Choose Your Product
No Product SelectedSelect Product
Client Security Solution 7.0 - Considerations
Select the symptom that best matches the problem you are experiencing:
The Client Security Solution User Guide cannot be opened from the Help Menu
The Client Security Software v5.4x install wizard will not accept the hardware password
The passphrase policy states a user cannot change a password within 3 days of previously changing the password
"This instance of cssppchange.exe cannot start because there was an initialization error" error message
After the security chip is cleared (or after the system board is replaced), the password recovery questions are not accepted
The "Set up hardware password reset" dialog refers to an "administrator password" in the BIOS. There is no administrator password.
Client Security Solution errors occur when the security chip is disabled after the Client Security Solution program is installed
When a user changes the Startup option for PrivateDisk Volume "PrivateDisk" to "Mount when volume file is accessible," a password prompt will display after every reboot
Created backups do not appear in the Rescue and Recovery workspace
Deleted files on the PrivateDisk are not restored when the user performs a restore and selects "I want to save all the files that have been created or changed since my last backup."
The name of a PrivateDisk volume that was changed using the PrivateDisk Settings dialog does not reflect the change
The user gets an error message from PrivateDisk when using a certificate to authenticate a PrivateDisk volume
The PrivateDisk online help indicates a PrivateDisk icon appears in the Windows Task bar. This icon does not exist.
A message similar to the following is displayed: "Unable to save file C:\Windows\Downloaded Installations\{0C529225-BDD7-404A-AA0D-240B and Recovery - Client Security Solution.msi"
Migration file passwords containing a space are not recognized when the file is applied to the target system
When no certificates are selected for transfer, no action is taken
"The disk file does not exist" error message
The Next button is not grayed out when a user enters the secure OS to recover a lost hardware (power on) password
The exported Password Manager database file is corrupt and cannot be imported
"The System Restore filter encountered the unexpected error..." error message
The fingerprint device is not displayed as a policy option immediately following Client Security Solution enrollment
PrivateDisk volumes that are protected with certificates fail to mount
The Remote Desktop feature might fail when using the Client Security Solution login interface
The Password Manager recall hotkey does not work when using a Mozilla browser
"Fingerprint not enrolled" error message
User is locked out of the computer immediately following Client Security Solution user enrollment
Translation error in Password Manager Export Entries interface
The check box for Enable Password Manager might not save the desired state
After changing the Enable Hotkeys check box state, the hotkeys are still in the same state (either enabled or disabled)
Upgrade considerations for the OEM version of the Rescue and Recovery program
An unexpected background image is displayed during enrollment of subsequent users via the Security Wizard
Logon failure using the CSS logon interface after changing the Windows userID
The PrivateDisk configuration screen is displayed unexpectedly
Must install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support
Users are unable to access the My Recent Documents folder
Password Manager does not populate fields in some applications and Web pages
Recommended procedure when upgrading from Rescue and Recovery 3.0 and Client Security Solution 6.0 to Rescue and Recovery 3.1
Microsoft Internet Explorer crashes when using ThinkVantage Client Security Solution 7 Password Manager

Symptom

The Client Security Solution User Guide cannot be opened from the Help Menu because the Acrobat reader is not yet installed on the system.

Solution

Install the Adobe Acrobat reader.


Back to top


Symptom

If the user installs, and configures CSS 6.0, then uninstalls it, and then installs CSS 5.4x, the 5.4x install wizard will not accept the hardware password. The hardware password is not recognized because the method for storing the passwords between the two software programs is not compatible.

Solution

Turn the computer off, wait five seconds, and then restart the computer. During startup, enter the BIOS Setup utility, go to BIOS settings, and clear the security chip.


Back to top


Symptom

The passphrase policy states a user cannot change a password within 3 days of previously changing the password. Under certain situations, the user is able to change the password within 3 days.

Solution

The two situations where the user is allowed to change his password within 3 days are as follows:

  • The first time after the initial installation when running the Client Security Solution setup wizard.
  • If the user forgets his passphrase, it can be reset within three days, but cannot be reset again without waiting three days.

Back to top


Symptom

A user might get the following message: "This instance of cssppchange.exe cannot start because there was an initialization error."

This error occurs because the security keys are no longer tied to the security chip. This occurs after the security chip is cleared or the system board is replaced.

Solution

Run cssplanarswap.exe from the "Client Security Solution" folder, which is usually in the Program Files folder.


Back to top


Symptom

After the security chip is cleared (or after the system board is replaced), the password recovery questions are not accepted. In addition the following error is displayed: "The answers you provided to the recovery questions were not correct. Would you like to retry?"

