Scribd
Upload
414 views17 pages

007-013559-005 - SafeNet Authentication Client - 10.4 - Windows - GA - Release Notes - RevA

This document provides release notes for SafeNet Authentication Client version 10.4 for Windows. The release introduces support for See What You Sign Pin Pad readers used with IDPrime MD cards. It includes bug fixes and details compatibility information for browsers, operating systems, tokens, smart cards, localizations, and applications. Installation and upgrade instructions are also provided, as well as information on resolved issues, known limitations, known issues, deprecated devices, documentation, and support contacts.

Uploaded by

Kostas Panagiotopoulos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
414 views17 pages

007-013559-005 - SafeNet Authentication Client - 10.4 - Windows - GA - Release Notes - RevA

This document provides release notes for SafeNet Authentication Client version 10.4 for Windows. The release introduces support for See What You Sign Pin Pad readers used with IDPrime MD cards. It includes bug fixes and details compatibility information for browsers, operating systems, tokens, smart cards, localizations, and applications. Installation and upgrade instructions are also provided, as well as information on resolved issues, known limitations, known issues, deprecated devices, documentation, and support contacts.

Uploaded by

Kostas Panagiotopoulos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

SafeNet Authentication Client

RELEASE NOTES

Version: 10.4 – Windows (GA)


Build 26
Issue Date: June 2017
Document Number: 007-013559-005 Rev A

Contents
Product Description .................................................................................................................................................................... 3
Release Description .................................................................................................................................................................... 3
New Features and Enhancements.............................................................................................................................................. 3
Licensing..................................................................................................................................................................................... 3
Default Password ........................................................................................................................................................................ 3
Password Recommendations .............................................................................................................................................. 4
Initialization Key Recommendation ...................................................................................................................................... 4
Compatibility Information ............................................................................................................................................................ 4
Browsers .............................................................................................................................................................................. 4
Operating Systems .............................................................................................................................................................. 4
Tokens ................................................................................................................................................................................. 5
Certificate-based USB Tokens ....................................................................................................................................... 5
Software Tokens ............................................................................................................................................................ 5
Smart Cards ................................................................................................................................................................... 5
End-of-Sale Tokens/Smart Cards .................................................................................................................................. 6
End-of-Life Tokens/Smart Cards .................................................................................................................................... 6
External Smart Card Readers ........................................................................................................................................ 7
Tablets ................................................................................................................................................................................. 7
Localizations ............................................................................................................................................................................... 8
Compatibility with Gemalto Applications ..................................................................................................................................... 8
Installing SAC with eToken SafeNet Network Logon 8.3 ..................................................................................................... 9
Compatibility with Third-Party Applications ................................................................................................................................. 9
Installation and Upgrade Information ........................................................................................................................................ 10
Installation .......................................................................................................................................................................... 10

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 1 of 17


Document Number: 007-013559-005
Upgrade ............................................................................................................................................................................. 10
Resolved Issues ....................................................................................................................................................................... 10
Known Limitations..................................................................................................................................................................... 11
Known Issues ........................................................................................................................................................................... 12
Known Issues – Deprecated Devices ....................................................................................................................................... 16
Product Documentation ............................................................................................................................................................ 17
Support Contacts ...................................................................................................................................................................... 17

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 2 of 17


Document Number: 007-013559-005
Product Description
SafeNet Authentication Client is public key infrastructure (PKI) middleware that provides a secure method for
exchanging information based on public key cryptography, enabling trusted third-party verification of user identities.
It utilizes a system of digital certificates, certificate authorities, and other registration authorities that verify and
authenticate the validity of each party involved in an Internet transaction.

Release Description
SafeNet Authentication Client 10.4 introduces support for See What You Sign (SWYS) Pin Pad reader with IDPrime
MD cards.

New Features and Enhancements


SafeNet Authentication Client 10.4 (GA) offers the following new features:
• Support for See What You Sign (SWYS) Pin Pad readers with IDPrime MD cards.
• SWYS acts as a regular Pin Pad reader and in addition provides the ability to sign documents or
transactions using the See What You Sign (SWYS) feature.
• The functionality of SWYS is available via SAC SDK PKCS#11 Extended API.
• SAC supports both PKI (certificate) and OCRA OTP mechanisms with the SWYS feature.
• Ensure that your reader supports the required (PKI / OCRA OTP) configuration.
• Bug fixes - this release includes bug fixes from previous SAC versions.

