I am a bit unclear on the problem. Is the problem that the machine shuts down when instead it should simply unlock the system?
Yes Dan, that's what happening.
machine logs the user out instead of simply unlocking the system!
it logs of successfully and then shows `Please wait | saving your settings....` i think system is trying to restart or shutdown but I have waited more than 15 mins nothing happens beyond that message/window.
I am not sure it happens because of a policy setting (couldn't find anything) or due to a known/unknown issue. I can only reproduce this in XPSP3, haven't got any other system with different OS.
All these machines are deployed via ePO (including my VM) and working flawlessly with SSO.
I just did a test on Windows 7 (32 bit) and I was not able to reproduce the behavior. I will try again on an XP system.
Are you using the standard Windows GINA, or do you have something else (perhaps Novell) doing the authentication?
I just tested on a VM running Windows XP Pro SP3 and I was not able to reproduce the issue. My policy is the same as yours, so if it were a bug I should be seeing it to. Can you tell us more about your environment, any password managers or other GINA components?
I am not using password managers, my VM is a fresh one with SP3. Customer had Pointsec installed in one production laptop prior to EEPC. Then I tested
in a newly build system with no other password managers or gina components and also in my VM (clean build no additional components) - I still able to reproduce.
SLogs in to the system (sso) then lock the workstation and unlock it, eepc logon prompt for the users password. leave that untouched for little more than 2 minutes then enter the password. System logs me off and try to restart (but never really restart).
How was the user assigned to the machine? Did you assign as a "group user" or did you let "add local domain users" create the user for you? I see you have the policy option disabled now, but it could have been on in the past.
1 of 1 people found this helpful
maybe the machine is trying to suspend for some reason, or even shut down (Windows updates?) but the login screen is preventing that?
I guess the trick would be to cause a delayed shutdown, and then lock the machine to see if the shutdown still occurred, or if it waited until the login.
In my VM, I have two users (manjula and mia), domain admin and a non-domain admin user, both are added from the AD (in the same ePO server). There aren't user groups configured. I have also enabled `Require Endpoint Encryption logon:` as well as Add local domain users:
However, customer has a different policy, Following check boxes are unchecked (Disabled):
Require Endpoint Encryption logon: Add local domain users:
Further, I have added the Laptop owner's user name and Safeboot Admin group from the AD. This group has couple of Desktop admin users.
As you can see we have 2 Different polices but still able to reproduce the aforementioned issue.
Additional note: I changed the policy in my VM by disabling `Require Endpoint Encryption logon:` option. Then restarted the VM after I applied the policy. Logged in as mia (non-domain admin) SSO worked as expected. Locked the system and unlocked it, left the
EE login box for more than 2mins (idle) and entered the password - observed same result as earlier!
But I don't see a same reason to restart Customer laptops and my VMs (different domain/ EE polices). Customer may be running windows updates and other updates but I have disabled windows update in my XPSP3 VM. Strange thing is it never completes the restart/shutdown. I kept it for a very long time only thing I could see is the `Please wait....` Saving Your Settings...` windows dialog Box and high level of disk I/O happening.
I think it tries to logs the user off from the system not to restart/shutdown. Generally in XP systems when you select `Log Off...` you will see another Box, "Are you Sure you want to Log off?" then when you click Log off you will see two message boxes briefly and disappears. First one is `Logging Off`
I had one error in the Event Viewer
Event Type: Error
Event Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/au throotseq.txt> with error: The server name or address could not be resolved
This happens when the Update Root Certificates component is turned on and the computer cannot connect to the Windows Update server on the Internet.
So I cleared the Update Root Certificates check box in the Add/Remove Windows Components as per MS recommendation. Thereafter that error disappeared but not the issue.