1 2 Previous Next 10 Replies Latest reply on Dec 14, 2009 9:08 AM by rbdudani

    SSO Problems with Workgroup

      We have a unique situation in which all of our users are workgroup users working remotely.  We have a server setup which has the necessary configuration in place for the EEPC and EEFF clients to contact the server via the internet and this part is working great.  I would like to implement SSO.  I have all the options checked under Windows Logon except "Require Login to Endpoint Encryption" and "Require Re-logon to Endpoint Encryption.   SSO seems to work fine if the Windows username on the client machine maches the EEPC user (which I would expect since that checkbox is checked).  However, I would like to standardize the Windows usernames, so have used the "Change Name" feature of Windows XP to change the current Windows Logon name to a standardized logon name (which matches the EEPC username as well).  I then log off the Windows session and log back on with the new username.  I then deploy EEPC to the client.  They log in after installation and type their default password of 12345 and then are forced to change it immediately.  They change it to match their Windows password.  They are then taken to the Windows Login screen where they log in with their new Windows username (that matches EEPC) and password.  I then force a sync from the client-side.  The sync log says that changes to the user sso is being uploaded to the database.  I then reboot the system.  However, SSO does not work.  It still stops at the Windows logon screen.  Why would this be?

       

      If I set the SSO Details from the server and sync the client,  this allows SSO to work fine - until the Windows password is changed.  I press ctrl-alt-del to change the password, force a sync from the client-side, and reboot the system.  The EEPC password doesn't get changed.  I manually change the EEPC password from the SafeBoot screen to match the newly changed Windows password, but SSO still does not work.

       

      Any ideas would be greatly appreciated!

        • 1. Re: SSO Problems with Workgroup
          rbdudani

          remove "Must match windows username" option tick mark

          • 2. Re: SSO Problems with Workgroup

            But if I remove that tick mark, I will run the risk of the EEPC account associating itself with the wrong user account if I'm reading the support documents correctly.  How would that actually work with that unchecked?  Would the EEPC account get associated with whatever Windows username logged onto it first?

            • 3. Re: SSO Problems with Workgroup
              rbdudani

              send me one example

               

              what user name in windows ? (r u using username@domain.com or only SAMAccountname only)

              what username in SafeBoot ?

              • 4. Re: SSO Problems with Workgroup

                We log in to the workstations as just the SAM account name.  That name hasn't been standardized in the past, so the usernames could be all over the board, currently.  As we deploy EEPC and EEFF I am trying to standardize the user names, so have created usernames in EEPC that I want the Windows usernames to match.  For example, a user's windows username is Graham Grey.  The standard I would like to change it to is GreyG.  So, in EEPC, I create a user GreyG.  Before deploying EEPC to the computer, I instruct the user to go to the User Account section of the Control Panel and use the "Change Name" feature to change their username to GreyG.  They then reboot their computer and log in as GreyG just to be sure everything works correctly.  I then deploy EEPC to the machine.  It gets deployed and we reboot the system - logging back in as GreyG.  EEPC starts encrypting the hard drive and finishes.  We reboot again.  This time the SafeBoot screen prompts for the username and password.  We enter GreyG for the username and 12345 for the password.  They have to immediately change the password - which they set to their Windows password.  They are then prompted by the Windows logon screen for their username and password.  They enter GreyG and their password and log in.  I then instruct them to force a sync to the server.  This is done and a reboot is performed.  GreyG is entered for the Safeboot username, but it still stops at the Windows logon screen instead of going straight through.

                 

                If I understand the process correctly (which is a big if) without requiring the EEPC and the Windows usernames to be the same, I could end up with an EEPC admin account being erroneously tied to a standard Windows user account.  Is this correct?  If so, and I have to keep the requirement for them to match, how can I get single sign-on to work?  By the way, SSO does work if the EEPC username is set to the non-standard username and the Windows username is not changed.

                 

                 

                Message was edited by: gbb on 12/11/09 7:08:05 AM CST
                • 5. Re: SSO Problems with Workgroup
                  rbdudani

                  I could end up with an EEPC admin account being erroneously tied to a standard Windows user account.  Is this correct?

                   

                  Ans : YES

                   

                  do below steps

                   

                  at client machine find SBGINA.ini in C:\program files\safeboot\

                   

                  change below option

                  Trace.LogonWindowInfo=YEs

                  now login from safeboot as well in windows and than send below file from same directory

                   

                  LOGONWND.TXT

                  • 6. Re: SSO Problems with Workgroup

                    That's the other part of the problem, as you can see from the contents of the attached file.  Nothing seems to show up.

                    • 7. Re: SSO Problems with Workgroup
                      rbdudani

                      which version you r using ??

                      • 8. Re: SSO Problems with Workgroup

                        5.2.2

                        • 9. Re: SSO Problems with Workgroup

                          v5, 2, 2, 4 to be more specific.

                          1 2 Previous Next