Licensing
The use of this product is subject to the terms and conditions as stated in the End User License Agreement. A valid
license must be obtained from the SafeNet License Center: https://lc.cis-app.com/.

NOTE: Using the Gemalto IDGo 800 Minidriver as a standalone component does
not require SAC licensing.

Default Password
SafeNet eToken devices are supplied with the following default token password: 1234567890.
IDPrime cards are supplied with the following default token password: “0000” (4 digits). The administrator password
must be entered using 48 hexadecimal zeros (24 binary zeros).
For IDPrime MD 840/3840/eToken 5110 CC devices:
• The default Digital Signature PIN is “000000” (6 digits)
• The default Digital Signature PUK is “000000” (6 digits)

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 3 of 17


Document Number: 007-013559-005
Password Recommendations
We strongly recommend changing all device passwords upon receipt of a token/ smart card as follows:
• User PIN should include at least 8 characters of different types.
• Admin PIN should include at least 16 characters of different types.
• The Friendly Admin Password should include at least 16 characters of different types (See the SafeNet
Authentication Client User Guide for more details on the Friendly Admin Password)
• Digital Signature PUK, when using a friendly name, should include at least 16 characters of different types.

NOTE: Character types include upper case, lower case, numbers, and special
characters.

Initialization Key Recommendation


We strongly recommend changing the Initialization Key using either one of the following methods:
• The customization process (CPB)
• The SAC Initialization process (See the SafeNet Authentication Client User Guide for more details on
Initialization Key settings)

Compatibility Information
Browsers
SafeNet Authentication Client 10.4 (GA) Windows supports the following browsers:
• Firefox 53.03
• Internet Explorer 11.332.15063.0
• Chrome version 59.0.3071.86
• Microsoft Edge 40.15063.0.0

Operating Systems
SafeNet Authentication Client 10.4 (GA) Windows supports the following operating systems:
• Windows Server 2008 R2 SP1 (32-bit, 64-bit)
• Windows Server 2008 SP2 (32-bit, 64-bit)
• Windows Server 2012 and 2012 R2 (64-bit)
• Windows Server 2016 (64-bit)
• Windows 7 SP1 (32-bit, 64-bit)
• Windows 8 (32-bit, 64-bit)
• Windows 8.1 (32-bit, 64-bit)
• Windows 10 (32-bit, 64-bit)

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 4 of 17


Document Number: 007-013559-005
Tokens
SafeNet Authentication Client 10.4 (GA) supports the following tokens:

Certificate-based USB Tokens


• SafeNet eToken 5110
• SafeNet eToken 5110 CC
• SafeNet eToken 5110 FIPS
• SafeNet eToken 5110 FIPS HID
• SafeNet eToken 5110 HID

Software Tokens
• SafeNet Virtual Token
• SafeNet Rescue Token

Smart Cards
• Gemalto IDCore 30B eToken
• Gemalto IDPrime MD 840
• Gemalto IDPrime MD 840 B
• Gemalto IDPrime MD 3840
• Gemalto IDPrime MD 3840 B
• Gemalto IDPrime MD 830-FIPS
• Gemalto IDPrime MD 830-ICP
• Gemalto IDPrime MD 830 B
• Gemalto IDPrime MD 3810
• Gemalto IDPrime MD 3811
• Gemalto IDPrime MD 8840 (8GB) Micro SD card
• Gemalto IDPrime .NET (only SAC PKCS#11 and IDGo 800 Minidriver interfaces)

NOTE: For more information on IDPrime MD Smart Cards, see the IDPrime MD
Configuration Guide.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 5 of 17


Document Number: 007-013559-005
End-of-Sale Tokens/Smart Cards
• SafeNet eToken 5100/5105
• SafeNet eToken 5200/5205
• SafeNet eToken 5200/5205 HID
• SafeNet eToken 4100
• SafeNet eToken 7000 (SafeNet eToken NG-OTP)
• SafeNet eToken 7300
• SafeNet eToken 7300-HID

NOTE: SafeNet HID tokens are not compatible with Smart Card Logon and CAPI
based VPN applications.

