I've begun a rollout of EEPC 6.1 and Single Sign-on is working maybe 3 out of 10 times. The other 7 times it leaves me at a Windows 7 login screen (not the McAfee login screen).
Here's the setup:
All of the clients are:
Our relevant settings are:
Based on some feedback from McAfee, I have already tried the following solutions:
Appreciate any help or feedback that anyone else can come up with.
When SSO fails and you are left at the Windows 7 login screen:
1) do the Credential Tiles have the McAfee shield overlay on them?
2) do you have a Credential Tile for the last logged on user?
3) comparing the SSO that should happen at first logon (after a system boot) and subsequent logons / unlock - do they work / fail in the same ratio?
4) have you tried disconnecting the machine from the network to test if it is 'something' being synched to the machine that is affecting the SSO?
When I'm left at the Windows login screen, there are two icons (default Windows ones) -- one is "Other", and it just an empty blue box, which I need to click on in order to enter a username/password into the text boxes, and the other is something like "Smart Card", which we don't use, and has the default Win 7 smart card logo. There are no users with shields. I'm not sure what you're asking in number 2, but if you're asking if the last login user is listed on that screen, no.
My personal machine has always been in an undocked but on the network state. Other test machines, that are failing in the same ratio, are both docked and undocked, but have always been on the network.
I'm not sure what test scenario you're suggesting in #4 - should I sync, then disconnect from all networks and test SSO a few times?
Given the policy you have enabled (require EE logon and SSO), the combination of the absence of a Credential Tile labelled "Switch McAfee EE User" and absence of the McAfee shield overlay on the Credential Tiles you do see indicates that the EEPC Credential Provider isn't active at this logon. In question 3 above, I was really asking 'does the SSO fail only at the first logon after turning the machine on, or can it also fail when you logoff / re-logon or lock / unlock Windows?".
Do you know if you have any other 3rd party Credential Providers installed?
Thanks Ged, there are no 3rd party credential providers installed - the build is Vanilla Windows 7, with SP1 applied, and Office 2010 installed. There are some other insignificant changes such as backgrounds, etc. that shouldn't make a difference. SSO never works on the first login, but I'm told that's by design. After that, there's no consistency in when it works or doesn't (any obvious one anyway), I reboot and it works, then I reboot again and it doesn't the next few times, and then I reboot and it works again.
With the policy you've got, once you have logged onto Windows (it doesn't matter if the SSO worked or you had to do this yourself), if you then logoff or lock Windows, you should get prompted to do an Endpoint Encryption logon. With that complete, you should then be SSO'd into Windows. Does this work for you or do you get intermittent success / failure with this 're-logon' SSO behaviour?