When the system board is replaced or the security chip is cleared, the security keys must be associated to the security chip. If this is not done, the Client Security Solution application will not function properly.

Solution
  1. Run cssplanarswap.exe from the "Client Security Solution" folder to associate the keys with the security chip.
  2. Run the Client Security Solution setup wizard to reconfigure the computer.

Back to top


Symptom

The "Set up hardware password reset" dialog refers to an "administrator password" in the BIOS. There is no administrator password. The correct terms are "user" password and "supervisor" password.

Solution

The text is incorrect; this should be "supervisor password."


Back to top


Symptom

Client Security Solution errors occur when the security chip is disabled after the Client Security Solution program is installed.

If you set the security chip to Disabled in BIOS then it is as though you have removed the security chip from the computer. This is similar to what happens with network and audio systems when you disable them from within the BIOS; they do not appear to be installed in the computer at all.

Solution

Uninstall and reinstall the Client Security Solution.

Note: It is NOT sufficient to simply rerun the Client Security Solution setup wizard. If you do this, the application will run in emulation mode.


Back to top


Symptom

When a user changes the Startup option for PrivateDisk Volume "PrivateDisk" to "Mount when volume file is accessible," a password prompt will display after every reboot. However, the password is unknown to the user because it is randomly generated by the installation.

Solution
  • Change the Startup setting to "Mount after user is logged on to the system."
  • Click Cancel. The PrivateDisk will automatically mount itself using the system generated password.

Back to top


Symptom

Created backups do not appear in the Rescue and Recovery workspace when SafeGuard Easy is installed before Rescue and Recovery / Client Security Solution.

Solution

Run the winperepair.exe file from the C:\Program Files\Utimaco\SafeGuard Easy directory before entering the Rescue and Recovery workspace. The backups will be visible and the restore operation can be completed.


Back to top


Symptom

Deleted files on the PrivateDisk are not restored when the user performs a restore and selects "I want to save all the files that have been created or changed since my last backup."

A PrivateDisk volume is a virtual disk which resides on the hard drive as a single file located in the current user's My Documents folder as pdisk001.vol. When the user modifies, changes, or deletes any file contained on the PrivateDisk volume, the physical file (the single pdisk001.vol file) on the hard drive changes. Therefore, when a user elects to save changed files during a restore operation, the software treats the pdisk001.vol file the same as any other changed file and does not restore it. Consequently, the files contained therein which were deleted are not recovered, because the backed up PrivateDisk file is not restored.

Solution

Complete the following procedure:

  1. Initiate a full hard disk backup operation.
  2. Create a new (temporary) PrivateDisk volume using the following procedure:
    1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
    2. Select Protect Data. The PrivateDisk Settings dialog displays.
    3. Click New and follow the instructions on the screen to create a new PrivateDisk.
  3. Copy the files from the old PrivateDisk volume to the new, temporary PrivateDisk volume using Windows Explorer.
  4. Unmount and rename the existing PrivateDisk volume. This will enable you to restore the old PrivateDisk volume from a backup.
    1. Select SecureDrive.
    2. Click the Unmount icon at the upper part of the window.
    3. Go to the My Documents folder and rename this file securedrive.vol.
    4. Click Yes to the warning about renaming a read-only file.
  5. Restore the securedrive.vol file from a backup.
  6. Reboot the computer. Now the PrivateDisk file which will be mounted is the version from the backup.
  7. Mount the temporary PrivateDisk volume:
    1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
    2. Select Protect Data. The PrivateDisk Settings dialog displays.
    3. Select your temporary drive.
    4. Click Mount and enter the password you specified earlier.
  8. Copy the changed files from the temporary PrivateDisk volume to the restored PrivateDisk volume.
  9. Delete the temporary PrivateDisk volume using the following procedure:
    1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
    2. Select Protect Data. The PrivateDisk Settings dialog displays.
    3. Right-click your temporary drive and select Unmount.
    4. Right-click your temporary drive and select Remove from List. This procedure results in a new PrivateDisk volume containing the deleted files and files that had been altered.

Back to top


Symptom

The name of a PrivateDisk volume that was changed using the PrivateDisk Settings dialog does not reflect the change. The PrivateDisk Settings dialog only changes the logical name for use within the PrivateDisk Settings dialog. The name of the disk file, which is the name that appears in Windows Explorer, does not change.

Solution

None.


Back to top


Symptom

The user gets an error message from PrivateDisk when using a certificate to authenticate a PrivateDisk volume. This issue occurs because PrivateDisk tries to access the certificate before the security service is ready. Both PrivateDisk and the security service are started by the run key in the registry. Consequently, it is impossible to guarantee their respective start order. When the PrivateDisk volume is configured to mount automatically, it might be mounted before the security service is started. When this occurs, the certificate will not be available and PrivateDisk will display an error message.

