4 Replies Latest reply on Nov 3, 2008 8:42 AM by SafeBoot

    Vista Login Problem

      We are still trying to implement McAfee Device Ecryption and we are having problems with the Vista installations. We are running build 5300.

      First off, SSO is working fine on Vista and when the device is on our network there are no problems. Off network however, and we are unable to log in. When off network, we the error, "There are currently no logon servers available to service the logon request." Note that we can successfully log into the McAfee Device Encryption screen but when it tries to use the credentials to log into Vista that error shows up.

      I have tried to work with McAfee on this and they still haven't gotten back to me with a solution. I have tried this on a laptop and on several VMs and they all get the same error.

      In addition, it is not inherently a problem with cached credentials because our laptops are fine off-network when Device Encryption is NOT installed.

      Any ideas?
        • 1. Cached Creds..
          EEPC will be trying to login with the last known user SSO credentials, ie the ones related to the domain controller.

          you'll either need to cancel the login and clear the SSO box (I don't have a vista machine here but I think it's on the first login screen), or (and this might be useful anyway), add the Vista credential provider to the list of valid providers as per the Device Encryption Administrators Guide so the user has the choice of how to login.

          You'll get a couple if tiles then, one for the SafeBoot creds, and one where you can enter normal Vista/Windows credentials. I use that mode so I can login pre-boot with one user, then either SSO into windows or pick an alternate Windows ID as my needs require.

          S.
          • 2. RE: Cached Creds..
            Installed 5400 and got the same error initially. However, when I click close on the error message I get a pop-up login menu. If I type the credentials I expect to work, it gives me the error message. If I leave off the @domain portion of the login it lets me through. So apparently it is still having UPN problems...

            Now in XP (as you may have seen in my other post) I can edit the sbgina.ini and say detect UPN but in Vista how do I ensure it is looking for UPN? And why does it work when on network? It seems that UPN works on network but not off network.

            I will research that comment you made about the vista credential provider and make sure it is set up correctly but could it be something else?
            • 3. RE: Cached Creds..
              I searched the admin guide but I was not able to find how to add credential providers to McAfee Endpoint Encryption in Vista. Where are the providers added?
              • 4. Cred profiders
                paragraph 19.15 in the 5400 Device Encryption Admin Guide.