Smart card stops functioning when you upgrade from Windows 2000 to Windows XP SP 1 or earlier
Description:
This article explains a workaround/Hotfix for an issue with Windows 2000 SP4 users that upgrade to XP and loose functionality with their smart card
Product:
NetSign CAC
Version:
4.x
Operating Systems:
Windows 2000 Professional SP 4
Windows Server SP 4
Windows XP SP1
Issue / Problem:
Recent NetSign CAC customers reported loss of use of a previously working smart card reader and CAC Middleware when trying to use NetSign CAC on a system that had been upgraded from Windows 2000 Service Pack 4 (Professional or Server) to the Windows XP operating system. The problem is that NetSign CAC will not recognize the Smart Card reader of NetSign CAC's Card Start application (noted on the SysInfo tab) even though the reader is recognized in device manager.
Microsoft has confirmed this problem as a known issue and classified the problem in the Microsoft Knowledge Base Article: "Smart card stops functioning or you cannot access the local registry when you upgrade from Windows 2000 Server to Windows XP SP 1 or earlier". We recommend all users that have made or plan to make an upgrade from Windows 2000 Professional / Server with SP4 to Windows XP to closely follow the directions of this Microsoft Knowledge Base Article.
This article indicates that the source of the problem exists within the Microsoft Operating System (XP client). This is not an issue with NetSign CAC middleware.
NOTE: We recommended using the link provided above or searching Microsoft's website directly to view the entire article if you want more information concerning this issue.
Excerpts from the article appear below:
MICROSOFT KB Article 832082
Assume a scenario where you upgrade a computer that is running Microsoft Windows 2000 Service Pack 4 (SP4) or a later version of Windows 2000 to one of the following:
* Microsoft Windows XP Professional Edition Service Pack 1 (SP1)
* Microsoft Windows XP Home Edition SP1
* an earlier version of Windows XP
In this scenario, one of the following problems may occur:
* Your smart card may stop functioning.
* You may not be able to access the local registry from a remote computer.
Additionally, any one of the following events may be logged in the application event log:
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 201
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Failed to initialize Server Application: Access is denied.
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 110
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Comm Responder could not create communications object.
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 104
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Comm Responder could not access the Calais key: Access is denied.
Note This problem does not occur when you upgrade a computer that is running Windows 2000 Service Pack 3 or earlier. This problem also does not occur when you upgrade to Windows XP Service Pack 2 or a later version of Windows XP.
This problem occurs because a security template from the Dwup.inf file is not applied when you upgrade a computer that is running Windows 2000 SP4 or a later version of Windows 2000.
The smart card may not function correctly because the Local Service is not granted Read permission for the following registry subkey:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Calais/Current
Remote registry access may not function correctly because the Local Service is not granted Read permission for the following registry subkey:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurePipeServers/winreg
***********************
Solution:
There are several resolution scenarios for this problem.
If you know about this problem before you upgrade to Windows XP SP2 from Windows 2000 SP4 or a later version of Windows 2000, you can type the Spdwnw2k.exe /test command at a command prompt in Windows 2000 SP4 or in a later version of Windows 2000. The Spdwnw2k.exe file is located on the Windows 2000 SP4 CD-ROM in the i386\update folder.
If you know about this problem after you upgrade to Windows XP SP1 from Windows 2000 SP4 or a later version of Windows 2000, you must install this hotfix to resolve this problem.
"A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows XP service pack that contains this hotfix."
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site: http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
If you upgrade to Windows XP SP2 after you upgrade to Windows XP SP1 or after you upgrade to an earlier version of Windows XP, and this problem still occurs, you can manually apply the Xpupgfix.inf file that is included in this hotfix. To extract the Xpupgfix.inf file from this hotfix package, you must run the package with the /x switch at the command prompt. The package that is extracted will contain a file that is named WindowsXP-KB832082-x86-ENU.EXE or WindowsXP-KB832082-IA64-ENU.EXE. Extract this file with the /x switch again. Then type the following command at the command prompt to update the computer that is running Windows XP SP2 or a later version of Windows XP with the Xpupgfix.inf file: %systemroot%\system32\secedit.sdb /configure /cfg xpupgfix.inf /db %systemroot%\security\Database\secedit.sdb
If you upgrade a computer that is running Windows 2000 SP4 or a later version of Windows 2000 to a slipstreamed version of Windows XP SP2, no additional steps are necessary, because this hotfix is scheduled to be included in Windows XP SP2.
