If you are having problems installing ActivClient 7 on your Windows Server 2012 R2 servers, here are the steps I followed for a successful install:

1. login to the targeted sever using system administrator credentials (but not local admin)

2. from Programs and Features, uninstall old ActivClient

3. delete ActivIdentity folder from Program Files

4. schedule a retart for after hours (if this is a production server) - else reboot now

5. move the targeted server to a special OU so it can receive a custom Group Policy registry setting for WinTrust:

    HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Provider\Software\Publishing\State:  0x00023C00

6. login to targeted server again


8. if McAfee AV is installed and running, open the VirusScan Console, unlock the interface, and disable Access Protection, On-Delivery Email Scanner, and On-Access Scanner

8. if McAfee HIPS (Host Intrusion Protection System) is installed and running, open the HIPS console (McAfeeFire.exe), unlock the interface, clear the two checkboses for Enable Host IPS and Enable Network IPS, then click APPLY (important to click apply!)

9. stop and disable the 3 McAfee related services, McAfee Host Intrusion Prevention Ipc Service, McAfee Host Intrustion Prevention service, and McAfee McShield

10. copy your ActivClient7 installation folder to the desktop

11. install Activclient7 x64

12. install the x64 Hotfix (should be in your package...else obtain from HID Global)

13. install the Device Installer (should be in your package...else obtain from HID Global)

14. open the HIPS console, put a checkmark in the two boxes you cleared previously, then click APPLY (important to click apply!), then LOCK the interface

15. open the AV console, re-enable the three tasks that you disabled earlier, then LOCK the interface

16. reset the three services that you disabled earlier (set to Automatic then Start)

17. schedule another reboot for after hours (if this is a production server) - else reboot now

18. move the targeted server back to its original OU

19. after reboot, sign in to targeted server as server admin, run GPUDATE, and remove the install package from the desktop

20. logout and test login to targeted server with a smart card