I have just got the McAfee Drive Encryption "Unknown User" issue which is affecting random users (40+). The Password Self-Recovery option didn't work and our Help Desk was unable to reset them via the ePO Console. However, we managed to get users up and running by performing a Machine Recovery via the ePO Console.
Looking at the MfeEpe.log I couldn't see any references to the accounts being removed (and ePO was still showing them as EE Users assigned to their respective laptops) but I did see the following entries which I wasn't expecting:
2015-06-16 20:46:09,949 INFO UserLib userLib: user UserA.Administrative Users.User Accounts.systems.private (0B5BAA925F3F574D945CFD0C2ADBE436) has had UBP updated
2015-06-16 20:46:13,974 INFO UserLib userLib: user UserB.Standard Users.User Accounts.systems.private (AD2F80CCBC6738479A1B4787BE63B26C) has had UBP updated
Now after doing a Machine Recovery and then synchronising manually, I can now see the entries as I would expect to see them:
2015-06-17 08:38:28,298 INFO UserLib userLib: user UserA (0B5BAA925F3F574D945CFD0C2ADBE436) has had UBP updated
2015-06-17 08:39:53,568 INFO UserLib userLib: user UserB (AD2F80CCBC6738479A1B4787BE63B26C) has had UBP updated
So, it looks like the users have not been removed from the local DE database, but it looks like the format of the name changed and DE couldn’t determine the difference between UserB.Standard Users.User Accounts.systems.private and UserB, thus it presented the “Unknown User” message.
Has anyone had this happen to them? Can anyone explain why this should happen, please? I need to understand what caused this so I can stop it happening again on many more systems
I'm running ePO 5.1.2 and MDE 7.1.1 (with 7.1.2 extensions checked into ePO) running on over 5000 laptops. We don't use ADLU to assign users, they are assigned manually.
Solved! Go to Solution.
This issue has been addressed in ePO hotfix 1048264 (EPO5xHF1048264). Please refer the release notes.
I picked this up shortly after I posted. The HF only came out last week which is probably why I missed it initially.
Once thing to note with this HF is to disable the LDAP Sync server task and ensure a previous task is not running before checking in the new LDAP extension.