End-of-Life Tokens/Smart Cards


• SafeNet eToken PRO 32K v4.2B
• SafeNet eToken PRO 64K v4.2B
• SafeNet eToken Pro SC 32K v4.2B
• SafeNet eToken Pro SC 64K v4.2B
• SafeNet eToken 7100 (SafeNet eToken NG-Flash)
• SafeNet iKey: 2032, 2032u, 2032i ( Windows and Mac only)
• SafeNet smart cards: SC330, SC330u, SC330i
• SafeNet eToken 5000 (iKey 4000)
• SafeNet eToken 4000 (SC400)
• SafeNet eToken PRO Java 72K
• SafeNet eToken PRO Anywhere
• SafeNet eToken PRO Smartcard 72K

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 6 of 17


Document Number: 007-013559-005
External Smart Card Readers
SafeNet Authentication Client 10.4 (GA) supports the following smart card readers:
• Gemalto IDBridge K30
• Gemalto IDBridge K50
• Gemalto IDBridge CT30
• Gemalto IDBridge CT40
• Gemalto IDBridge CL 3000 (ex Prox-DU)
• SCR 3310 v2 Reader
• Athena AESDrive IIIe USB v2 and v3
• Advanced Card System ACR 1281U
• Athena Keyboard
• Omnikey 3121
• Dell Broadcom (This reader is found only in laptops)
• Unotron

NOTE: SC Reader drivers must be compatible with the extended APDU format in
order to be used with RSA-2048 (relevant to SafeNet eToken 4100).

Mobile PKI Bluetooth Readers:


• SafeNet Reader CT1100
• SafeNet Reader K1100
Secure PIN Pad Readers:
SafeNet Authentication Client 10.4 (GA) supports the following PIN pad readers:
• Gemalto IDBridge CT700
• Gemalto IDBridge CT710
• Ezio Shield Pro
• Ezio Bluetooth Reader
• Ezio BLE

NOTE: The Secure PIN Pad readers listed above are subject to limitations.
Certain readers may not fully support all Smartcards. See the Administrator Guide
for full details of supported Smartcard and PIN Pad reader combinations.

Tablets
• Lenovo ThinkPad Tablet running Windows 8.
• Microsoft Surface Pro 4 running Windows 8.1 and Windows 10.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 7 of 17


Document Number: 007-013559-005
Localizations
SafeNet Authentication Client 10.4 (GA) Windows supports the following languages:
• Chinese (Simplified) • Hungarian • Romanian
• Chinese (Traditional) • Italian • Russian
• Czech • Japanese • Spanish
• English • Korean • Thai
• French (Canadian) • Lithuanian • Vietnamese
• French (European) • Polish • Turkish
• German • Portuguese (Brazilian)

NOTE:
• When using IDPrime MD, .Net cards and eToken 5110 CC, the user PIN and
Admin Pin can be in English only.
• IDPrime features are available in English localization only (e.g. Initializing
Common Criteria devices and PIN Pad functionality).

Compatibility with Gemalto Applications


IDPrime MD cards can be used with the following products:
• Gemalto Bluetooth Device Manager (GBDM) (V3.1)
• IDGo 800 Credential Provider (V1.2.4)
• IDGo 800 User Tool for Windows (V1.1.30)
• IDGo 800 Cert Tool (V 1.0.7)
• IDGo 800 Minidriver (V 1.2.9) (dll – V 8.5.0.6)
• Classic Client (V 6.3.12)
For more information refer to the compatibility guide Using SafeNet Authentication Client with IDGo 300.
• eSigner (V 6.4.1)

To work with these products, install IDGo 800 Minidriver by generating an .msi file using the SAC Customization
Tool. See the SafeNet Authentication Client 10.4 (GA) Administrator Guide for more details on how to generate the
MSI installation file.
SafeNet Authentication Client can be used with the following products:
• SafeNet Network Logon 8.3
• SafeNet Authentication Manager 9.0 (Gemalto IDPrime MD 840 / 3840 and .Net devices are not supported
on this version of SAM).

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 8 of 17


Document Number: 007-013559-005
Installing SAC with eToken SafeNet Network Logon 8.3
When installing SafeNet Authentication Client together with SafeNet Network Logon, perform the tasks in the
following order:
1. Install SafeNet Authentication Client.
2. Install SafeNet Network Logon.
3. You may be required to restart the computer.