Solution
  • Authenticate with the Client Security Solution program. This will ensure that the security service is started and initialized before the PrivateDisk volume.
  • Mount the certificate-protected PrivateDisk volume manually.

Back to top


Symptom

The PrivateDisk online help indicates a PrivateDisk icon appears in the Windows Task bar. This icon does not exist.

Solution

The user can run the PrivateDisk Settings dialog using the following procedure:

  1. Click Start, select Programs, select ThinkVantage, then click Client Security Solution.
  2. Select Protect Data.

Back to top


Symptom

A message similar to the following is displayed: "Unable to save file C:\Windows\Downloaded Installations\{0C529225-BDD7-404A-AA0D-240B and Recovery - Client Security Solution.msi."

The Rescue and Recovery 3.0 and Client Security 6.0 application must be installed by a user with administrative privileges. When a non-administrator user tries to install Rescue and Recovery 3.0 or Client Security 6, the above message is displayed because InstallShield will try to create a cached copy of the installation source in the C:\Windows\Downloaded Installations folder before executing the Windows Installer setup package. A limited user does not have access to this folder.

Solution

Log on as a user with administrative privileges to run the Rescue and Recovery 3.0 or Client Security Solution 6.0 installation.

CMVC Defect Number: 286164
Back to top


Symptom

Migration file passwords containing a space are not recognized when the file is applied to the target system.

The "Create a migration file" interface allows spaces to be included in a password; however, the entirepassword is not recognized. It is only recognized up until the space.

Solution

Do not use a password containing a space.

If a migration file was created that uses a password containing a space, enter only the portion of the password that precedes the space. For example, if the password is "pass word," use "pass" as the password when applying the migration file on target system.

CMVC Defect Number: 289236
Back to top


Symptom

When no certificates are selected for transfer, no action is taken.

The Certificate Transfer Wizard only notifies users about certificates which were transferred between the Microsoft and the Client Security Solution certificate store. Consequently, if the user does not select any certificates to transfer, no messages are displayed.

Solution

If no messages are displayed after the user clicks Finish in the certificate transfer wizard, then no certificates were transferred.

CMVC Defect Number: 273052
Back to top


Symptom

When a user uninstalls the Rescue and Recovery with Client Security Solution application, the PrivateDisk volume is not deleted. When the Client Security Solution Setup Wizard runs upon reinstallation, the PrivateDisk setup procedure attempts to unmount the existing PrivateDisk, generating the first error message: "The disk file does not exist."

A second error message is generated when the PrivateDisk application attempts to make a new volume and finds the existing file on the hard drive. A message is generated asking the user if he wants to overwrite the disk: "The file already exists. Do you want to overwrite it?"

The old PrivateDisk volume has a filename of SecureDrive.vol_"date." PrivateDisk passwords are randomly generated and are not known by the user. Therefore, old PrivateDisk volumes will never be accessible again and should be deleted.

Solution

Before uninstalling the Rescue and Recovery with Client Security Solution application, create a PrivateDisk volume manually using the PrivateDisk settings interface. Manually create a known password for this volume. This drive can then be mounted after the reinstall and the files copied to the new system-generated PrivateDisk volume.

CMVC Defect Number: 283643f_1
Back to top


Symptom

The Next button is not grayed out when a user enters the secure OS to recover a lost hardware (power on) password. Thus, if the user incorrectly presses the Enter key to switch tabs before all the questions have been answered, the system thinks he wants to proceed. Without all of the correct answers, the system fails the check. After three fails, the user is booted out of the secure OS interface.

Solution

Do not press the Enter key until all three questions are completed.

CMVC Defect Number: 288680
Back to top


Symptom

The exported Password Manager database (.PWM or .EXE) file is corrupt and cannot be imported when using a device with less than 1.7MB of free space.

When a user exports the Password Manager database file to a device with less than 1.7MB of free space, the exported Password Manager database file becomes corrupted and no error message is generated to warn the user about the file corruption.

Solution

To avoid this issue, export the database file to a device with at least 1.7MB of free space.

CMVC Defect #: 304706f_1
Back to top


Symptom

PrivateDisk "Fixed Drive" option causes an Event Viewer - System error when Windows System Restore is running causing the System Restore Points to disappear.

The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'M .. s' on the volume 'PrivateDiskVolume000000000000000a'. It has stopped monitoring the volume.

Solution

Do not use the PrivateDisk "Fixed Drive" option when running Windows System Restore. Assign a drive letter without making the volume a fixed drive.

