This content has been marked as final. Show 7 replies
I don't have the PDFs with me right now, but have you looked up the code in the Device Encryption Administrators Guide?
If I understand you right, are you assigning the SBAdmin account to machines? If so, bad monkey, bad! Never assign a SafeBoot administrator to a machine. It opens up the account to potential exposure and compromise. Additionally, it normally leads to accidental password changes for those accounts. This can cause a lot more problems if the SB server service starts with that account or scripts use it. Keep your SB admin and service accounts in a separate group from your normal users.
If a user is assigned to the machine, but never logged into SafeBoot, the password should be 12345 initially (unless you set a different default). If the user has ever used SafeBoot, even on another machine, it will be the latest password that was synched to the database.
On another note, try to avoid assigning large user groups to machines. It can increase synch times greatly and create more problems than it solves.
the user name/password is not valid.
So, either the user is not applied to that machine, or the password you're typing is not the one set for the user.
Check in the client log if the user actually is assigned to the machine or not. Also try to log onto the management center with that user's id and password to see if you get the same result.
I had this error, resolved by:
carry out a 'machine recovery'. See below:
1. At login screen: Cancel
2. Options (bottom left)
4. Machine recovery > next
5. Provide the 'client code' and choose to Safeboot Recovery admin
6. Insert challenge response
I don't believe this will necessarily "resolve" this error.
For instance, if the user is not added to a machine I don't think the recovery will add it. Therefore the next time you boot and log in with that user you will get the same error. If it's a password problem this "may" work if a password just needs to be sync'd. If the token for that user never gets reset/re-created then I would assume you'd get the same error...
Agreed, however, this gets past the SB encryption screen and into Windows. Once logged onto Windows and connected to Domain, a full sync should be carried out, ensuring that the users are imported/updated.
exactly. Once it syncs, you can view the log to see what's been going on.
Ah yes you have it right then... just didn't want to assume that everybody knew to do that. My bad! happy