NOTE: When installing SAC together with SafeNet Network Logon, you must
install SAC as a Custom installation (instead of Typical) and enable the eTSapi
component.

Compatibility with Third-Party Applications


Most of the third-party applications listed below have been validated and tested with SafeNet Authentication Client
10.4 (GA).

Solution Type Vendor Product Version


Check Point Client E-80 (Security Gateway)
Microsoft Windows Server 2008 SP2 and later
Cisco NAM
Remote Access VPN
AnyConnect
Palo Alto PA-200 GW Appliance
Juniper Juniper MAG 2600 GW Appliance
Citrix XenApp/XenDesktop 7.9
Virtual Desktop Infrastructure (VDI) Microsoft Remote Desktop
VMware View Horizon 7.0
IBM ISAM for Web 9.0 (eToken only)

Identity Access Management (IAM) Intercede MyID (eToken only)


Identity Management (IDM) Microsoft MIM 2016

IDnomic OpenTrust CMS 4.9.1

Sophos SafeGuard Easy (eToken only)


Pre Boot Authentication (PBA)
Microsoft BitLocker (RSA only)
Entrust SMA 8.1 (eToken only)
Certificate Authority (CA) Check Point (Local CA) For All Check Point platforms
Microsoft (Local CA) For All Windows platforms
Microsoft All supported OS
Local Access
Evidian ESSO (eToken only)

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 9 of 17


Document Number: 007-013559-005
Solution Type Vendor Product Version
Entrust ESP 9.2 (eToken only)
Adobe Reader XI and DC
Digital Signatures
Microsoft Outlook 2010 and 2013
Mozilla Thunderbird 45

Installation and Upgrade Information


Installation
SafeNet Authentication Client must be installed on each computer on which IDPrime MD cards, as well as SafeNet
Tokens or Smart Cards are to be used. Local administrator rights are required to install or uninstall SafeNet
Authentication Client.

Upgrade
For earlier versions of SafeNet Authentication Client, it is recommended that an upgrade is performed to the latest
version on each computer that uses a Token or Smart Card. Local administrator rights are required to upgrade
SafeNet Authentication Client.
Gemalto customers migrating from IDGo 800 must uninstall their version of IDGo 800 and install SafeNet
Authentication Client 10.4 (GA).
For more Installation and Upgrade details, see the SafeNet Authentication Client 10.4 (GA) Administrator Guide.

Resolved Issues
Issue Synopsis
ASAC-5349 eToken 7300 crashed during the initialization process.

ASAC-5209 When initializing an IDPrime MD 840 on SAC 10.3.25 and the “Use the same
token and administrator passwords for digital signature operation” feature was
selected, a general error occured.

ASAC-5184 It was not possible to set the “Must change password on first logon’ Field on an
IDPrime MD 840 device with PKCS#11 extension.

ASAC-5177 Windows logon showed latency when an IDPRime MD 830 RevB card was used
with SAC.

ASAC-5167 When trying to generate an RSA key pair on IDPrime MD 840 CSP via
PKCS#11, errors were reported.

ASAC-5157 When using the Single Logon Timeout feature SAC remains logged on even
after the timeout count is exceeded.

ASAC-4779 SAC prompted for a PIN Pad reader even though the card did not support PIN
Pad.

ASAC-2643 After changing the virtual reader settings, a general error message appeared.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 10 of 17


Document Number: 007-013559-005
Known Limitations
Issue Synopsis

ASAC-4872 IDPrime MD 840 and eToken 5110 CC do not support history size of Password Quality.
ASAC-4531 IDPrime MD 830B (applet 4.3.5) FIPS L3 does not support RSA 1024, ECC signing with
SHA1 algorithms, as per FIPS/NIST regulations.
ASAC-4363 As of SAC 10.2, Symmetric keys created using PKCS#11 without the attributes:
CKA_SENSITIVE = TRUE and CKA_EXTRACTABLE = FALSE, on an eToken Java device
initialized in FIPS/CC mode will face backward compatibility issues on previous SAC
versions.

ASAC-4081 SafeNet eToken 5110 FIPS does not support RSA 1024 and SHA1 on board, as per
FIPS/NIST regulations.

SafeNet Authentication Client does not support RSA 3072 and 4096 on IDPrime MD, .NET
and eToken devices.
ASAC-3980
SafeNet Authentication Client does not support Single Sign On with IDPrime .NET and
IDPrime MD cards via PKCS#11 API interface.

