MilitaryCAC Forums
July 31, 2014, 04:26:52 *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: I'm sorry, if you really want to be a member to this forum email me:  http://militarycac.com/questions.htm  I'm getting between 25-50 request for SPAMMERS to join the forum EVERY day.  I spend more time deleting and creating rules to stop them.
 
   Home   Help Search Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Win 7 (32 Bit) ActivClient 6.2.0.122 Multiple pin prompts?  (Read 16151 times)
0 Members and 1 Guest are viewing this topic.
chris.shrout
Navy
Newbie
*
Posts: 5


View Profile
« on: September 22, 2011, 11:42:07 »

ActivClient 6.2.0.122 is installed on user's computer (Win 7 32 Bit - professional I believe). User must authenticate upon initial access to SharePoint site. User must continually re-authenticate (enter their pin) whenever changing pages, opening a document - sometimes no apparent reason whatsoever.

ActivClient logs not overly revealing but I do not know what I am looking for. Hesitant to post the logs on a public forum. Looking for reasons why ActivClient would prompt multiple times for PIN.

Webclient service being enabled / disabled seems to have no impact. Compatibility view on SharePoint site on / off seems to have no impact. Other CAC enabled sites (NMCI OWA for example) do not cause multiple prompts.

ActivClient troubleshooting diagnostics reveal that PKI Slot 2 is inaccessible due to insufficient security rights. Win 7 can see and access all certs, authentication takes place successfully but must be repeated constantly. User is local administrator.
Logged
CW3 Danberry
MilitaryCAC.com Web Helper
Administrator
Full Member
*****
Posts: 54


Your "Chief Computer Geek"


View Profile WWW
« Reply #1 on: September 22, 2011, 17:09:33 »

Hello Chris,

  I've heard of multiple PIN prompts when using the Windows 7 built in Smart Card utility and on a Mac.  This is because they were not using ActivClient.  But, you stated you were using ActivClient, strange.

You were using the Email cert when accessing SharePoint, right?  I "sounds" to me like whoever built your SharePoint site went "CAC happy."  when you transition pages, is it opening up a new page?

I don't think it is an ActivClient issue becuase it works for your OWA. 

Have you tried any other CAC enabled websites/
Logged

I want to help you successfully setup your CAC on your home computer. If you are still stumped, contact me at: http://militarycac.com/questions.htm
chris.shrout
Navy
Newbie
*
Posts: 5


View Profile
« Reply #2 on: March 05, 2012, 10:36:06 »

Hello Chris,

  I've heard of multiple PIN prompts when using the Windows 7 built in Smart Card utility and on a Mac.  This is because they were not using ActivClient.  But, you stated you were using ActivClient, strange.

You were using the Email cert when accessing SharePoint, right?  I "sounds" to me like whoever built your SharePoint site went "CAC happy."  when you transition pages, is it opening up a new page?

I don't think it is an ActivClient issue becuase it works for your OWA. 

Have you tried any other CAC enabled websites/

Sorry for not getting back to this until now! Been a busy 6 months...

Problem still seems to exist. I believe the issue is related to the particular domain I am authenticating to. Unfortunately I do not have other CAC enabled SharePoint implementations to test against. I believe that this problem will surface heavily within DOD as they roll forward with Windows 7 deployments during the next calendar year (especially in my neighborhood here...).

Thanks for the response and I'm just holding my breath!
Logged
Lippy
Army
Newbie
*
Posts: 18



View Profile
« Reply #3 on: March 06, 2012, 08:48:29 »

Please, keep us posted.
Logged
chris.shrout
Navy
Newbie
*
Posts: 5


View Profile
« Reply #4 on: April 13, 2012, 08:31:03 »

I *believe* I have finally cracked this nut... My sample group is a bit small, but I've gotten 3 different computers to stop with multiple authentication and prompt only once per session.

Things to note:

1) Be sure that you have the latest version of ActivClient and that it is patched for the appropriate version of the OS. ActivClient updates can be found on this site:

http://militarycac.com/activclient62update.htm

2) Be sure that the "Advanced Configuration Manager" is installed. All systems that were having multiple pin prompts did *not* have the "Advanced Configuration Manager". If it is not installed then uninstall ActivClient and reinstall. Be sure that it is included in the install process by running the "Custom" install option.

3) After the software has been installed along with the "Advanced Configuration Manager" right click on the ActivClient system tray icon and go to "Advanced Configuration Manager". Choose the "Pin Caching Service" section. Be sure that the "Enable 'Include' application list" setting is set to "Yes" and that the "Enable 'OpenCard' application list" setting is set to "yes".

4) Double click on "Applications 'included' in PIN caching". The "Included" application list will pop up.
-Be aware that Windows 7 32 bit and Windows 7 64 bit have slight differences in their "Program Files" paths
-Windows 7 64 bit has a "Program Files (x86)" folder along with a "Program Files" folder
-Windows 7 32 bit has only a "Program Files" folder

5) Add the path to the Internet Explorer executable into the "Included" pin caching list then click "OK"
-32 Bit: C:\Program Files\Internet Explorer\iexplore.exe
-64 bit: C:\Program Files (x86)\Internet Explorer\iexplore.exe

6) Double click on "Applications 'optimized' for PIN caching". The "Optimized" list will pop up

7) Add the path to the Internet Explorer executable into the "Optimized" pin caching list
-32 Bit: C:\Program Files\Internet Explorer\iexplore.exe
-64 bit: C:\Program Files (x86)\Internet Explorer\iexplore.exe

The user still seems to be prompted multiple times when opening a document from the site. No ready solution for that, but it is typically 3 prompts max.

The system will prompt you to reboot.

Thus far these steps have resolved the multiple pin prompts on both 32 bit 6.2.0.122 and 64 bit 6.2.0.133 (I believe it's .133). I have not tested this with the latest release. I found the following documentation to be incredibly helpful in troubleshooting this issue:

https://www.navyreserve.navy.mil/helpdesk/Helpdesk%20Library/ActivClient%206.2%20Installation%20Guides/ActivClient%20Administration%20Guide.pdf

Hope this post helps the rest of you all out there! Please add to this thread if you find more technical issues or solutions.
Logged
Lippy
Army
Newbie
*
Posts: 18



View Profile
« Reply #5 on: April 13, 2012, 18:59:06 »

Gtatzi!
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!