I'm sure somewhere along the line someone else will have had this issue so I'm hoping there will be some help out there.
We're having a problem whereby the encryption password for users on our domain doesn't update when a user changes their domain password. This was working till recently and as far as I'm aware no system changes have been made.
An overview of our setup is as follows:
ePolicy Orchestrator version 5.1.1 running on Windows Server 2012 R2
McAfee Agent version 184.108.40.2060 running on Windows 7 Pro 32 and 64bit flavours
Day to day users will log into Citrix virtual environment using thin clients but a number of users also have laptops which generally sit around for months without being used, they then come into the office with their laptop (not being able to remember the last password they used to access the machine), we take them through the recovery process and get them logged on to Windows using their new password. Obviously what should happen is this password should sync with the encryption software bringing it up to date....problem is it doesn't.
The agent and services are all running, without errors, on the local machine. I can see the agent sending and receiving updates/policies and I've gone through the pain of sitting there are an hour doing this manually.
Also, what's now started happening, or not happening, is the Agent is installing correctly on new machines but it's then not encrypting the drive - encryption status just stays as 'Inactive'
I'm sure there's much more info you'll require but does anyone have any thoughts as a starter for 10?
How are resetting the users password to a known state? if the pwd is not changed on the eepc protected machine, the change will go unnoticed.
With regards to the Domain password, users reset this themselves from their thin clients but this should still update the protected machine if they then log onto Windows on the laptop whilst connected to the domain, right? We now have to go through the encryption recovery process in ePolicy Orchestrator to reset the users password token so they can then manually set the Encryption password to the same as their domain password.
The agent is still talking to ePolicy Orchestrator because if a machine hasn't been on the network for a set amount of time it'll stop us resetting their password token and only let us do a machine recovery until they've connected to the network and the agent has 'checked in'.....at which point we can then sdo a password token reset to allow them to set the encryption password.
Also - if we build a new machine and install the EPO agent it doesn't encrypt the drive anymore.
If they change their password in Citrix, no this won't be seen by eepc (since eepc isn't running in Citrix).
the only time eepc gets to know your windows password us if you change it on an eepc protected system.