ASAC-3769 The following PIN pad limitations exist:


• SC Logon via eToken CSP (not supported) Customer must use Minidriver
• Common Criteria Linked mode (not supported) A security contradiction exists
whereby the PIN pad provides high protection, but linked mode reduces the
security.
• IDPrime MD 840 and IDPrime MD 3840 cards ignore the “Token password must be
changed on first logon” parameter when working with the PIN pad reader.
• Performing a “Change PIN” operation via PKCS#11 (C_SetPIN) requires the PIN
to be entered again at the end of the process.
• Single Sign On is not supported with PIN Pad readers.

ASAC-2320 When 'Smart Card is required for interactive logon' is enabled, the ‘Synchronize with
Domain Password’ feature of SAC is not supported (domain passwords cannot be changed
when this option is enabled).

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 11 of 17


Document Number: 007-013559-005
Known Issues
Issue Synopsis

ASAC-5306 Summary: When trying to log onto a locked device, two messages are shown instead of
one.
Workaround: Close both windows.

ASAC-5201 Summary: When connecting a non-Pin Pad reader, an incorrect message is displayed in
the event viewer.
Workaround: To disable minidriver PinPAD support, create a REG_DWORD value called
"NoPinPad" under the key
HKEY_LOCAL_MACHINE\SOFTWARE\SafeNet\Authentication\SAC\General and
set its value to 1.
On 64-bit machines, you additionally need to do the same under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SafeNet\Authentication\SAC\
General

ASAC-4950 Summary: When an incorrect token password is entered on Metro IE:


• The “Incorrect Token Password” message is not displayed.
• The retries counter is decreased by 1.
• The Token Logon window remains displayed.
Workaround: If the Token Logon window remains displayed after a token password is
submitted, assume that the password entered was incorrect. You can use SAC Tools to see
the number of remaining retries.
ASAC-4516 Generating a customized .msi file with a previous xml file (taken from an earlier SAC
version) is not supported.
Workaround: Make sure you create a new configuration with the same settings in the
current SAC version.
ASAC-4504 Summary: When rebooting a PC after placing an IDPrime 3811 MD contactless card on a
reader, the following error message appears: “No valid certificates were found on this smart
card….”.
Workaround: Remove the card and then place it back on the reader, the certificate will be
seen, and may be used.
ASAC-4497 Summary: When Configuring the Maximum Password Usage value to a value other than
zero (0), the password will expire a day later than was defined. For example: set it to 166
days, SAC will show 167 days.
Workaround: None.
ASAC-4479 Summary: When inserting an IDPrime MD card that contains a new certificate friendly
name, SAC displays the order of the messages incorrectly.
Workaround: None.
ASAC-4469 Summary: Aborting an import certificate operation (in the middle of the process) while
working with a Pin Pad reader, SAC Tools ignores the request to abort and continues with
the import certificate operation.
Workaround: Press cancel on the ‘Import Certificate’ window to abort the import
certificate operation.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 12 of 17


Document Number: 007-013559-005
Issue Synopsis

ASAC-4141 Summary: During the unblock operation, no other application can access the device until
the unblock operation is finished or canceled.
Workaround: None.
ASAC-4116 Summary: When entering an incorrect Digital Signature PIN while enrolling a CC
Certificate onto a CC device in unlinked mode, the enrollment process fails.
Workaround: Retry enrolling the certificate with the correct Digital Signature PIN.

ASAC-4024 Summary: When unlocking a Common Criteria device (that’s in linked mode) via SAC
Tools and an incorrect Challenge Response is sent, a general error message is received.
Workaround: None.

ASAC-3451 Summary: Upgrading from previous versions to SAC 10.4 (while a token is connected with
ASAC-2278 Smart Card Logon, MS certificate or SNL profile), caused the session to lock the upgrade
process automatically and the upgrade process to fail.
ASAC-2221
Workaround: Run the following command to upgrade from previous SAC versions to SAC
ASAC-1675
10.4:
msiexec /i C:\SafeNetAuthenticationClient-x32-10.4.msi
PROP_FAKEREADER=128

ASAC-3449 Summary: When generating an MSI file using the SAC Customization Tool, the eToken.dll
file is run over by the eTokenMD.dll when selecting IDGO 800 Minidriver.
Workaround: Select eToken CSP\KSP provider when using eToken Devices.