For questions regarding the Microsoft KB Article outlined above please contact Microsoft support. Additionally if you have further questions regarding NetSign CAC please contact SSP-Litronic directly.[/size:0380d8204c]
Keywords: MICROSOFT ScardSvr Upgrade XP KNOWN ISSUE 832082 Hotfix MICROSOFT ScardSvr Upgrade XP KNOWN ISSUE 832082 Hotfix
Description:
This article explains a workaround/Hotfix for an issue with Windows 2000 SP4 users that upgrade to XP and loose functionality with their smart card
Product:
NetSign CAC
Version:
4.x
Operating Systems:
Windows 2000 Professional SP 4
Windows Server SP 4
Windows XP SP1
Issue / Problem:
Recent NetSign CAC customers reported loss of use of a previously working smart card reader and CAC Middleware when trying to use NetSign CAC on a system that had been upgraded from Windows 2000 Service Pack 4 (Professional or Server) to the Windows XP operating system. The problem is that NetSign CAC will not recognize the Smart Card reader of NetSign CAC's Card Start application (noted on the SysInfo tab) even though the reader is recognized in device manager.
Microsoft has confirmed this problem as a known issue and classified the problem in the Microsoft Knowledge Base Article: "Smart card stops functioning or you cannot access the local registry when you upgrade from Windows 2000 Server to Windows XP SP 1 or earlier". We recommend all users that have made or plan to make an upgrade from Windows 2000 Professional / Server with SP4 to Windows XP to closely follow the directions of this Microsoft Knowledge Base Article.
This article indicates that the source of the problem exists within the Microsoft Operating System (XP client). This is not an issue with NetSign CAC middleware.
NOTE: We recommended using the link provided above or searching Microsoft's website directly to view the entire article if you want more information concerning this issue.
Excerpts from the article appear below:
MICROSOFT KB Article 832082
Assume a scenario where you upgrade a computer that is running Microsoft Windows 2000 Service Pack 4 (SP4) or a later version of Windows 2000 to one of the following:
* Microsoft Windows XP Professional Edition Service Pack 1 (SP1)
* Microsoft Windows XP Home Edition SP1
* an earlier version of Windows XP
In this scenario, one of the following problems may occur:
* Your smart card may stop functioning.
* You may not be able to access the local registry from a remote computer.
Additionally, any one of the following events may be logged in the application event log:
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 201
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Failed to initialize Server Application: Access is denied.
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 110
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Comm Responder could not create communications object.
Event Type: Error
Event Source: SCardSvr
Event Category: None
Event ID: 104
Date: 9/25/2003
Time: 1:04:08 PM
User: N/A
Computer: Computer Name
Description: Comm Responder could not access the Calais key: Access is denied.
Note This problem does not occur when you upgrade a computer that is running Windows 2000 Service Pack 3 or earlier. This problem also does not occur when you upgrade to Windows XP Service Pack 2 or a later version of Windows XP.
This problem occurs because a security template from the Dwup.inf file is not applied when you upgrade a computer that is running Windows 2000 SP4 or a later version of Windows 2000.
The smart card may not function correctly because the Local Service is not granted Read permission for the following registry subkey:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Cryptography/Calais/Current
Remote registry access may not function correctly because the Local Service is not granted Read permission for the following registry subkey:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurePipeServers/winreg
***********************
Solution:
There are several resolution scenarios for this problem.
If you know about this problem before you upgrade to Windows XP SP2 from Windows 2000 SP4 or a later version of Windows 2000, you can type the Spdwnw2k.exe /test command at a command prompt in Windows 2000 SP4 or in a later version of Windows 2000. The Spdwnw2k.exe file is located on the Windows 2000 SP4 CD-ROM in the i386\update folder.
If you know about this problem after you upgrade to Windows XP SP1 from Windows 2000 SP4 or a later version of Windows 2000, you must install this hotfix to resolve this problem.
"A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows XP service pack that contains this hotfix."
To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site: http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
If you upgrade to Windows XP SP2 after you upgrade to Windows XP SP1 or after you upgrade to an earlier version of Windows XP, and this problem still occurs, you can manually apply the Xpupgfix.inf file that is included in this hotfix. To extract the Xpupgfix.inf file from this hotfix package, you must run the package with the /x switch at the command prompt. The package that is extracted will contain a file that is named WindowsXP-KB832082-x86-ENU.EXE or WindowsXP-KB832082-IA64-ENU.EXE. Extract this file with the /x switch again. Then type the following command at the command prompt to update the computer that is running Windows XP SP2 or a later version of Windows XP with the Xpupgfix.inf file: %systemroot%\system32\secedit.sdb /configure /cfg xpupgfix.inf /db %systemroot%\security\Database\secedit.sdb
If you upgrade a computer that is running Windows 2000 SP4 or a later version of Windows 2000 to a slipstreamed version of Windows XP SP2, no additional steps are necessary, because this hotfix is scheduled to be included in Windows XP SP2.
For questions regarding the Microsoft KB Article outlined above please contact Microsoft support. Additionally if you have further questions regarding NetSign CAC please contact SSP-Litronic directly.[/size:0380d8204c]
Keywords: MICROSOFT ScardSvr Upgrade XP KNOWN ISSUE 832082 Hotfix MICROSOFT ScardSvr Upgrade XP KNOWN ISSUE 832082 Hotfix