harbar.net component based software & platform hygiene

Saga: Fingerprint Reader in the Dell Precision M6500

Print | posted on Friday, August 20, 2010 1:49 PM

I recently retired my MacBook Pro for a swanky new Dell Precision M6500 “covet”. The MBP has treated me well for the last few years but as a SharePoint person the machine (or indeed the new ones) aren’t up to scratch spec wise. I needed a new mobile rig with 16Gb RAM. I’ve lots of other requirements as well. In the end it came down to the Dell versus the Lenovo, which had broadly similar specs. I won’t go into all the details of why I chose the Dell, but that’s the one I went for. I got the so called “covet” model with top of the line everything, including a rather silly orange coloured case.

That “top of the line” included a FIPS touch fingerprint reader. Everything worked great out of the box except this guy. And it’s been a complete saga to get it sorted, mainly due to Dell support being a complete and utter farce.

They came and replaced the reader itself which is part of the hinge cover (a really retarded place to have a fingerprint reader), the motherboard, the daughterboard (actually a USH hub) to which the reader is attached. No joy. Dopey support peeps tried all the software and driver reinstalls. No joy. Basically the thing wasn’t being detected. Device Manager showed “ControlPoint Device w/o Fingerprint reader”, the w/o bit meaning without. Lots of times people told me to activate the TPM, which of course has absolutely nothing to do with the fingerprint reader. They also suggested that I enrol fingerprints, which of course is impossible if the reader isn’t present. At one stage the Dell guy told me to try with Windows 32bit! Right, like that’s useful on a machine with 16GB. These guys also did things like uninstall my driver for the SD card slot, like that is gonna have any impact whatsoever! It was real funny watching these people point and click with no clue.

Anyways, whilst Dell were doing their best to annoy me, an old friend who works there got things moving with an escalation. I was also checking out all the other Dell users with similar problems. Tons of them on forums and such, there are even three ideawaves on the Dell site about this area. This is a massive fault area for the Dells. So I wasn’t confident it could be fixed.

The engineer comes back today and replaces a cable which connects the reader to the daughterboard and hey presto – the bad boy shows up in device manager as “ControlPoint Device w Touch Fingerprint Reader”.

Basically the cable is crap, and the unit ships from the factory faulty. The cable is attached to the wrong side of the reader and then wraps around the monitor side of the hinge and back towards the board. That’s retarded, one of the stupidest engineering things I've seen in a while.  The old cable was just a joke, twisted and creased. The engineer took special care to put the new one in correctly and without stressing it. He wasn’t exactly impressed with the whole thing either.

So the driver is recognised by Windows, great. But the next thing is the software. Dell don’t use the Windows BioAPI, but then sadly not many manufacturers do. They use a piece of crap called ControlPoint Security Manager and an even worse third party tool from Wave Systems which is responsible for enrolment and so on.

Control Point wasn’t recognising the reader. So I went ahead and got the latest firmware revision from Dell’s super speedy FTP site (FTP seriously WTF!!!!) interestingly enough the firmware “update” is actually a lesser version than the one on the device in the first place. Bounce the machine and here we go, ControlPoint sees the reader, and I can go ahead and enrol.  The firmware update by the way will also re-enable the no touch smart card reader. If you are interested in FIPS compliance you need to disable that bad boy. They may be used in your local hospital, but they are not compliant.

So I’m now cooking with gas, right? Well not quite. As I mentioned before the Dells don’t use Eikon’s software. The device itself is made by UPEK, but unlike any other manufacturer they don’t use the excellent UPEK Protector Suite. Wave, bandits that they are, don’t support all their features on 64bit. So the only things the reader is good for on 64bit is Windows Logon (GINA) and system security (BIOS, Drives, Startup etc). Now of course these are the important pieces, the other side of things (web pages, outlook etc) is a convenience feature. But still not supporting 64bit here is LAMER. They say it’s not a common need and there are no plans to support 64bit in the future. Which is total bullshit. They don’t seem to realise that before long all new machines will ship with a 64bit OS install as default.

So can you run the UPEK software anyways? well you can but it won’t work with the UPEK reader! It’s all because of the idiot ControlPoint. You cannot use the built in reader for web pages and so on on a 64bit box, simple as that. I’m actually not that concerned. I use a smart card. But it’s so daft of Dell to not use UPEK, which works fine and is the market leader, and it’s similarly pathetic of Wave to not step up and get into the 2000s by having 64bit support. Shame on both of them.

You may be wondering why I am posting about this saga. Well, there’s lots of people with similar issues, and the answers are:

  • replace the faulty cable which ships from the factory broken
  • “update” the firmware
  • if you need FIPS disable the contact less smart card reader
  • remember that Wave is a POS and doesn’t fully work on 64bit

Hopefully this will help someone else, if you want my Dell support case number to slap the first line support, drop me a comment with your email.

Am I happy with the Dell?, yes – it’s an awesome machine and the reasons for choosing for it over the Lenovo are justified. I’m not a zealot here like many others, it’s a work machine. It’s one kick ass laptop. Will I buy another Dell in the future? Unlikely, the support experience and the way the so called business account managers have dealt with me have been downright rude and unprofessional.

Having said that, the 2nd level support guys and the engineer who has now visited me three times were excellent. First rate in terms of professionalism and approach. It all makes me wonder that if my mate hadn’t escalated things how long I would have been waiting for the thing to be fixed. Cheers Campbell!

Lastly, you may also be wondering why I care so much about a fingerprint reader. Well firstly it’s part of the thing I paid for, so it should work. Secondly, it’s actually pretty important in terms of securing my machine. It’s a misconception that a fingerprint reader is just a convenience thing. Some customers of mine mandate this amongst other security devices. Not saying that is right or wrong, but it is the way it is.

In closing, Dell need to sort their life out. Not going to happen I know. but they are shipping a machine that is faulty out of the factory in this configuration. Buyer beware.