ASAC-3112 Summary: The SAC token login window on IE11 freezes when the Enhanced Protected
Mode feature is on.
Workaround: Move the mouse cursor to the window and click inside the text box, or
disable the Enhanced Protected Mode feature.

ASAC-2653 Summary: When working with a token on VM Workstation, the token might be
unrecognized when selecting the "Shared" device in VM > Removable Devices menu.
Workaround: Connect the device that is not under the "Shared" devices list in order to
work with the eToken device.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 13 of 17


Document Number: 007-013559-005
Issue Synopsis

ASAC-2429 Summary: Performing a remote desktop connection from a system which has Minidriver
installed, to a system with SAC installed, causes RDP errors after entering the smart card
PIN.
Workaround:
1. Upgrade the RDP version on the machine.
2. Edit the RDP file (on the Client) by following these steps:
• Open the Remote Desktop connection window.
• Click Show Options.
• Under Connection Settings, click Save as, and save the RDP file locally.
• Open the file using Notepad.
• Add enablecredsspsupport:i:0 at the end of the RDP file and then save the
file.
• Connect to the server using the edited RDP file.
For more details, see:
https://support.microsoft.com/en-us/kb/941641
https://technet.microsoft.com/en-us/library/ff393660(v=ws.10).aspx

ASAC-2299 Summary: SafeNet Virtual devices that are locked to flash, and were enrolled on SafeNet
Authentication Manager using a USB 3 port, cannot function on a USB 2 port, and vice
versa.
Workaround: If the SafeNet Virtual Token was enrolled on a USB 3 port, then use the
token on a USB 3 port only. If the SafeNet Virtual Token was enrolled on a USB 2 port, then
use the token on a USB 2 port only.

ASAC-2298 Summary: Connection problems occur when SafeNet Virtual devices are locked to flash
and enrolled on a VMware environment.
Workaround: When using a SafeNet Virtual device that is locked to flash, make sure the
device is enrolled on a regular environment and not VMware.

ASAC-2295 Summary: SAC 9.0 does not support legacy GA configuration profiles.
Workaround: Create new profiles using SAC 9.0 Customization Tool.

ASAC-2284 Summary: When a user attempts to generate a customized SAC msi file with no
administrator privileges, the process fails.
Workaround: Create customized SAC msi file with administrator privileges.

ASAC-2146 Summary: The process of creating a signed customized MSI with the Customization Tool
takes a while.
Workaround: Wait for the process to end.

ASAC-1992 Summary: Repartitioning the eToken 7300 device with a token password configured with
Maximum usage period and Expiration warning period, the repartition process fails.
Workaround: Initialize the token.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 14 of 17


Document Number: 007-013559-005
Issue Synopsis

ASAC-1740 Summary:
ASAC-2262 Scenario 1 - When using jarsigner.exe to sign JAR files, the jarsigner command fails to
respond for a while.
Scenario 2 - When performing an Identrust enrollment on Windows Server 2008, Windows
7 or Windows Server 2008 R2, the enrollment fails.

Cause:
In Windows 7 Windows Server 2008 and Windows Server 2008 R2, when an application
using a smartcard has been terminated unexpectedly, it causes other applications that try to
connect to the smartcard to stop responding. This occurs in both local and RDP
environments. This is a Microsoft issue. Microsoft have released Hotfixes that resolve this
issue.

Workaround: Download the following two hotfixes from Microsoft:


Local Scenario: http://support.microsoft.com/kb/2427997
RDP: http://support.microsoft.com/kb/2521923
ASAC-1722 Summary: When running the repair option from the MSI file wizard, the operation fails.
Workaround: Use the repair option by going to Control Panel > Add Remove Programs.

ASAC-1702 Summary: When the application runs as a service without the Local System Account
permissions, smart card communication fails.
Workaround: Make sure the service runs with the Local System Account permissions by
adding it manually.
This is a Microsoft by-design known issue. For more details refer to the following Microsoft
support ticket number: 114092811845001.

ASAC-1470 Summary: After updating the FW on an eToken 7300, the FW version might not be
updated under Token information in SAC Tools.
Workaround: Restart the machine.

