We recently updated to ePO 5.0.1. After getting everything setup, we decided to encrypt all of our workstations with EEPC 7.0 w/ Patch 2. We have the agent and the encryption software successfully deployed to a few test machines as we wanted to learn how it functioned before deploying it to all users. I understand how everything works except the administrator recovery. For testing purposes, I set the computers to timeout the password after 5 attempts and to invalidate the password after 10 attempts. After 10 attempts, I am able to use the user recovery by answering the security questions I set in place. However, I am not able to successfully use the administrator recovery except for one time which was totally by happenstance and cannot get it to work again. I'm sure I'm just missing a step of the procedure so I'll list out what I'm doing each time.
1) Restart the computer
2) Select option>recovery>Administrator Recovery
3) I type the "Client Code" into ePO's Encryption Recovery module
4) Select the type of recovery
These are the options I have:
a. Machine Recovery
b. User Recovery
i. Unlock Disabled User
ii. Reset Token
iii. Reset To Password Token
I'm not really sure which option to choose. I've tried all of them. Machine Recovery gets me past the preboot screen but after another restart I'm stuck with the same issue.
5) Select the user I'm trying to login with
6) Type the Response code into the laptop
7) The laptop asks for a new password. After selecting a new password, it goes back the username box.
8) I type in the username followed by the password
9) I then receive "Error EE0F0001 Token authentication parameters are incorrect"
Any help would be much appreciated!!!!
Solved! Go to Solution.
if you disabled the password through too many incorrect attempts, you need to use the reset to password option - unlock disabled user unlocks them if you marked their account as disabled, reset token changes the password of a token which is still valid.
I've tried this and after typing in the new password. It does the same this as state above. I type in the username and new password. I then receive the error message. One thing that is different is that it no longer follows the timeout after 5 attempts and invalidate after 10 attempts.
I'll try it again just to be sure though.
Also, I'm wondering if it has anything to do with the settings in the "User Based" policy. For the "Default Password", all I have selected is "Do not prompt for default password." The one time I was able to get this to work I remember messing around with that one setting.