Problem: 

Biometric (fingerprint) authentication is not accepted for Windows login.

Applies To: 

Dell Embassy Trust Suite, Dell ControlPoint, Dell Data Protection | Access and Wave software versions.

Solution: 

Use your Windows password to access the desktop.

 

Log into Windows with your password, then remove and re-enroll prints.

The Windows password cannot be determined from a biometric enrollment. If the Windows password is unknown, you will need to log on with an administrator account (if one is available) in order to reset the user password, or contact your company’s IT department for a password reset.

 

Use Safe Mode to access the desktop.

 

Safe mode allows access to your Windows desktop in the event that enrolled biometrics fail and the authentication type is set to ‘Biometric Only’, or ‘Password and Biometric’.

  1. Boot your machine and press F8 to enter Safe Mode. If Pre-boot is enabled, you will be   prompted for Pre-boot authentication. This will require you to press ESC (escape key) and type your System password.
  2. Continue pressing F8 until the Boot Options screen appears.
  3. Select Safe Mode (not Safe Mode with Networking) and allow Windows to load. This will disable the Dell/Wave login and the regular Microsoft Windows login will be displayed. Enter the Windows username and password. If you do not have a Windows password set, you can leave it blank and select ‘Enter’ key.
  4. Once you can access the Windows desktop, change the authentication type:

EMBASSY Security Center or Dell ControlPoint:

  • Open the EMBASSY Security Center
  • Select the Windows Login tab and change the Authentication type to ‘Password or Biometric’ or ‘Password’
  • Reboot the machine.

DDPA:

  • Open Access
  • Select Change Access Options and make your changes on the General page.
  • Reboot
  • Once you are able to access your desktop; enroll prints if not previously done or remove current unsuccessful prints and re-enroll.

Remove (unsuccessful) fingerprints and re-enroll.

 

Instructions are provided below for EMBASSY Trust Suite, Dell ControlPoint and Dell Data Protection| Access.

 

Using EMBASSY Trust Suite
Using Dell ControlPoint
Using Dell Data Protection | Access

 

EMBASSY Trust Suite

 

1. Locate the UCS2.0 folder and rename it to UCS2.0_old. The UCS folder will be located at the following path:

  • XP: C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\UCS2.0
  • Vista: C:\Program Data\Wave Systems Corp.\UCS 2.0
  • Windows 7: C:\Program Data\Wave Systems Corp.\UCS 2.0

If you are unable to rename this folder you will need to change the folders permissions to allow access.
 

a)     Right click on the UCS folder and select Properties.

b)    Click Security Tab.

c)     Select the Administrator’s group.

d)    Click the Advanced button.

e)     Select Administrators.

f)     Click the Permissions tab or Change Permissions as appropriate.

g)     Include inheritable permissions form this object’s parent and Replace all child object permissions with inheritable permissions from this object boxes should be checked.

h)     Next click apply/ok.
 

You will now be able to rename the UCS folder to UCS2.0_old

 

2. Clear the fingerprints from the Fingerprint Reader using the following process:

You will see a list of users who currently have fingerprints enrolled on the UPEK device. Double click a user to delete all fingerprints currently saved on the UPEK device for that user.

  • Repeat the process for additional users.

3. Re-enroll your biometrics, select "Enable Secure Windows Login" and select Apply.

4. Reboot.
 

Dell ControlPoint

 

Select one of the two solutions based on your equipment:

Applies to: Latitude 13, E4200, E4300, E6400 (ATG, XFR), E6410 ATG, E6500, XT2, XT2_XFR, Z600

OptiPlex 380, 580, 760, 780, 960, 980, XE

Precision Mobile M2400, M4400, M4500, M6400, M6500

Precision WorkStation T3500, T5500, T7500

Solution: Clear all fingerprints enrolled for both Windows and Pre-boot Authentication.

  • Open EMBASSY Security Center and navigate to Platform Security Modules > Dell ControlVault
  • Select the Clear All button to clear all credentials for all users
  • Select the Clear button to clear all credentials for the current user
  • If the Clear All button is not available, set the Admin password for the ControlVault
  • If the options are grayed out or unavailable, please contact Wave support for further assistance

Re-enroll your biometrics, select "Enable Secure Windows Login" and select Apply.

Applies to: Latitude E5400 and E5500

Solution:

1. Locate the UCS2.0 folder and rename it to UCS2.0_old. The UCS folder will be located at the following path:

  • XP: C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\UCS2.0
  • Vista: C:\Program Data\Wave Systems Corp.\UCS 2.0
  • Windows 7: C:\Program Data\Wave Systems Corp.\UCS 2.0

If you are unable to rename this folder you will need to change the folders permissions to allow access.

Right click on the UCS folder and select Properties

  • Click Security Tab
  • Select the Administrator’s group
  • Click the Advanced button
  • Select Administrators
  • Click the Permissions tab or Change Permissions as appropriate
  • Include inheritable permissions form this object’s parent and Replace all child object permissions with inheritable permissions from this object boxes should be checked
  • Next click apply/ok

You will now be able to rename the UCS folder to UCS2.0_old

2. Reset the fingerprint sensor

  • Navigate to: ‘C:\Program Files\Dell\Security Device Driver Pack\Authentec AES2810 Fingerprint Reader\Tools’ and select AESReset.exe.

Please contact us for further assistance if you are unable to locate this tool after confirming Show hidden files and folders’ is enabled.

  • Open the reset tool
  • Vista and Windows 7: Right click and run as administrator to launch AESReset.exe
  • XP: Double-click AESReset.exe
  • Follow the reset process:

Message Displays: Please place finger on sensor

Place finger on sensor.

Message Displays: You may remove your finger now

Remove Finger from sensor

Message Displays: Operation Complete.

Power cycle machine.

3. Re-enroll your biometrics, select "Enable Secure Windows Login" and select Apply.

4. Reboot.
 

Dell Data Protection | Access
 

Applies to Dell Data Protection | Access versions 2.0.X installed on:

Latitude E4310, E4320, E6220, E6320, E6410 (ATG), E6420 (ATG, XFR), E6510, E6520, XT3 (XFR) Precision Mobile M4500, M4600, M6500, M6600


And Dell Data Protection | Access versions 2.X.X  installed on:

Latitude E4310, E4320, E5410, E5420, E5420m, E5510, E5520 (m), E6220, E6320, E6410 (ATG), E6420 (ATG, XFR), E6510, XT3 (XFR)

OptiPlex 580, 790, 980, 990

Precision Mobile M4500, M4600, M6500, M6600

Precision Workstation T1600, T3500, T3600, R5500

 

To clear any previously stored security settings implemented such as TPM enablement, fingerprints enrolled, BIOS passwords, preboot credentials, etc. (if applicable), run the Reset System option in DDPA:   

  1.  Launch Dell Data Protection |Access application.
  2. Navigate to the advanced screen.
  3. Click on “Reset System” and provide all implemented passwords and follow instructions appropriately.
  4. Reboot
  5. Open Access and select the Advanced tab in the lower right corner.
  6. Select Reset System.

 

If the information provided above did not resolve your issue or you have any additional questions, please complete our Support Request Form