Issues with Preboot Authentication and RSA SID800 Tokens
I am currently in the planning stages of deploying the Safeboot software to 150 laptops and using RSA SID800 Stored Value tokens for authentication. However, I have been running into issues getting the tokens to work with the preboot authentication. I have been working with McAfee Tech Support but they have not been able to help and are still investigating my issues. Most of the problems are occurring with port replicators.
Here is a list of issues that I am having:
1. The preboot authentication will only work with the SID800 tokens if it is inserted into the USB port on the laptop before turning on the laptop (this occurs either if it is docked or undocked). If you do not insert it prior to turning on the laptop, it will fail to detect the SID800 about 90% of the time.
2. When you do plug the SID800 token before turning on the laptop, there is still a 15% chance that the preboot authentication will not detect the SID800 token. When that occurs, powering off and back on does not help and the only solution is to undock and redock the laptop. It is a intermittent issue that varies by user.
3. Even when preboot authentication does detect the SID800 token, it still prompts users to insert the token (even though it is inserted) and will successfully authenticate only when the user selects OK at the prompt asking you to insert it.
4. The SID800 will never work when plugged into the usb port on the port replicator, whether it is plugged into the docking station before or during preboot authentication.
Here is what McAfee has had me do:
1. Upgraded the BIOS to the latest versions on the laptops.
2. Upgraded to the latest version of Safeboot (v5.1.7) which was supposed to correct a lot of these issues and it did not.
3. Had me check the BIOS to insure that the legacy USB settings were enabled and they were.
4. Made sure the USB settings are not initialized on preboot. The setting was disabled.
5. I upgraded the firmware on the SID800 tokens to the latest version.
The hardware that I am using is:
Toshiba laptops - M2, M5, M9, and M10 models. Toshiba docking stations - PA3508U and PA3474U
I was wondering if any other administrators have had the same issues that I have had RSA SID800 Tokens or any other tokens? Is so, how were you able to reduce the frequency of the issues surrounding the preboot authentication? Unfortunately, I work with an organization that requires us to abide by government standards and dual factor authentication is mandatory.