cancel
Showing results for 
Search instead for 
Did you mean: 
SCtbe
Level 12

Multi domain environment

Did someone sucesfully tested using EEPC in more than one domain?

Asume scenario:

We have two domains (ePO server is in one of them). Users from both domain should be able to logon to machine in PBA.

Everything is set according to manual - both DC are added to registered server, task are created, users are assigned to machine.

Problem is that uses from one domain can logon (this one with ePO), but from the second, not - "Unknow user" is diplayed in PBA.

I use samaccount field for useres from both domains.

I don't know how to check on workstation, what name have users from second domain.

Thanks for help.

on 1/6/10 8:09:43 AM CST

Message was edited by: SCtbe on 1/6/10 8:10:52 AM CST
0 Kudos
7 Replies
peter_eepc
Level 15

Re: Multi domain environment

Can you explicitely add specific users from each domain using "Menu" -> "Data Protection" -> "Encryption Users" ?

Select System then add users browsing through "Select Users" window. Switch between domains using "Look in:" dropdown list.

0 Kudos
SCtbe
Level 12

Re: Multi domain environment

Yes, I can.

I can chose and assign users from both domains.

0 Kudos
peter_eepc
Level 15

Re: Multi domain environment

What did you configure in Server Task for "EE LDAP Server User/Group Synchronization" in "User Name" field?

Did you also check Server Task Log for above Server Task?

0 Kudos
SCtbe
Level 12

Re: Multi domain environment

I already wrote, I used "samaccountname" in "User Name" filed in synchronization task for both servers.

Both tasks complete succesfuly.

0 Kudos
peter_eepc
Level 15

Re: Multi domain environment

Assuming that you refreshed ePO policies from your client.

Then enable EE plugin logging in your client PC and search for assigned user names (text preceeding </name></users>).

That should give you some clues.

Logging is enabled in 32-bit Windows by this registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee EndPoint Encryption\MfeEpeHost\Configuration]
"LoggingLevel"=dword:00000004

Log file should be by default in:

C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpe.log

on 1/6/10 10:07:22 AM EST
0 Kudos
SCtbe
Level 12

Re: Multi domain environment

Ok, I was my fault. Users from second domain have not disebled firewall, where EEPC requires by default  8081 port to be opened on client machine for incomming connections.

Apologize for unnecesary confusion.

But one still wonder me. How to distinguish (how EEPC in PBA recoginze) user, for example when we have the same user name (samaccountname field) in both domains assigned to one machine.

Message was edited by: SCtbe on 1/6/10 4:24:09 PM CET
0 Kudos
Arjen
Level 9

Re: Multi domain environment

have you also created a user based policy for all users in the second domain?

If there is no policy assigned to them, EEPC does not know which token they are using to authenticate.

0 Kudos