ASAC-1419 Summary: When installing SAC via the GPO, SAC is installed successfully on the client
computer but the tray icon doesn't appear.
Workaround: Restart the client computer.

ASAC-1335 Summary: Mass storage options using an eToken 7300 protected token are not supported
within an RDP session.
Workaround: None.

ASAC-862 Summary: When a partitioned eToken 7300 device is connected, the SafeNet drive
eToken 7300 icon is displayed on the desktop but double-clicking it does not open the
device’s drive.
Workaround: Open the drive from the computer’s directory window.
ASAC-819 Summary: When the MS KB http://support.microsoft.com/kb/2830477 is installed in a
Windows 7 environment, you are prompted for the token password when you start the RDP.
But after entering the remote machine, you are prompted for the standard user name and
password.
Workaround: Uninstall the MS KB.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 15 of 17


Document Number: 007-013559-005
Issue Synopsis

ASAC-800 Summary: If the token was initialized as Common Criteria:


• The Challenge Code created during the Unlocking procedure is 13 characters, not
16 characters as expected.
• The Response Code created during the Unlocking procedure is 39 characters, not
16 characters as expected.
Workaround: When unlocking a CC token, the user must be sure to copy the entire
Response Code string.
AHWENG - Summary: When a protected eToken 7300 is connected with the flash partition accessible,
775 the flash partition may not be accessible after returning from sleep mode.
Workaround: Disconnect and reconnect the device.

ASAC-446 Summary: SAC interfered with Citrix’s debugging application.


Workaround: Use Citrix’ “Hotfix Rollup Pack 2 for Citrix XenApp 6.5 for Microsoft Windows
Server 2008 R2”, found at http://support.citrix.com/article/CTX136248.
ASAC-378 Summary: Smart card logon is not supported by default when using tokens with ECC
certificates.
Workaround: Perform the following:
In the Local Group Policy Editor, under Local Computer Policy\Administrative
Templates\Windows Components\Smart Card,
enable Allow ECC certificates to be used for logon and authentication.
ASAC-281 Summary: Upon successful eToken 7300 partitioning, a Microsoft Windows message
opens prompting you to format the disk.
Workaround: Click Cancel to close the message window.
ASAC-277 Summary: The SAC installation does not load the PKCS#11 module for 32-bit Firefox on a
ASAC-525 64-bit OS.
Workaround: Use 64-bit Firefox, or load the 32-bit PKCS#11 module manually from the
System32 folder.
SACINT-38 Summary: Unable to sign a Word document via Office 365 (Office on Demand) using SAC.
Workaround: Open the saved document from the local machine itself. This enables you to
sign the document successfully.

Known Issues – Deprecated Devices


Issue Synopsis

ASAC-4326 Summary: The iKey reader is not installed when upgrading to SAC 10.4.
Workaround: Uninstall SAC and re-install SAC 10.4.
ASAC-1315 Summary: When working with SafeNet smart cards SC330u, iKey 2032u, SC400, and iKey
4000 using SAC Tools, the number of unblocking code retries remaining cannot be
changed , unless the token or smart card are locked.
(i.e. there is no way of determining how many unblocking code retries remain).
Workaround: None. This is by design.

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 16 of 17


Document Number: 007-013559-005
Product Documentation
The following product documentation is associated with this release:
• 007-013560-004_SafeNet Authentication Client 10.4 Windows (GA) Administrator Guide
• 007-013561-004_ SafeNet Authentication Client 10.4 Windows (GA) User Guide
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be
perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in
succeeding releases of the product.

Support Contacts
If you encounter a problem while installing, registering, or operating this product, please make sure that you have
read the documentation. If you cannot resolve the issue, contact your supplier or Gemalto Customer Support.
Gemalto Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is
governed by the support plan arrangements made between Gemalto and your organization. Please consult this
support plan for further information about your entitlements, including the hours when telephone support is
available to you.

Contact Method Contact Information

Customer Support https://supportportal.gemalto.com


Portal Existing customers with a Technical Support Customer Portal account can log in to
manage incidents, get the latest software upgrades, and access the Gemalto Knowledge
Base.

Technical Support [email protected]


contact email

Release Notes: SafeNet Authentication Client 10.4 Windows (GA) Page 17 of 17


Document Number: 007-013559-005

You might also like