Cherry Smart Card-Reader stops working after the RSA Authentication Agent for Windows is installed

4 years ago

Originally Published: 2016-08-03

Article Number

000042978

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Product/Service Type: RSA Authentication Client (RAC)
RSA Version/Condition: 3.6
Platform: Windows
Platform (Other): Cherry Smart Card-Reader
O/S Version: 7 x64

Issue

On newly-imaged workstations and servers with the RSA Authentication Agent for Windows installed, the Cherry Smart Card-Reader stops working after initial login. When the user locks the workstation and attempts to log back in using the card reader, the system hangs. Removing the RSA agent resolves this issue.

This has been tested on a workstation to verify the behavior. Without changing anything, the card reader works without issue. After installing the RSA agent, the card reader works initially and then stops after locking the workstation. After rebooting the workstation, the user can login using the card reader. After locking the workstation, he cannot.

Steps to reproduce

The steps below were taken to reproduce the issue:

Time	Action/Result
5:45	RSA authentication successful.
5:46	Lock workstation. Login with smart card fails.
5:47	RSA authentication successful.
5:49	Ran RSA agent install and chose Modify.
5:51	Locked workstation and smart card login is successful.
5:52	Locked workstation and smart card login is successful.
5:53	Reboot workstation.
5:56	Login with smart card is successful.

It appears that the RSA agent isn't getting fully installed and the subsequent Modify fixes something. The event viewer shows that the RSA agent install completed successfully with status of 0.

Cause

There is conflict between a SID800 registry setting for the old RSA Model 5200C Smart Card Answer-To-Reset (ATR) and the Common Access Card (CAC)* or smart card reader ATR that is manufactured by companies such as ActivIDentity and Cherry.

The ActivIDentity and Cherry cards have the same ATR as the old RSA 5200C smart card. The RSA RAC is trying to connect to this card, causing a conflict between the SID800 and the ActivIDentity or Cherry card and client.

* CAC = Common Access Card, Smart" ID card for active-duty military personnel, selected reserve, DoD civilian employees, and eligible contractor personnel.

Resolution

To resolve the conflict, delete the following registry key :

HKEY_LOCAL_MACHINE\SOFTWARE\RSA\RSA Desktop Common\Smart Card Registry Settings\SmartCards\RSA SecurID 5200C

Make sure to delete only the RSA SecurID 5200C key.

Workaround

Try the reboot commands listed in the Issue section.

Don't see what you're looking for?

Steps to reproduce

Related Articles

Trending Articles