5 Replies Latest reply on Sep 9, 2009 1:41 PM by eobiont

    Users Spontaneously orphaned

      Today, I had a group with 101 users spontaneously reduced to 9 users. The remaining 92 users got moved to Orphans.

      Then when the laptops synchronized, it locked out all the users that were logged in. Most users were no longer authorized for their laptops.

      Users rebooted their machines and got "unknown user" errors. THe users were no longer assigned to the machines because they somehow got orphaned.

      Obviously, this is a pretty big problem. All our encrypted laptops all locked their users out at about the same time, and to get them back in they had to run a recovery.

      I have called in to tech support and they got me running again, but no cause for this event is evident. We are still in a test rollout with ~60 laptops, but are looking to deploy to our 1300 laptops. Now I am a little worried because if this happens after the full rollout, I could be looking for a new job.

      I don;t have much experience with Endpoint Encryption. We have been trying to get it rolled out for almost a 6 months now and have been having lots of problems.

      Is anyone using Endpoint Encryption on more than 100 machines, and have you had catastrophic failures like I experienced today? I am nervous about deploying to the whole enterprise.
        • 1. RE: Users Spontaneously orphaned
          move up to the current version, the spontaneous lockout was resolved.

          the problem is probably that you're running on a slow server which has not gone through any performance tuning - this kind of thing will get resolved during your pre deployment services (if you have that as part of your contract).

          Orphans most commonly occur when a group action (add to, remove to) gets aborted because the connection dropped, or timed out because things were too busy. Thats why I suggest it may be the server performance (are you running a vm with a tier2/3 SAN connection for example?)

          At 1600 machines, you'll be one of the smallest deployments, so there should be no problems as long as you throw a half decent server at it.
          • 2. RE: Users Spontaneously orphaned
            I'm already running which I think is the most current.

            The server is a 4 way Xeon 2.6 with 4 gigs of ram and OS, APP, DATA on different volumes. Frankly, with 80 computers and 200 users assigned, I don't think the server should be stressed at all.
            • 3. RE: Users Spontaneously orphaned
              my plan to protect against any kind of orphaned user is to built a helpdesk type user into the template install
              • 4. RE: Users Spontaneously orphaned
                First off, call support. Anything I can tell you is at face-value, and should not be considered as coming from McAfee. As always, test any and all changes to your environment before implementing them in Production.

                -- Check your AV exclusions. We had to exclude the SBData folder from On-Acess scanning.
                -- Assign low-risk processes. We had to declare several EEPC processes as low-risk processes so they weren't scanned when run. The important one I believe was SBDBServer.exe.
                -- Check your versions. We found we had multiple versions across some files as a result of incorrect upgrade procedures. The way we found out was by checking the about page, and then checking System tab-->Endpoint Encryption Server Groups --> SafeBoot Server--> Get Status. We found that the about page and the get status showed different versions, which then led us to look at the actual modules installed.
                • 5. RE: Users Spontaneously orphaned
                  Thanks for the tips. I will make the suggested changes to my AV policy on the EE server.

                  I think it would be appropriate to add this kind of advice to the "Enterprise Best Practices Guide."

                  In fact it is in the guide.