Apologies if am using the wrong terminology.
I have an ePO454hf1, EEPC612 pilot deployment running and have used the EEPC getting started guide. Everything works well except for the syncrhonization of (W2k3) AD with the EEPC token. The server sync task runs without errors and I am able to select an AD group for EE Users. I am using the All All local and past users option in the product policy. The symptoms are that I must perform encryption recover for the user in order to get past the initial preboot authentication or eepc login screen. Once the token is reset, on the next logon I am prompted to register the challenge questions and SSO works. From that point on, there are no issues.
Thank you in advance.
Let me add that if I attempt to authenticate using any account that has not been explicitly recovered, I receive an unknown user (EE050002) error.
I managed to get on to support. My understandings and expectations of the user sychronization were incorrect. Our pilo process was to distribute a fully encrypted laptop to a user. But since the user had never logged on, EEPC could not learn about the profile and and activate the user. I have not had a chance to test it further but deploying EEPC to an exsting system and user should function as expect.
I assume they told you this already, but you can also add a user manually from ePO. Certainly not ideal, but worth mentioning.