CMVC Defect #: 318739
Back to top


Symptom

When a user enrolls fingerprints after having enrolled with the Client Security Solution application, the fingerprint device is not displayed as a policy option until after the computer is rebooted.

Solution

Reboot the computer immediately after enrolling with the Client Security Solution application.

CMVC Defect #: 322341
Back to top


Symptom

PrivateDisk volumes that are protected with certificates might fail to mount when the option 'Mount after user logged on to the system' is selected.

This issue might occur after the following steps have been taken:

  1. A PrivateDisk volume is created.
  2. A certificate is used to protect the volume.
  3. The 'Mount after user logged on to the system' startup option is selected. Upon a subsequent reboot the following error message might display: 'An error occurred while opening the virtual disk using the certificate'

This is an intermittent error and might not occur on every reboot.

Solution

To avoid this problem, complete the following procedure:

  • Select Mount manually as the startup option for the PrivateDisk volume.

To recover from a broken state, complete the following procedure:

  • Mount the PrivateDisk volume manually using the PrivateDisk Mount option.
CMVC Defect #: 309328f_1
Back to top


Symptom

The Remote Desktop feature might fail when using the Client Security Solution login interface.

When attempting to logon remotely to a computer that uses the Client Security Solution logon interface, the authentication process appears to function correctly. However, just before the user is logged on, the "control-alt-delete" screen is displayed and the user is not able to log on.

Solution

Use the Policy Manager application to disable the Client Security Solution logon interface.

CMVC Defect #: 320119f_1
Back to top


Symptom

Information saved in the Password Manager application is not automatically populated in the Web site fields by the Ctrl+F2 recall hotkey when using a Mozilla browser.

Solution

Use the Microsoft Internet Explorer browser.

CMVC Defect #: 308339
Back to top


Symptom

Secondary users, with the exception of the master administrator, will experience a "Fingerprint not enrolled" error message following Client Security Solution enrollment.

Solution

Enroll fingerprints before completing the Security Setup Wizard enrollment or simply continue with fingerprint enrollment.

CMVC Defect #: 322974
Back to top


Symptom

If the user enters a locked state immediately after enrolling with the Client Security Solution application, the user will not be able to log on even if the correct authentication information is provided.

Solution

Reboot the computer immediately after enrolling a user using the Security Setup Wizard.

CMVC Defect #: 323231
Back to top


Symptom

Translation error in Password Manager Export Entries interface.

When exporting Password Manager data to a file, the export entry interface is displayed. This interface has two text fields that enable a user to create a password to protect the generated Password Manager Export file.

The Japanese language labels for the text boxes are translated incorrectly.

incorrect Japanese translations

The correct English interface is shown below.

correct English interface

Solution

None.

CMVC Defect #: 322673
Back to top


Symptom

The state of the Enable Password Manager check box might not save properly. The check box always displays as checked when you open the Advanced tab of the Password Manager Preferences interface.

Solution

To disable the Password Manager application, clear all of the other check boxes in the Application Support sub-section of the Advanced tab of the Password Manager Preferences interface.

CMVC Defect #: 325389
Back to top


Symptom

After changing the Enable Hotkeys check box state, the hotkeys are still in the same state (either enabled or disabled).

The keyboard references are established during the initialization of the Password Manager application. Consequently, the Password Manager application must be re-initialized for the hotkey changes to take effect.

Solution

Log off and log back on the Password Manager application, or reboot the computer, to ensure that the changes take effect.

CMVC Defect #: 325390
Back to top


Symptom

When upgrading from the OEM version of Rescue and Recovery 3.0 to the OEM version of Rescue and Recovery 3.1 AND when installing the OEM version of the Client Security Solution 7.0 program, a problem might occur during configuration of Client Security Solution 7.0 program, such that the Password Manager application might not function properly.

Solution

To avoid any potential problems caused by upgrading from Rescue and Recovery 3.0 to Rescue and Recovery 3.1, complete the upgrade by following all on-screen prompts and interfaces. After the upgrade is completed, then install the Client Security Solution 7.0 program, if desired. Do not try to install the Client Security Solution application before the upgrade to Rescue and Recovery 3.1 is complete.

CMVC Defect #: 325663
Back to top


Symptom

During enrollment of subsequent users via the Security Wizard an unexpected graphic is displayed behind the text on the PrivateDisk screen.

The PrivateDisk screen of the Security Wizard displays an unexpected image underneath the controls and text. This problem occurs during the enrollment of subsequent users only if the initial user configured the computer using the secure mode and disabled the password recovery mechanism.

