Environment
Novell Client 2 SP3 for Windows
Lenovo T440
Validity Fingerprint Reader
OmniPass Credential Provider
Lenovo T440
Validity Fingerprint Reader
OmniPass Credential Provider
Situation
The administrator wants to use the Microsft credential provider instead of the Novell credential provider, which is supplied with the Novell Client. This is accomplished by setting System Tray > Red N > Novell Client Properties > Advanced Login > Novell Logon=Off.
On Lenovo T440 laptops configured with a fingerprint reader, the Novell credential provider would not disable, even after specifically configuring the Client such that the Microsoft credential provider was specified.
On Lenovo T440 laptops configured with a fingerprint reader, the Novell credential provider would not disable, even after specifically configuring the Client such that the Microsoft credential provider was specified.
Resolution
The solution is to remove/rename the OmniPass credential provider.
The OmniPass credential provider can be directly disabled by renaming the OmniPass credential provider in the registry, or by removing the Lenovo Fingerprint Manager software. Simply disabling the fingerprint reader does not resolve the problem, since apparently the OmniPass credential provider is still active even when the reader is disabled.
To disable the OmniPass credential provider in the registry:
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
The OmniPass credential provider can be directly disabled by renaming the OmniPass credential provider in the registry, or by removing the Lenovo Fingerprint Manager software. Simply disabling the fingerprint reader does not resolve the problem, since apparently the OmniPass credential provider is still active even when the reader is disabled.
To disable the OmniPass credential provider in the registry:
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters, rename {F3F1B0FA-4775-41d8-8578-436772D93FB4} to {_F3F1B0FA-4775-41d8-8578-436772D93FB4} (add an underscore).
Cause
The OmniPass credential provider is apparently interfering with the operation of the Novell credential provider such that the Novell credential provider cannot disable itself based on the Novell credential provider-specific configuration for "Novell Logon =Off".