I should explain more... the EEPC Credential Provider is dependent on the McAfee Endpoint Encryption Agent service to be able to get the system policy so it can work out if it should be invovled at the logon. At first logon after a system boot, the EEPC Credential Provider typically has to start the EEAgent service and wait for it to be ready before it can query it for policy. At 're-logon' / unlocks, this isn't necessary as the EEAgent will already be running.
As you get SSO work 100% of the time at unlock, it sounds like you are experiencing a problem with the CP starting and testing for the EEAgent to be ready - hopefully this will have caused some error to be logged in the MfeEpe.log file. If you are unable to attach this file (to be honest - I am not sure how to do this!) - have a look in the log for any error messages around the time of a failed SSO - could you copy the text of the messages here?
Thanks for the run down - I had a solid grasp on how this all worked in XP with gina chaining, etc. but Credential Providers are new to me. I've attached log in one of my other posts in this thread, hope something makes sense to you! 🙂
Chris - I've got to go shortly - I think you have already been talking with McAfee about this problem - if you haven't already, could you raise this with Support and ask them to quote this thread.
Some more info about my last post. Here are the credential providers installed. Also on our image is PowerBroker from BeyondTrust, which isn't a credential provider, it's used to elevate applications rights by policy.
Smartcard Credential Provider
Smartcard Pin Provider
WinBio Credential Provider