Article Number
000036581
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Software Token for Windows Desktop
RSA Version/Condition: 5.0
Issue
Initially,
- The RSA SecurID Software Token 5.0.2 for Windows Desktop application successfully installs on the computer.
- A token is imported successfully.
- Token authentication works in a Windows Virtual Desktop (VDI) with a roaming profile.
- The DatabasePath is set to P:\%HOME% to map to user's home directory,
After a reboot of the device, the following errors are seen:
Set verbose logging in HKEY_LOCAL_MACHINE\SOFTWARE\RSA\SoftwareToken\Library\LogLevel.
“No token storage device was detected. Verify that the device is attached and contact your administrator.”
Debug
DEBUG 0x00000f24 Software Token Library - In dpapi_decrypt() -- CryptUnprotectData FAILED with GetLastError: -2146893813
DEBUG 0x00000f24 Software Token Library - A description of the error -2146893813, is: Key not valid for use in specified state.
DEBUG 0x00000f24 Software Token Library - FAILED to decrypt for checksum in getChecksum()
Cause
The user has roaming profile, but with the token database on the hard drive, it is difficult to keep it mapped mapped in virtual environments.
Resolution
Download the latest version of the
RSA SecurID Software Token 5.0.2 for Windows Desktop. It will contain hot fix SWTDT-1775 and install or update with the new SETROAMING=TRUE switch, as well as the SETCOPYPROTECTION=FALSE switch.
Full details in the readme are available in the Notes section of this article.
To install,
- Download the RSASecurIDSoftwareToken5.0.2<PLATFORM>.zip, based on the Windows platform that the RSA SecurID Software Token 5.0 for Windows is going to be installed. Place the file on the local machine.
- In the directory where the kit is unzipped, find the RSASecurIDToken502.zip, unzip it.
- Open a command prompt with elevated privileges and navigate to the kit directory.
- Run, for example, on a 64 bit computer:
msiexec /i RSASecurIDTokenAuto502x64.msi /qn /l*v
install.log SETROAMING=TRUE SETCOPYPROTECTION=FALSE
Notes
====SWTDT-1775_readme.txt====
The RSA SecurID Software Token 5.0 for Windows hotfix files are:
RSASecurIDSoftwareToken5.0.2x64.zip
RSASecurIDSoftwareToken5.0.2x64.zip.md5.rtf
RSASecurIDSoftwareToken5.0.2x86.zip
RSASecurIDSoftwareToken5.0.2x86.zip.md5.rtf
********************************************************************************
RSA SecurID Software Token 5.0 for Windows Hotfix for
SWTDT-1775 Installation Instructions
********************************************************************************
1) Unzip the RSASecurIDSoftwareToken5.0.2<PLATFORM>.zip, based on the
Windows platform RSA SecurID Software Token 5.0 for Windows is
going to be installed on.
2) In the directory where the kit is unzipped into, find
RSASecurIDToken502.zip, unzip it.
3) Open a command prompt with elevated privileged and cd to the kit
directory. Run, for example, on a 64 bit computer:
msiexec /i RSASecurIDTokenAuto502x64.msi /qn /l*v
install.log SETROAMING=TRUE SETCOPYPROTECTION=FALSE
or
msiexec /i RSASecurIDToken502x64.msi /qn /l*v
install.log SETROAMING=TRUE SETCOPYPROTECTION=FALSE
********************************************************************************
Upgrade from previous versions of RSA SecurID Software Token 5.0 for
Windows to hot fix for SWTDT-1775
********************************************************************************
This hot fix can be installed over previous versions of RSA SecurID
Software Token 5.0 with the default installation command. For example,
on a 64 bit computer, to install the application with automation:
msiexec /i RSASecurIDTokenAuto502x64.msi /qn /l*v install.log
Then use regedit to change the value of the following names of
HKEY_LOCAL_MACHINE\SOFTWARE\RSA\Software Token\Library:
Name New Value
-----------------------------------------------------------------------
CopyProtection 0
DatabasePath ~\AppData\Roaming\RSA\RSA SecurID Software Token Library
Roaming 1
An alternative is to first uninstall RSA SeucrID Software Token 5.0
and then install this hot fix.
In either case, the token will need to be imported again after the
installation.
********************************************************************************
RSA SecurID Software Token 5.0 for Windows Hotfix for
SWTDT-1775 Rollback Instructions
********************************************************************************
No rollback is provided with this hotfix.