Problem: 

Fingerprint authentication (biometric) fails at a screen requesting Windows Login credentials.   

The biometric Secure Windows Login authentication process uses several different components.  If any component is modified, you may be required to clear the current enrollments and enroll new biometrics for Secure Windows Login authentication.

Applies To: 

Dell ControlPoint (DCP) Security Manager Versions 1.3 and below installed on:
 

Latitude 13, E4200, E4300, E6400, E6400 ATG, E6400 XFR, E6410, E6410 ATG, E6500 and E6510, XT2 and XT2_XFR, Z600
OptiPlex 380, 580, 760, 780, 960, 980, XE
Precision Mobile M2400, M4400, M4500, M6400, M6500
Precision WorkStation T3500, T5500, T7500

See Solution: Dell DCP Version 1.3 and below
 

Dell ControlPoint (DCP) Security Manager Version 1.4 installed on:
 

Latitude 13, E4200, E4300, E6400, E6400 ATG, E6400 XFR, E6410, E6410 ATG, E6500 and E6510, XT2 and XT2_XFR, Z600
OptiPlex 380, 580, 760, 780, 960, 980, XE
Precision Mobile M2400, M4400, M4500, M6400, M6500
Precision WorkStation T3500, T5500, T7500

See Solution: Dell DCP Version 1.4
 

Dell ControlPoint (DCP) Security Manager Versions 1.X installed on:

Latitude E5400, E5410, E5500 and E5510

See Solution: Dell DCP Version 1.X

Solution: 

Dell DCP Version 1.3 and below

 

Log into Windows with your password, then remove and re-enroll prints.

  1. Use your Windows password to access the desktop. 

If you do not know your Windows password, reset by using an alternate administrative account or contact your internal IT department for assistance.  Windows passwords cannot be determined by enrolled biometrics.

If you are unable to log into Windows because you have your Authentication Type is set to either “Biometric Only” or “Password AND Biometric” you will need to disable Secure Windows Login from within Safe Mode to allow Windows Logon using your password.

To disable Secure Windows Login from Safe Mode:

  1. Boot your machine and press F8 to enter Safe Mode.
  2. Continue pressing F8 until the Boot Options screen appears.
  3. Select Safe Mode (not Safe Mode with Networking) and allow Windows to load.
  4. Enter the Windows username and password. If you do not have a Windows password set, leave it blank and select ‘Enter’ key.
  5. Once you are at the desktop, open the EMBASSY Security Center.
  6. Navigate to the Windows Login tab.
  7. Remove the check mark next to ‘Enable Secure Windows Login’ and select Apply.
  8. Exit and Reboot into Windows normally.

 

  1. Remove invalid biometrics. 
  • Locate the UCS2.0 folder and rename it to UCS2.0_old. The UCS folder will be located at the following path:
    XP: C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\UCS2.0
    Vista or Windows 7: C:\Program Data\Wave Systems Corp.\UCS 2.0
     
  • If you are unable to rename this folder you will need to change the folders permissions to allow access.
  1. Right click on the UCS folder and select Properties
  2. Click Security Tab
  3. Select the Administrator’s group
  4. Click the Advanced button
  5. Select Administrators
  6. Click the Permissions tab or Change Permissions as appropriate
  7. Include inheritable permissions form this object’s parent and Replace all child object permissions with inheritable permissions from this object boxes should be checked
  8. Next click apply/ok
  • Rename the UCS folder to UCS2.0_old.
  • Clear the fingerprints from the Credential Vault.
  1. Open a command prompt by going to Start > All Programs > Accessories > Command Prompt. (Note: Vista/Win7 users will need to right-click the Command Prompt and select “Run as Administrator")
  2. Navigate to the Dell Preboot Manager folder by typing: ‘cd C:\Program Files\Wave Systems Corp\Dell Preboot Manager’
  3. To clear the Credential Vault, type:

PrebootEnrollmentUtil.exe x systempassword
(Note: change systempassword to your system password)
 

All fingerprints stored in the Credential Vault will be deleted.
 

  1. (Optional) Re-enroll your biometrics, select "Enable Secure Windows Login" and select Apply. 

 

Dell DCP Version 1.4

 

Log into Windows with your password, then remove and re-enroll prints.
 

  1. Log into Windows with your password, then remove and re-enroll prints.

If you do not know your Windows password, reset by using an alternate administrative account or contact your internal IT department for assistance.   Windows passwords cannot be determined by enrolled biometrics.

