cancel
Showing results for 
Search instead for 
Did you mean: 
skparkj
Level 7

Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

Hello,

I've currently installed Drive Encryption 7.1.3 and am getting this error message at the pre-boot login screen after I type in the username and password. I know this password is correct because I can login to my domain with the same username/password. In addition, it also works on another laptop (I have it assigned to 2 different laptops for testing purposes). This is a brand new laptop so no one has been able to login the pre-boot environment and change the password. The password hasn't been changed in AD and the account hasnt been removed. I'm quite perplexed as there is probably a simple solution. Any help would be greatly appreciated.

0 Kudos
1 Solution

Accepted Solutions
SafeBoot
Level 21

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

A few things.

1. The eepc and AD passwords are separate credentials - they may be the same, they might not be - EEPC tries to keep the eepc password the same as your AD password, but no attempt is ever made to keep the AD password the same as the EEPC password.

2. The only time your AD password is known, is when you type it - AD doesnt store it. So if you change your AD password somewhere other than on an EEPC protected machine, EEPC won't get to know about that.

3. EEPC passwords are sent from PCs to EPO periodically, and from EPO to PCs periodically - within a few hours in most cases, a password change by a user on one PC that they use will get replicated to all the other PCs their account is assigned to. IN MOST CASES. It depends on your policy sync time periods, connectivity etc.

Because sync is not immediate (to reduce network load), you can end up in situations like you have, where the same user on two different machines has two different EEPC passwords. This situation should resolve itself as the PCs sync up with EPO though.

0 Kudos
6 Replies
skparkj
Level 7

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

I just typed in the default password '12345' and was able to change the password. I'm confused because on a different machine it had accepted the password that was setup in active directory. Is this due to me removing a user-based policy?

0 Kudos
SafeBoot
Level 21

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

A few things.

1. The eepc and AD passwords are separate credentials - they may be the same, they might not be - EEPC tries to keep the eepc password the same as your AD password, but no attempt is ever made to keep the AD password the same as the EEPC password.

2. The only time your AD password is known, is when you type it - AD doesnt store it. So if you change your AD password somewhere other than on an EEPC protected machine, EEPC won't get to know about that.

3. EEPC passwords are sent from PCs to EPO periodically, and from EPO to PCs periodically - within a few hours in most cases, a password change by a user on one PC that they use will get replicated to all the other PCs their account is assigned to. IN MOST CASES. It depends on your policy sync time periods, connectivity etc.

Because sync is not immediate (to reduce network load), you can end up in situations like you have, where the same user on two different machines has two different EEPC passwords. This situation should resolve itself as the PCs sync up with EPO though.

0 Kudos
skparkj
Level 7

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

Does EEPC get the password from AD when the new user becomes assigned or will the password be 12345. So is the default password, if never changed, always going to be 12345?

And is there a way to start a server task to have the passwords synced right away or is that up to ePO.

0 Kudos
SafeBoot
Level 21

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

huh..

2. The only time your AD password is known, is when you type it - AD doesnt store it. So if you change your AD password somewhere other than on an EEPC protected machine, EEPC won't get to know about that.

So no - EEPC never gets the password from AD - there's nothing to get.

It's not a server task you need - it's a client send/receive props if I remember right (or it could be an ASIC) - there's been innumerable threads here about it.

0 Kudos
skparkj
Level 7

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

Just wanted to triple check because I was able to login with my AD password into EEPC without changing the password.. I guess someone must have changed it. Thanks for your help.

0 Kudos
Troja
Level 14

Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

Jump to solution

Hi,

have you checked if your user is added to the preboot? You can check this in EPO. When adding the user with the "add local domain users", your user should be shown here.

Have you ever been logged on to this system? Or is this the first login to the system?

Have you checked this KB? https://kc.mcafee.com/agent/index?page=content&id=KB73697&actp=null&viewlocale=en_US&showDraft=false...

Which McAfee Agent are you using?

Have you activated the "Database Sync" option in the EPO Server settings?

Is the LDAP Sync task running without any trouble?

What settings have you configured in detail for user adding to Preboot and how the settings are configured based on the KB article above?

Is the Agent Data Channel working probably?

How about the Drive Encryption LOG Files? Are there any errors visible?

Cheers

0 Kudos