Solution

This problem does not hinder the functionality of the Security Wizard. Although the image is distracting, the text is legible and the controls are accessible. Follow the instructions on the screen and continue with the enrollment.

CMVC Defect #: 325984
Back to top


Symptom

Unable to log on using the CSS logon interface after changing the Windows userID.

When the Control Panel > User Accounts > Change an Account > Change My Name command is used, only the user Full Name is changed. This command does not change the actual account name. When the user tries to use the new userID, it is not recognized as a valid username. The current version of Client Security logon interface does not support changing only full names.

Solution

Continue to use the old username or change the full name back to the original.

CMVC Defect #: 326353
Back to top


Symptom

The PrivateDisk configuration screen is displayed even though the initial user elected not to create private disks.

During the enrollment of secondary users, the Security Wizard displays the PrivateDisk configuration screen even when the initial user elected not to create private disks.

Solution

To disable the use of private disks, an administrative user must exclude the private disk module from the installation using the installation wizard. This can be accomplished during initial installation or subsequently by re-running the installation wizard using the Windows Control Panel "Add/Remove Programs" utlity.

CMVC Defect #: 326701
Back to top


Symptom

Users must manually install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support.

Solution

Users must manually install the ThinkVantage Password Manager 2.0 Extension to enable FireFox browser support.

To install the ThinkVantage Password Manager 2.0 Extension for FireFox, complete the following procedure:

  1. Open Firefox.
  2. Click File, click Open File, then select the tvtpwm_moz_xpi.xpi file from the location where the Client Security Solution application is installed. For example "C:\Program Files\Lenovo\Client Security Solution". The Software Installation window is displayed.
  3. Click Install Now.
  4. The plugin is displayed in the Extensions window while installing. A message prompting you to restart Firefox to complete the installation is displayed.
  5. To verify that the .xpi file installed correctly, restart Firefox.
  6. Click Tools, then click Extensions. ThinkVantage Password Manager 2.0 should be displayed in the extension list.
CMVC Defect #: 328091
Back to top


Symptom

After the Client Security Solutionapplication is installed, a user might not be able to access the My Recent Documents folder. The following error message is displayed:

"C:\Documents and Settings\user\My Recent Documents is not accessible. Access is denied."

The Client Security Solution application modifies access permission for clean-up reasons, clearing the Make this folder private check box. Consequently, users will lose access permission to the My Recent Documents folder.

Solution

To correct this issue, complete the following procedure:

  1. Right-click the C:\Documents and Settings\user\My Recent Documents folder.
  2. Select Properties.
  3. Click the Sharing tab.
  4. Check the Make this folder private check box, then click OK.
CMVC Defect #: 62255
Back to top


Symptom

Password Manager does not populate fields in some applications and Web pages

Solution
The Lenovo Password Manager is intended to provide password management support for most HTML-based applications. Password Manager does not support applications that request user id and password authentication through an interface that is not HTML and browser based.
Back to top


Symptom

Problems are encountered when upgrading from Rescue and Recovery 3.0 and Client Security Solution 6.0 to Rescue and Recovery 3.1

Solution

To avoid upgrade problems, complete the following procedure:

  1. Install Rescue and Recovery 3.1, but DO NOT reboot when prompted.
  2. Install Client Security Solution 7.0.
  3. Reboot when prompted.
  4. When you log on after the reboot, you will be asked to migrate from the pervious version. Select to migrate from the pervious version.

CMVC Defect Number: hlpct_62533

Back to top


Symptom

Microsoft Internet Explorer crashes when using ThinkVantage Client Security Solution 7 Password Manager. This is due to an issue with the tvtpwm_ie_com.dll file that is a part of certain early builds of Client Security Solution 7.

Solution

Apply the Maintenance Patch for ThinkVantage Client Security Solution 7.0 available from the following Web site:

Maintenance Patch for ThinkVantage Client Security Solution 7.0

CMVC Defect Number: 343331



If you are unable to find what you are looking for, please do try the following options:
1. Lenovo Assisted Search
2. Product usage and general troubleshooting tips
3. Lenovo Support Forum
4. Technical Support Call Centre

Document ID : HT005009
Legacy Document ID : MIGR-64679
Last Updated :
Copyright © Lenovo 2013, all rights reserved
Was this page helpful to you?YesNo


   
Select Task
 
Drivers & Software  
Guides & Manuals  
Diagnose & Fix  
Warranty & Services  
Parts  
Accessories  

ADDITIONAL RESOURCES
Driver Matrix
COMMUNITY
KnowledgeBase Featured Articles
Community KnowledgeBase
Community Forums
Lenovo EMC
Windows 8 Support