If you are unable to log into Windows because you have your Authentication Type set to either “Biometric Only” or “Password AND Biometric” you will need to disable Secure Windows Login from within Safe Mode to allow Windows Logon using your password.

To disable Secure Windows Login from Safe Mode:

  1. Boot your machine and press F8 to enter Safe Mode.
  2. Continue pressing F8 until the Boot Options screen appears.
  3. Select Safe Mode (not Safe Mode with Networking) and allow Windows to load.
  4. Enter the Windows username and password. If you do not have a Windows password set, leave it blank and select ‘Enter’ key.
  5. Once you are at the desktop, open the EMBASSY Security Center.
  6. Navigate to the Windows Login tab.
  7. Remove the check mark next to ‘Enable Secure Windows Login’ and select Apply.
  8. Exit and Reboot into Windows normally.

 

  1. Clear all fingerprints enrolled for both Windows and Preboot Authentication:

 

  1. Open EMBASSY Security Center and navigate to Platform Security Modules > Dell ControlVault.
  2. If not previously set, create an Administrator Password for the Control Vault.
  3. Select the Clear All button to clear all credentials for all users.
  4. Select the Clear button to clear all credentials for the current user.

If you cannot select one of the options above (because the option is grayed out or unavailable), please fill out a Support Request Form for further assistance.

 

  1. (Optional) Re-enroll your biometrics, select "Enable Secure Windows Login" and select Apply. 

 

Dell DCP Version 1.x

 

Log into Windows with your password, then remove and re-enroll prints.
 

  1. Use your Windows password to access the desktop. 

If you do not know your Windows password, reset by using an alternate administrative account or contact your internal IT department for assistance.   Windows passwords cannot be determined by enrolled biometrics.

If you are unable to log into Windows because you have your Authentication Type set to either “Biometric Only” or “Password AND Biometric” you will need to disable Secure Windows Login from within Safe Mode to allow Windows Logon using your password.

 

To disable Secure Windows Login from Safe Mode:

  1. Boot your machine and press F8 to enter Safe Mode.
  2. Continue pressing F8 until the Boot Options screen appears.
  3. Select Safe Mode (not Safe Mode with Networking) and allow Windows to load.
  4. Enter the Windows username and password. If you do not have a Windows password set, leave it blank and select ‘Enter’ key.
  5. Once you are at the desktop, open the EMBASSY Security Center.
  6. Navigate to the Windows Login tab.
  7. Remove the check mark next to ‘Enable Secure Windows Login’ and select Apply.
  8. Exit and Reboot into Windows normally.

 

  1. Remove invalid biometrics by removing the UCS folder and reset the fingerprint reader.
  • Locate the UCS2.0 folder and rename it to UCS2.0_old. The UCS folder will be located at the following path:

XP: C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\UCS2.0

Vista or Windows 7: C:\Program Data\Wave Systems Corp.\UCS 2.0

 

If you are unable to rename this folder you will need to change the folders permissions to allow access.

  1. Right click on the UCS folder and select Properties
  2. Click Security Tab
  3. Select the Administrator’s group
  4. Click the Advanced button
  5. Select Administrators
  6. Click the Permissions tab or Change Permissions as appropriate
  7. Include inheritable permissions form this object’s parent and Replace all child object permissions with inheritable permissions from this object boxes should be checked
  8. Next click apply/ok
  9. Rename the UCS folder to UCS2.0_old
  • Reset the fingerprint sensor
  1. Navigate to: ‘C:\Program Files\Dell\Security Device Driver Pack\Authentec AES2810 Fingerprint Reader\Tools’ and select AESReset.exe.
    Please contact us for further assistance if you are unable to locate this tool after confirming Show hidden files and folders’ is enabled.
  2. Open the reset tool

Vista and Windows 7: Right click and run as administrator to launch AESReset.exe

XP: Double-click AESReset.exe

  1. Follow the reset process:
  • Message Displays: Please place finger on sensor
  • Place finger on sensor.
  • Message Displays: You may remove your finger now
  • Remove Finger from sensor
  • Message Displays: Operation Complete.
  • Power cycle machine.

 

  1. (Optional) Re-enroll biometrics, select "Enable Secure Windows Login" and select Apply.

 

If the information provided above did not resolve your issue or you have any additional questions, please complete our Support Request Form