On a newly imaged system we are deploying the EEPC 7.1, assigning the user everything works fine. but after sometime when he try to re-login to the system user getting an error: unknown user.
OS :Windows 7
In the Mfeepe.log file I can see the entry : ( userLib: user XXXX (CF9DD0E4062F0341944BEF5DA1281612) has been removed )
but with the same time frame I do not find any entry in other logs like(orion, server.log or audit log or server task log)
We have not run the duplicate Agent guid removal server task.
We have not deleted the system from ePO console.
Still I can see the user assignment in the ePO.
Not done any changes in ePO console.
Attached the mfeepe.log.
Appreciate your findings or any clue.
CF9DD0E4062F0341944BEF5DA1281612 was only assigned to the system for 10 minutes. The user was assigned via ALDU and then promptly removed.
|2015-04-15 15:04:55,898 INFO||EpoPlugin userHandler: local user (CF9DD0E4062F0341944BEF5DA1281612) added to policy store (default UBP).|
|2015-04-15 15:09:59,748 INFO||UserLib userLib: user XXXX (CF9DD0E4062F0341944BEF5DA1281612) successfully added|
|2015-04-15 15:19:00,356 INFO||UserLib userLib: user XXXX (CF9DD0E4062F0341944BEF5DA1281612) has been removed|
However, you stated that it was working for some time so I assume it is a different user that we are dealing with most likely EB6323FE1E99324EA5601CBD1F349CF6 which is the only other ALDU user and the other user is your user account in which you logged into the system this morning. In this case the user appears to still exist but the username being entered is not found. This would mean that the username may have been changed or maybe never was in the correct format. Because the file has been redacted I can't check this. However, it appears there was only 1 reboot after activation which occurred this morning so I assume the user never was successfully able to login to PBA.
MDE only allows for 1 type of username and generally most utilize SamAccountName. However, one name was not redacted in the log and it appears in First Last (UserName) rather than the typical SamAccountName format. Check the Drive Encryption Server Settings for LDAP Attributes to verify this. Note: Changing this will effect all users so unless you are still in the testing phase, be careful of making any changes.
Thank you for your quick response and suggestion.
I can confirm that we have selected samaccoutnname and entering the correct user name.
We did more test on this issue, where we have found that user will be able to login inly once and after a next reboot user gets the unknown user error.
We thought it may be user profile issue. but if I assign the same user to any other machine then he will be able to login into that machine but after next reboot he gets the same error.
We confirmed that there was no recent change done in AD or image.
No system/user deleted in ePO - checked the audit log
installation and Activation done on LAN not on VPN.
No agent installation done with the forceinstallation switch.
Global catalg enabled and main domain selected - no child domain.
chase referral enabled.
issue on only 4 sites/newly imaged machines not on all sites and existing users.
not on specific laptop models
1. From past few days client task/server task never complete appear as in progress for more than 2 days.
2. LDAP sync task says as completed in server task log but in orion.log it says failed on one site(one of the issue site)
Suspect it might be some cosmetic issue.
Please suggest possible reasons for this issue.
Thanks in advance.
Thank you for your time.
I do not think it would be an issue with the PBFS size, because user recovery or EBOOT solve the issue but issue reoccurs after next reboot.
Could you please run the query on the ePO to get the DE-user assigned machines ?
Go to queries&reports, Clcik new -> Select Drive Encryption -> Drive Encryption - System Users -> click next -> Add "system name" in column -> filter the username by "User Name (DE)" in filter page -> save it and run the query.
Delete the specific user from those machine and make sure that the user has been removed from those machines by running the same query again. Once it is done, Run the LDAP sync across users task and do wake-up agent call. Add the user and check it.