Strange behavior on this one..
Server version 5.2.3
User1 has a laptop Laptop1 with EEPC 5.1.6
Laptop1 has assigned: User1 and AdminGroup1
User is getting a new laptop, Laptop2
We pre-create Laptop2 on EEM and assigned User1 and AdminGroup1
Install EEPC 5.1.6 on Laptop2, User1 cannot login. Any member of AdminGroup1 can however login.
Our fix has been to remove all users, sync, add user and sync.
This seems simple, the problem is that when User1 fails to login on Laptop2 after too many tries, he invalidates his token, which now fails on Laptop1 and unless we work with the user and both laptops at the same time, they fall into a cycle of locking out their token.
Has anyone else experienced similar?
That scenario has been reported many times.
Problem stems from the fact that pre-boot works with cached credentials. Those are obtained after SUCCESSFUL sync with EE server.
I think that major source of above trouble is user ability to change password offline (i.e. without talking to the EE server first). I would call it a design flaw.
So depending on sequence of events (on multiple computers) various situations occur. Also, sync seems to update user object in database, based on password change event, regardless when that change occured.