of Rescue and Recovery 3.0 to the OEM version of Rescue and Recovery 3.1 AND when installing the OEM version of the Client Security Solution 7.0 program, a problem might occur during configuration of Client Security Solution 7.0 program, such that the Password Manager application might not function properly.

To avoid any potential problems caused by upgrading from Rescue and Recovery 3.0 to Rescue and Recovery 3.1, complete the upgrade by following all on-screen prompts and interfaces. After the upgrade is completed, then install the Client Security Solution 7.0 program, if desired. Do not try to install the Client Security Solution application before the upgrade to Rescue and Recovery 3.1 is complete.

Back to top

During enrollment of subsequent users via the Security Wizard an unexpected graphic is displayed behind the text on the PrivateDisk screen.

The PrivateDisk screen of the Security Wizard displays an unexpected image underneath the controls and text. This problem occurs during the enrollment of subsequent users only if the initial user configured the computer using the secure mode and disabled the password recovery mechanism.

This problem does not hinder the functionality of the Security Wizard. Although the image is distracting, the text is legible and the controls are accessible. Follow the instructions on the screen and continue with the enrollment.

Back to top

Unable to log on using the CSS logon interface after changing the Windows userID.

When the Control Panel > User Accounts > Change an Account > Change My Name command is used, only the user Full Name is changed. This command does not change the actual account name. When the user tries to use the new userID, it is not recognized as a valid username. The current version of Client Security logon interface does not support changing only full names.

Continue to use the old username or change the full name back to the original.

Back to top

The PrivateDisk configuration screen is displayed even though the initial user elected not to create private disks.

During the enrollment of secondary users, the Security Wizard displays the PrivateDisk configuration screen even when the initial user elected not to create private disks.

To disable the use of private disks, an administrative user must exclude the private disk module from the installation using the installation wizard. This can be accomplished during initial installation or subsequently by re-running the installation wizard using the Windows Control Panel "Add/Remove Programs" utlity.

Back to top

Users must manually install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support.

Users must manually install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support.

To install the ThinkVantage Password Manager 2.0 Extension for FireFox, complete the following procedure:

1. Open Firefox.
2. Click File, click Open File, then select the tvtpwm_moz_xpi.xpi file from the location where the Client Security Solution application is installed. For example "C:\Program Files\Lenovo\Client Security Solution". The Software Installation window is displayed.
3. Click Install Now.
4. The plugin is displayed in the Extensions window while installing. A message prompting you to restart Firefox to complete the installation is displayed.
5. To verify that the .xpi file installed correctly, restart Firefox.
6. Click Tools, then click Extensions. ThinkVantage Password Manager 2.0 should be displayed in the extension list.

Back to top

After the Client Security Solutionapplication is installed, a user might not be able to access the My Recent Documents folder. The following error message is displayed:

"C:\Documents and Settings\user\My Recent Documents is not accessible. Access is denied."

The Client Security Solution application modifies access permission for clean-up reasons, clearing the Make this folder private check box. Consequently, users will lose access permission to the My Recent Documents folder.

To correct this issue, complete the following procedure:

1. Right-click the C:\Documents and Settings\user\My Recent Documents folder.
2. Select Properties.
3. Click the Sharing tab.
4. Check the Make this folder private check box, then click OK.

Back to top

Password Manager does not populate fields in some applications and Web pages

Back to top

Problems are encountered when upgrading from Rescue and Recovery 3.0 and Client Security Solution 6.0 to Rescue and Recovery 3.1

To avoid upgrade problems, complete the following procedure:

1. Install Rescue and Recovery 3.1, but DO NOT reboot when prompted.
2. Install Client Security Solution 7.0.
3. Reboot when prompted.
4. When you log on after the reboot, you will be asked to migrate from the pervious version. Select to migrate from the pervious version.

CMVC Defect Number: hlpct_62533

Back to top

Microsoft Internet Explorer crashes when using ThinkVantage Client Security Solution 7 Password Manager. This is due to an issue with the tvtpwm_ie_com.dll file that is a part of certain early builds of Client Security Solution 7.

Apply the Maintenance Patch for ThinkVantage Client Security Solution 7.0 available from the following Web site:

Maintenance Patch for ThinkVantage Client Security Solution 7.0

CMVC Defect Number: 343331