Troubleshooting Embassy Security Center

This posting is meant for those who may have experienced the unpleasant situation of Embassy Security Center (ESC) hanging after installing Internet Explorer 7. This is a known, or should I say, well-known issue apparently. But fixing the problem doesn’t seem to be too well known. It’s thanks to the help of the Technical Support crew at Wave Systems, who have a really neat diagnostic mechanism that I got the whole thing up and running in one shot. Dell Support on the other hand was completely clueless, although I must add that they were tremendously helpful and terribly polite and supportive - so much that I got persuaded to re-install Win-XP! But let me start at the beginning!

Note: If you just want the information without a rambling story, I’d advice you to jump to the bottom of this post :o)

I use a Dell Latitude D420 Centrino-duo, with 1-GB of RAM, and I opted for the biometric security, namely the Upek fingerprint reader. So the machine came with the Embassy Trust Suite for Dell loaded as the trusted platform manager. Everything installed fine, fingerprints got registered, and I’d gotten used to swiping my way into Windows.

I also happen to be a long-standing Microsoft aficionado; till some time ago, I’d be among the first to upgrade my machine’s OS to the latest announced by MS, even when it was a beta! So when IE7 was announced, it didn’t matter that I was happy with Firefox, I just had to install the product. Used it for a fair bit, still do, but figured it was a bit too heavy for my liking, so slowly slid back to Firefox for everything but those sites that would only run on IE…. like my bank!!

Didn’t realize that something had happened till I had to get into ETS to access some features, and found that I couldn’t get beyond the splash-screen! Pottered around the web and discovered that this was a known issue…. if that’s supposed to help - I wish I’d known before I opted to upgrade… anyway. Proceeded to follow the advice given, located the upgrade utility on the Dell Support site, it weighs a monumental 108 Mb, and after multiple attempts, got the file down.

Began the installation and that’s when the trouble started - the installer threw a couple of errors at me, went on to tell me that I’d need to restart the machine for the changes to take effect, and then proceeded to shut me out of the machine! The login screen stubbornly refused to accept any input - neither password nor fingerprint! I was sweating bullets!

In a tale that’s too long and fuzzy and boring in the telling, went into safe-mode, found and cleaned registry entries, deleted sundry directories and other things that I’ve managed to blank out of my head, and got the regular Windows login back. And thus climbed back into my machine. It felt like conquest!

Dell Support had not encountered a customer who had faced this problem before. As I’ve mentioned earlier, the executive handling my issue was extremely calm, professional and supportive; she came back to me with the prescription - reinstall Windows XP and start from scratch. The prospect of which was not as delightful as it used to be 5-6 years ago, when I’d have started by re-formatting the HDD to be safe - something about advancing age and slowing faculties I suppose. So this time around, I put it off, and put it off, and put it off….. and then one morning, where the residual alcohol levels from the previous evening was still high, set off on the journey of reinstalling Win XP.

I shall spare you the gory details of restoring devices and applications - best to have a couple of bottles of good beer when you start out. Went on to reinstall the ESC application, and to my utter delight, it went through without a hitch. Hurrah! Launched ESC, and it went beyond the splash screen where it used to hang once upon a time and into the application. So far so good. Went in to check the enrolled fingerprints, and the fun started all over again - some pop-ups that murmured of the inability to write into some database, the eternal duality of successful failure, and I was back where I’d started. Well not exactly, Windows login was now once again controlled by ESC, although it would not take fingerprint input. Hmmmmm….

Spent a fair amount of time typing in various combinations of words describing my problem into the almost-oracular-google seach box…. and reached the right page on the Wave Systems site: I encountered an “Error enrolling fingerprint to database” or other fingerprint enrollment errors. The procedure outlined there is detailed, and slightly painful. Mailed the results out to Wave Systems Support - and received instructions over e-mail that worked right out of the box! On going through the instructions, they seemed to be applicable to any instance of re-installation of Embassy Security Center / Embassy Trust Suite, and since these do not seem to be easily locatable on the Internet, thought to post them here for anyone encountering issues with reinstall.

Xxxx,

Thank you very much for the files! They made it much easier to determine the cause of the enrollment error you’re getting.

It looks like a file was malformed, possibly because you reinstalled Windows without clearing your TPM.

To clear the TPM:
Please follow the steps on this page to clear the TPM in the BIOS:
http://www.wave.com/csc/ets-support/sup_info_tpm_clear.htm

Boot into Windows.

Delete C:\Documents and Settings\USERNAME\Local Settings\Application Data\.user_keys.dat

Delete C:\Windows\key_registry.dat

Delete C:\Program Files\Wave Systems Corp\Secure Storage Manager\data\am.dat.

If you have a problem deleting this file, go to Control Panel–Administrative Tools–Services and stop the DataSvr Service. (Please note that am.dat is a hidden system folder. You may need to go to Tools–File Options and choose the View tab. Make sure the checkbox next to “Hide protected operating system files (Recommended)” is empty.

To clear enrolled fingerprints, please go to ftp://ftp.wavesys.com/ and
log in:
Username: xxxxx
Password: xxxxxxxx

If you are using Internet Explorer 7, please open the “tech3″ folder. Otherwise, continue.

Please download the file named DeleteUsers.zip. Unpack it, double-click the file to run it, and delete all fingerprints. Then delete the folder C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\UCS 2.0.
(Vista users, delete C:\Program Data\Wave Systems Corp.\UCS 2.0.)

This will delete previously enrolled fingerprints from the UPEK reader.

Please re-enroll for Windows login and let me know at support@wavesys.com if you continue to have problems.

Barbara Liepmann
Wave Tech Support
Wave Systems Corp.

Customer Experience: How am I doing? If you’d like to provide feedback, please contact my manager by emailing her at supportfeedback@wavesys.com.

I’d no idea whatsoever that I’d have to ‘clear the TPM’ before reinstalling Windows! The passwords above would’ve no doubt been reset, so I’ve blanked them out. I’ve also left in the name of the executive who sent me these instructions - as a mark of my appreciation for a message that was detailed enough without being tedious, for covering possible variations, for including tips to overcome possible hurdles - and for having worked in a single pass-thru’!

Good work Wave Systems Support! My only suggestion - could you make this information easier to locate? Perhaps on the Dell Support site(s)? And thanks again Barbara! :o)

Afterthought:
For anyone finding the above sufficiently emboldening enough to try on their own without contacting Wave Support, you can download the file deleteusers.zip here. All the best, and in case things work out fine for you, do come by and leave a comment? :o)