We seem to have an issue with EndPoint Single Sign On on Windows Vista. Password syncing/SSO all seems to be working fine but we have a problem when a user's password has expired.
On a standard Windows Vista build without EndPoint installed we get the following prompt when logging on to a PC where the users domain password expired:
"Your Password has expired and must be changed." By clicking on OK we get the standard Vista change password screen where we enter a new password and confirm and then proceed to login.
However on a Vista build with EndPoint installed we receive a different prompt:
"Logon Failure: The specified account password has expired". When we click OK we are presented with the McAfee EndPoint SSO credentials Dialogue box to provide single sign on credentials. Crucially we do not get the option to set a new password?
I cannot understand why we are receiving two different prompts and not being given the opportunity to set a new password on an EndPoint encrypted PC?
We have all the Windows Logon options configured on the server, prior to the password expiring the PBA and Windows passwords are in sync and single sign on is working as expected.
We are using pre-boot and SSO on our Windows Vista workstations. We concluded that if the Windows password expires when the user is logged in and working, this is synched to pre-boot and on the next reboot, we have to recover the user in preboot and reset the password in Active Directory.
We're now looking into forcing the user to change their password before it expires. We're also looking into logging a case at McAfee support about this issue.
If we have a solution or think of something, I'll let you know.
What version of EndPoint are you on? We are a couple of versions behind and was hoping that this has maybe been fixed in new 5701? Although the release notes for 5600 or 5701 do not mention any SSO updates.
Just setup a test environment with 5701 and a Vanilla Vista build and we get the same problem. Definitely seems to be an bug in the software. I'm surprised this has not been picked up and resolved considering how long Vista has been out now. I think we will need to raise a support call for this too. Thanks for your help.