Issues with OS X 10.10.2

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 7
Registered: ‎02-05-2015
#1 of 14 9,600
Accepted Solution

Issues with OS X 10.10.2

[ Edited ]

Centrify Express for Smart Card has been working fine for me, up until the 10.10.2 update.  I have uninstalled, cleaned the cache and reinstalled Centry Express, but it does not make a difference.  The issue is the smart card is not completely recognized the first time you stick it in the card reader.  It does show up in Keychain Access, but you cannot unlock it.  Also, only some of the information on the card shows up in Keychain Access (3 of the 4 certs for example).  Removing the card and re-inserting it usually resolves the issue; everything appears in Keychain Access and the card can be unlocked and used.  My particular card is a Gemalto DLGX4-A 144, but I believe it is happening with other cars as well.  As I said, nothing like this happened prior to 10.10.2.

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#2 of 14 9,597

Re: Issues with OS X 10.10.2

Hi Griz,

Just thinking of eliminating variables - What model of smart card reader are you using with the Mac?

Do you have access to an alternative reader (ideally a different model) and see if the issue still exists when using that to read the card?

If you still get partial info shown in the Keychain with different readers, then we know it's something on the software side. If the card shows up ok with a different reader, then we'll know it's something with the original reader itself.

Kind regards,
Brian
Participant II
Posts: 7
Registered: ‎02-05-2015
#3 of 14 9,592

Re: Issues with OS X 10.10.2

It happens with both an old SCR331 reader and a new SCR3310 reader.  Unfortunately I don't have another brand to test.

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#4 of 14 9,590

Re: Issues with OS X 10.10.2

Hi Griz,

 

Have you made sure the card readers are on the latest firmwares?

 

- You should be able to select your model and download the firmwares from here:

http://support.identive-group.com/dfu_fw.php?lang=en

 

- There are also instructions provided here

https://militarycac.com/cacdrivers.htm#FIRMWARE_UPDATE

 

 

Kind regards,

Brian

Participant II
Posts: 7
Registered: ‎02-05-2015
#5 of 14 9,588

Re: Issues with OS X 10.10.2

The SCR331 is at the latest firmware (5.25) and the SCR3310 is v2, so it does allow updates.

Participant II
Posts: 7
Registered: ‎02-05-2015
#6 of 14 9,587

Re: Issues with OS X 10.10.2

I mistyped in the last post, the SCR3310 v2 does NOT allow updates.

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#7 of 14 9,575

Re: Issues with OS X 10.10.2

Hi Griz,

 

So militarycac agrees that the SCR3310 v2 should work with OS X 10.10 (though the .2 is not confirmed)

https://militarycac.com/usbreaders.htm#SCM_Microsystems_SCR_Readers

 

The manufacturer page does have a later driver version than what's on militarycac though, so it might be worth updating that piece as well to be sure:

http://www.identive-infrastructure.com/index.php/products-solutions/smart-card-readers-a-terminals/s...

- (MacOS X driver download is at the bottom of the page)

 

 

 

You mentioned that you already tried clearing the cache and reinstalling, but I want to make sure we're covering all our bases - could you go through the Cleanup and Reinstall steps here so that we have a verified baseline:

http://community.centrify.com/t5/Express-for-Smart-Card/Please-Help/m-p/18829#M257

 

 

The fact that it's returning only a partial set of all the certs on your card is most puzzling of all. 

 

If possible, could you also confirm if the same thing also happens for other smart cards in the same reader as well?

 

 

Kind regards,

Brian

 

Participant II
Posts: 7
Registered: ‎02-05-2015
#8 of 14 9,563

Re: Issues with OS X 10.10.2

The driver download at the manufacturers site is from 2012, predating OS X 10.9 and 10.10, so I would be very reluctant to install it.  As I said, 10.9-10.10.1 all worked as expected with exactly the same hardware and smart cards, and using whatever driver Apple includes (we have never installed anything besides Centrify to enable smart card support).

 

Yes, those are the cleanup and reinstall steps I followed this morning before verifying that the problem still existed.

 

Yes, the same thing happens with other smart cards in the reader, in particular the G&D FIPS 201 SCE 3.2 card did exactly the same thing.

Posts: 532
Kudos: 171
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#9 of 14 9,560

Re: Issues with OS X 10.10.2

Hi Griz,

 

Thanks for confirming the steps. 

 

Now that we have a definite baseline, I can ask our engineers to look into this and see if there is anything that needs to be done or insight that they could provide.

 

 

A completely wild theory by myself would be that 10.10.2 is doing some extra processing that is "slowing down" the reading of the card data.

  • The first time you insert the card, it's somehow not able to read all the info off the card in time and so only pulls in some of the card info.
  • When you take it out and put it back in, it already has some of that card data read in and so just needs to pull the rest of the info off and properly populate the keychain.

This is pure conjecture, but it might explain the behaviour that you're seeing.

 

 

 

One extra thing that might be helpful:

- When you insert the card the first time, is the card prefix in the keychain shown as "CAC", "CACNG", "PIV" or something else?

- Then when you insert the card a second time to get the full cert load, does this string change, or is the card type and serial number in the keychain name exactly the same as the first insert?

 

 

Kind regards,

Brian

Participant II
Posts: 7
Registered: ‎02-05-2015
#10 of 14 9,547

Re: Issues with OS X 10.10.2

The card prefix always shows up as CACNG, and the string is the same the first time (when it doesn't work) and the second time (when it does).