cancel
Showing results for 
Search instead for 
Did you mean: 
romardy
Level 9

Single-Sign-On does not take effect

Hi,

Why EEPC SSO does not take effect automatically? When the machine got encrypted and then rebooted, they can input their user account but receiving Token Authentication parameters are incorrect and eepc don't take their password.

As a temporary solution, we do token reset for user to be able to login.

Is there any required time for SSO policy to take effect?

Below are product versions

McAfee ePO: 4.6.6

McAfee EEPC: 7.0.1.354

Thanks in advance.

0 Kudos
9 Replies
tcox8
Level 10

Re: Single-Sign-On does not take effect

Do you have a server task setup to sync AD?

Do you have SSO enabled in your policy?

0 Kudos
romardy
Level 9

Re: Single-Sign-On does not take effect

Yes, AD Sync happens hourly and SSO policy is enabled.

0 Kudos
tcox8
Level 10

Re: Single-Sign-On does not take effect

Is this happening on more then one client machine? I'll occasionally have this happen to one machine here and there and it requires a token reset.

You may try to lock and then unlock the computer after they change their password. That will push an event to the Agent to let it know it needs to update the credentials in ePO.

0 Kudos
romardy
Level 9

Re: Single-Sign-On does not take effect

it happens on every newly encrypted machine. We are not comfortable in doing reset token for every machine that will be encrypted. And also we have machines that are from other region.

HAve any idea how to resolve this?

0 Kudos
sathish.l
Level 11

Re: Single-Sign-On does not take effect

Did u tried with EEPC default password ?

0 Kudos
tcox8
Level 10

Re: Single-Sign-On does not take effect

Sathish is correct. The very first time any user logs in they will have to enter in the default password or if you have this disabled in the policy they will have to create a new password that is temporary until they log into windows and the machine is synced.

0 Kudos
sathish.l
Level 11

Re: Single-Sign-On does not take effect

Hi Tcox,

Yes, you are right. first time you need to enter the default password for EE users, When machine boots into the windows and once its sync with SSO. Then, it will take effect in next reboot.

on 23/8/13 5:54:45 PM IST
0 Kudos
romardy
Level 9

Re: Single-Sign-On does not take effect

Thanks for all your post.

I've tested to encrypt one test machine. Have my regular account login and activate EEPC. After successful activation, rebooted the machine. Log in with my username and my current password and it successfully booted. I'm expecting I'll be getting the same issue with other user.

My idea is, when encryption happens with netwok connectivity and activated, user's password will be synched to eepc. But when encryption started and stopped when user need to bring home the unit and encryption resumes, that's when the passwords don't sync in. And this is how offline activation works (based on eepc documentation). This is only my point of view. You can correct me if I understood the policy wrong.

Most of the user's that encountered login issues are those who bring their laptop and encryption is not yet completed. And when they arrived home or they already travel to other country, that's when I received calls for eepc login problem

If there will be any detailed or exact explanation on this, I will be very grateful.

Thanks again for all your help

Message was edited by: romardy on 8/26/13 10:44:43 PM CDT
0 Kudos
sathish.l
Level 11

Re: Single-Sign-On does not take effect

Don't know what's happening exactly............................ upload the log files, will try to sort it out.              

0 Kudos