First time dealing with one of these and not able to correct it. I have one system where we have to run a machine bypass every time they boot because preboot auth says that he is an unknown user. User is associated to the machine object in encryption users, systems MA is communicating and all good with ePO.
I've had one other person that had the same problem, in that case resetting token to password corrected it. When I do that on this system and we do the code exchange and response it responds with the same unknown user error, when I select to reset that user from MDE recovery in ePO. Not sure what my next steps should be.
Unknown User error means that username has been removed from the McAfee Preboot file system during the last policy enforcement before the machine went for restart.
This user removal can happen, when the machine is moved from one epo to another epo using the Agent -> System Transfer process or if the system has moved from one system tree group or another system tree if you have done manual user assignment for this machine in the encryption users page.
Kindly note that Resetting Token will not help for unknown user error it will help for "failed to authenticate errors", for unknown user errors you need to do the below,
1) Do a machine recovery and boot into windows
2) check the MfeEpe.log for possible reasons why the user was removed
3) Then check if this machine has the username under Encryption User's menu in EPO, if not you can add the user back on the encryption users section.
To better explain you, can you send the screenshots from the MDE Product settings policy which is applied to the affected machine.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.