Did someone sucesfully tested using EEPC in more than one domain?
We have two domains (ePO server is in one of them). Users from both domain should be able to logon to machine in PBA.
Everything is set according to manual - both DC are added to registered server, task are created, users are assigned to machine.
Problem is that uses from one domain can logon (this one with ePO), but from the second, not - "Unknow user" is diplayed in PBA.
I use samaccount field for useres from both domains.
I don't know how to check on workstation, what name have users from second domain.
Thanks for help.
on 1/6/10 8:09:43 AM CSTMessage was edited by: SCtbe on 1/6/10 8:10:52 AM CST
Can you explicitely add specific users from each domain using "Menu" -> "Data Protection" -> "Encryption Users" ?
Select System then add users browsing through "Select Users" window. Switch between domains using "Look in:" dropdown list.
What did you configure in Server Task for "EE LDAP Server User/Group Synchronization" in "User Name" field?
Did you also check Server Task Log for above Server Task?
Assuming that you refreshed ePO policies from your client.
Then enable EE plugin logging in your client PC and search for assigned user names (text preceeding </name></users>).
That should give you some clues.
Logging is enabled in 32-bit Windows by this registry entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee EndPoint Encryption\MfeEpeHost\Configuration]
Log file should be by default in:
C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpe.logon 1/6/10 10:07:22 AM EST
Ok, I was my fault. Users from second domain have not disebled firewall, where EEPC requires by default 8081 port to be opened on client machine for incomming connections.
Apologize for unnecesary confusion.
But one still wonder me. How to distinguish (how EEPC in PBA recoginze) user, for example when we have the same user name (samaccountname field) in both domains assigned to one machine.Message was edited by: SCtbe on 1/6/10 4:24:09 PM CET
have you also created a user based policy for all users in the second domain?
If there is no policy assigned to them, EEPC does not know which token they are using to authenticate.