This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Robert_Mueller
Collaborator
‎2019-03-01 12:12 AM

List Credential Providers with fdecontrol

Hi,

We some issues with the SmartCard Authentication and there is a SK which means, that I have to set the CP provider.. but I' not able to list the Credential Providers...

c:\Program Files (x86)\CheckPoint\Endpoint Security\Full Disk Encryption>fdecontrol.exe list-installed-providers
Unable to list credential providers.
c:\Program Files (x86)\CheckPoint\Endpoint Security\Full Disk Encryption>

It makes no different if I'm admin or not.. any ideas why I'm not able to perfom this?

Br

Rober

0 Kudos
Reply
4 Replies
Michael_Bybee
Employee
Employee
‎2019-03-01 07:19 AM

We only have one report of this in the SR history and it was a broken install. Without logs or any other information about the situation I would assume a permissions issue or an install that wasnt able to create files or registry entries that it needed. If not that then maybe another program on the machine that is holding this information and we arent able to get it. 

you can see the last used credential provider in the registry here: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI

You can see all available credential providers here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

Are other installs working fine? 

0 Kudos
Reply
Robert_Mueller
Collaborator
‎2019-03-04 01:59 AM
In response to Michael_Bybee

Hi,

Mhm.. the installation works except this.. the point is that we see the FDE credential provider in the registry but it seems that it is not selected as default and so we want to set it manually as described in the SK.. but that wont work...

0 Kudos
Reply
Robert_Mueller
Collaborator
‎2019-03-04 02:13 AM
In response to Michael_Bybee

In the dlog1.txt is the followin entry

Das Log File unter C:\ProgramData\CheckPoint\Endpoint Security\Full Disk Encryption\dlog1.txt

fdecontrol.exe:3c38                       Exception when getting provider name, Error = key not found

fdecontrol.exe:3c38                       Unable to list credential providers.

Robert

0 Kudos
Reply
Michael_Bybee
Employee
Employee
‎2019-03-04 08:25 AM
In response to Robert_Mueller

This will take some back and forth to resolve so I'd recommend opening an SR with the TAC. Important details they will want from the machine:

1.) CPINFO collected from client GUI>advanced

2.) Do you see the providers in the registry?: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers

3.) If you do this on a machine that has not joined the domain do you get the same problem?

4.) Does GPO block permission to the registry?

5.) Do you have any other security software on the machine that could be blocking us from reading the registry?

0 Kudos
Reply