000033683 - Cherry Smart Card-Reader stops working after the RSA Authentication Agent for Windows is installed

Document created by RSA Customer Support Employee on Aug 3, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033683
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Product/Service Type: RSA Authentication Client (RAC)
RSA Version/Condition: 3.6
Platform: Windows
Platform (Other): Cherry Smart Card-Reader
O/S Version: 7 x64
IssueOn newly-imaged workstations and servers with the RSA Authentication Agent for Windows installed, the Cherry Smart Card-Reader stops working after initial login. When the user locks the workstation and attempts to log back in using the card reader, the system hangs. Removing the RSA agent resolves this issue.
This has been tested on a workstation to verify the behavior. Without changing anything, the card reader works without issue. After installing the RSA agent, the card reader works initially and then stops after locking the workstation.  After rebooting the workstation, the user can login using the card reader. After locking the workstation, he cannot.  

Steps to reproduce

The steps below were taken to reproduce the issue:
5:45RSA authentication successful.
5:46Lock workstation.  Login with smart card fails.
5:47RSA authentication successful.
5:49Ran RSA agent install and chose Modify.
5:51Locked workstation and smart card login is successful.
5:52Locked workstation and smart card login is successful.
5:53Reboot workstation.
5:56Login with smart card is successful.

It appears that the RSA agent isn't getting fully installed and the subsequent Modify fixes something. The event viewer shows that the RSA agent install completed successfully with status of 0.
CauseThere is conflict between a SID800 registry setting for the old RSA Model 5200C Smart Card Answer-To-Reset (ATR) and the Common Access Card (CAC)* or smart card reader ATR that is manufactured by companies such as ActivIDentity and Cherry.
The ActivIDentity and Cherry cards have the same ATR as the old RSA 5200C smart card. The RSA RAC is trying to connect to this card, causing a conflict between the SID800 and the ActivIDentity or Cherry card and client.
* CAC = Common Access Card, Smart" ID card for active-duty military personnel, selected reserve, DoD civilian employees, and eligible contractor personnel.
ResolutionTo resolve the conflict, delete the following registry key :

HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Smart Card Registry Settings\SmartCards\RSA SecurID 5200C

Make sure to delete only the RSA SecurID 5200C key.

WorkaroundTry the reboot commands listed in the Issue section.