We are planning to deploy EE 5.2 and Autodomain 5.24 on Windows Vista through Windows SMS service. We are pushing the EE SMS package and installation using local admin credentials:
Scenario: EEPC+Autodomain(as pre-installer) integrated package deployed and an immediate reboot is done to start the encryption process.
Issue: Autodomain user pop-up doesn’t prompt for user’s password during 1st login (autodomain.exe process runs and exits). A second logoff/logon or reboot will launch autodomain pop-up window for the end user and works normal after this stage.
Desired solution: We would like to make autodomain user pop-up to appear during 1st login immediately after reboot.
If above mentioned scenario can’t be resolved, we are thinking of following alternatives:
Backup scenario 1: EEPC+Autodomain(as pre-installer) integrated package deployed as first SMS package. Second SMS package will check for the completion of autodomain process with user credentials. If completed, the package will reboot to start the encryption process.
Issue : How to check for the completion of autodomain process with user credentials. Autodomain.html file get’s created even if the user won’t enter his credentials ( closes the pop-up window or ignores it)
Desired solution: Check for a specific log file, If exists we will reboot.
Backup scenario 2: EEPC+Autodomain(as regular file) integrated package deployed as first SMS package and Second SMS package will install autodomain.exe registry key in “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”
Clarification : In this scenario, adding an entry in “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\” registry key would be sufficient ?, or we need to take care of additional configuration changes to make autodomain work as a pre-installer.
SBPTool.Autodomain="C:\Program Files\McAfee\Endpoint Encryption for PC\AutoDomain.exe"
Look forward to hear from the community.
Solved! Go to Solution.
AD is just calling the client API, if it tells you that the object is locked, then it is - there's no way around that unfortunately. We can't make changes to the object when it's locked.
This script is used at hundreds of sites, so I guess it might be some unique thing about how you are using it? Perhaps set a delay in AD to make it start later?
usually AutoDomain runs BEFORE the first reboot - did you allow your SMS job "interact with desktop" rights?
If you use checkforstickaround, or runonlogon modes, it will stay around until it's finished. Did you buy any services to help you with your deployment?
Here is an update on this issue:
I have added autodomain log from the same system under two conditions
1. When autodomain doesn't run (i.e for the first few times) it throws an error (Result Code: 0xdb010002) and
2. During successful run (subsequent autodomain runs) it throws Result Code: 0x00000000.
Can you please look into this issue and let us know how to fix this issue ?
Autodomain not working log (Autodomain runs but no autodomain user pop-up window)
3/3/2010 14:39:27.66 PM: Not looking up UPN for user "user1"
3/3/2010 14:39:27.66 PM: Processing Current User "user1" from the "MDYNYCMAS" Domain
3/3/2010 14:39:27.66 PM: Running sbadmclSetUser... user1//user1-V2/False)...
3/3/2010 14:39:27.66 PM: Existing Connection
3/3/2010 14:39:58.16 PM: ....Captured Command Result Code: 0xdb010002
3/3/2010 14:39:58.16 PM: Could not set user called "user1" (or group "") as a valid user of machine "user1-V2".
3/3/2010 14:39:58.16 PM: 0xdb010002 | Unable to change the object's access mode
3/3/2010 14:39:58.16 PM: Encountered a strange error processing user "user1" - The error was 0xdb010002
Autodoain working log (Autodomain pop up works)
3/3/2010 14:48:43.50 PM: Not looking up UPN for user "user1"
3/3/2010 14:48:43.50 PM: Processing Current User "user1" from the "DOMAIN" Domain
3/3/2010 14:48:43.50 PM: Running sbadmclSetUser... user1//user1-V2/False)...
3/3/2010 14:48:43.50 PM: Existing Connection
3/3/2010 14:48:44.00 PM: ....Captured Command Result Code: 0x00000000
3/3/2010 14:48:44.00 PM: Set user called "user1" (or group "") as a valid user of machine "user1-V2".
3/3/2010 14:48:44.02 PM: Set user "user1" to the machine.
3/3/2010 14:48:44.02 PM: Asking for user credentials because alwaysaskforcurrentuserpassword=true
3/3/2010 14:48:44.04 PM: Running GetPassword
3/3/2010 14:49:43.05 PM: Running sbadmclResetPassword (user1/ password length = 8)...
3/3/2010 14:49:43.05 PM: Existing Connection
3/3/2010 14:49:44.39 PM: Set password for "user1"
3/3/2010 14:49:44.39 PM: Setting SSO details because setssooncreate=true
3/3/2010 14:49:44.39 PM: Running sbadmclSetWindowsCred (user1/user1/DOMAIN)...
3/3/2010 14:49:44.39 PM: Existing Connection
3/3/2010 14:49:44.93 PM: Set SSO creds for user "user1"
3/3/2010 14:49:44.93 PM: 0x00000000 | The operation completed successfully.
the error means the object trying to be modified was locked for longer than the db timeout, so your server is unable to process the work thrown at it - you need to spread the work out, or get a faster server.
Most often this is caused by having the DB on a SAN, or just trying to use the same account/group to do everything at once.
That is exacty the best solution: "spread the work out". I have been using it with great success.
There is also another one: "If it fails, retry later". It works too. We actually use both.
I can't seem to find these settings. What exact setting you are rerferring to, where is it located and what is the value range I can experiment.
>That is exacty the best solution: "spread the work out". I have been using it with great success.
>There is also another one: "If it fails, retry later". It works too. We actually use both.
Current EEPC manager has around 10+ clients assosciated with it. With this setup we are running into performance issue ?, what happens when we load 4000 clients ?. How many clients a single manager can support (considering our end users are located across the globe) ? . Is it a network issue ? or the EEPC manager system issue ? or autodomain extra timeout issue ?. Our current EEPC manager spec meets/exceeds your documented specification (only exception is we use a Virtual server for this system and we use it extensivly for all our other applications). In this situation what is your recommendation and suggested EEPC database/manager architecture ?.
this is the kind of stuff to discuss with the professional services team who come in to help you design your implementation.