Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Robert_Mueller
Collaborator

List Credential Providers with fdecontrol

Hi,

We some issues with the SmartCard Authentication and there is a SK which means, that I have to set the CP provider.. but I' not able to list the Credential Providers...

c:\Program Files (x86)\CheckPoint\Endpoint Security\Full Disk Encryption>fdecontrol.exe list-installed-providers
Unable to list credential providers.
c:\Program Files (x86)\CheckPoint\Endpoint Security\Full Disk Encryption>

It makes no different if I'm admin or not.. any ideas why I'm not able to perfom this?

Br

Rober

0 Kudos
4 Replies
Michael_Bybee
Employee
Employee

We only have one report of this in the SR history and it was a broken install. Without logs or any other information about the situation I would assume a permissions issue or an install that wasnt able to create files or registry entries that it needed. If not that then maybe another program on the machine that is holding this information and we arent able to get it. 

you can see the last used credential provider in the registry here: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI

You can see all available credential providers here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

Are other installs working fine? 

0 Kudos
Robert_Mueller
Collaborator

Hi,

Mhm.. the installation works except this.. the point is that we see the FDE credential provider in the registry but it seems that it is not selected as default and so we want to set it manually as described in the SK.. but that wont work...

0 Kudos
Robert_Mueller
Collaborator

In the dlog1.txt is the followin entry

Das Log File unter C:\ProgramData\CheckPoint\Endpoint Security\Full Disk Encryption\dlog1.txt

fdecontrol.exe:3c38                       Exception when getting provider name, Error = key not found

fdecontrol.exe:3c38                       Unable to list credential providers.

Robert

0 Kudos
Michael_Bybee
Employee
Employee

This will take some back and forth to resolve so I'd recommend opening an SR with the TAC. Important details they will want from the machine:

1.) CPINFO collected from client GUI>advanced

2.) Do you see the providers in the registry?: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

3.) If you do this on a machine that has not joined the domain do you get the same problem?

4.) Does GPO block permission to the registry?

5.) Do you have any other security software on the machine that could be blocking us from reading the registry?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events