I'm trying to troubleshoot a problem faced by one of our endusers. Here is a brief scenario:
Could anyone of you help. How to fix this...?
I'm attaching snapshots from the client log.
3/3/2010 7:21:18 PM Adding user (ID=00000d4f) JSmith [First sync, the new user gets added to the endpoint]
3/4/2010 10:52:44 AM Checking for token data updates
3/4/2010 10:52:53 AM Updating database token data with local changes for user (ID=00000d4f) [First time logs in with default password and then with windows password]
3/4/2010 10:52:55 AM Checking for SSO updates
3/4/2010 10:52:59 AM Updating database SSO info with local changes for user (ID=00000d4f)
3/4/2010 10:53:00 AM Checking for Local Recovery updates
3/4/2010 10:53:05 AM Checking for hashes updates
3/4/2010 10:53:06 AM Transferring local audit information to database
3/4/2010 10:53:14 AM Checking for file updates
3/4/2010 10:53:19 AM Applying configuration
3/4/2010 10:53:19 AM Synchronization complete
3/4/2010 1:40:37 PM Updating database token data with local changes for user (ID=00000d4f) [Noticed after the step 6 and 7]
peter_eepc.....I do understand...but this is not the case with most of the users.
I was not sure why preboot did not work, though I notice that the new password is getting updated as a change...
Can anyone help...
The pre-boot password will get set to the users windows password during two events a) a change password event b) a failed SSO event. If the user changes their password on a different machine, we won't capture it, and also if the SSO details are still valid (with cached credentials etc), that won't cause a change either.
That is bad news then. Is there in SSO related section of EEPC documentation, a warning that this can happen?Message was edited by: peter_eepc on 3/4/10 9:17:19 PM EST
There's a chapter in the EEPC guide on Windows Login if I remember, but I don't think we say anything about non-EEPC machines? It would be strange to do so?
I thought everyone would realize that things you do on machines which have no product on them would be invisible?
It would be "strange" indeed. McAfee is often silent when it comes to explaining situations which are detrimental to their product.
A very "natural" approach. But users not only suffer because of product deficiences, they also suffer because of lack of proper documentation to support purchased product. At least KB article should be raised for this.
I agree that user should not change their password on a non-EEPC machine. However think of a large enterprise that has several 1000s of endpoints (including desktops, other tablets), where users may decide to change their regular WINDOWS PASSWORD on one of the machines that they work on (non-encrypted), typically when they see the windows notification, that they are suppose to change the password now or within few days and then when they sign in the a preboot (SSO) enabled endpoint, they know that their new windows password won't be synched and so, they login with their old preboot password. However at the windows logon level, when they are stopped, they will login with their new windows password and if they sync, now, the EEPC is SUPPOSED to cache this new windows password and communicate to the object directory and consecutive shutdowns should use this new windows password. If this does not work, it messes my understanding.
I really wish the McAFee documentation atleast dedicated one page for the do's and don't of windows password change, SSO, Preboot Password sync etc., Since you're in the 'influential' position I feel, you could really communicate this to the product manager. It would really help a lots and lots of customers like me, who have an understanding of how things work in a SSO (to some extent), but then, some scenarios like this come and mess our understanding and we don't know why things happen that way and find it difficult to troubleshoot. I have seen a best practices guide for EEPC, even if that guide has a page dedicated to best practices reg password sync/ resets, that will save a lot of McAFee support time. My 2 Cents........Message was edited by: satsmi on 3/5/10 1:03:48 PM CST