I'm trying to troubleshoot a problem faced by one of our endusers. Here is a brief scenario:
- Laptopx is encrypted (SSO enabled) with a machine policy and has JSmith and DBrown users added to it.
- JSmith and DBrown can preboot with their respective AD user ids and password
- JSmith has a desktop (not encrypted) and he changed his windows password (using Ctrl+Alt+del)
- JSmith tries to login Laptopx with the new password and (obviously) it fails as the Encryption Manager is not aware of the new password
- DBrown logs in at the preboot with his credentials, logs off and gives the Laptopx to JSmith.
- JSmith is able to login at the windows with the new windows password.
- After logging in, JSmith initiates the Encryption synchronization thinking that this new windows password will be updated locally and also pushed to the Object Directory.
- Reboots Laptopx and tries to login with the new password. He get a Authentication incorrect error. Tries to login with old password --> able to login, but stopped at the windows interactive logon, keys in the new password and tries to sync again. Reboots again and tries again.....SAME story...
Could anyone of you help. How to fix this...?
I'm attaching snapshots from the client log.
3/3/2010 7:21:18 PM Adding user (ID=00000d4f) JSmith [First sync, the new user gets added to the endpoint]
3/4/2010 10:52:44 AM Checking for token data updates
3/4/2010 10:52:53 AM Updating database token data with local changes for user (ID=00000d4f) [First time logs in with default password and then with windows password]
3/4/2010 10:52:55 AM Checking for SSO updates
3/4/2010 10:52:59 AM Updating database SSO info with local changes for user (ID=00000d4f)
3/4/2010 10:53:00 AM Checking for Local Recovery updates
3/4/2010 10:53:05 AM Checking for hashes updates
3/4/2010 10:53:06 AM Transferring local audit information to database
3/4/2010 10:53:14 AM Checking for file updates
3/4/2010 10:53:19 AM Applying configuration
3/4/2010 10:53:19 AM Synchronization complete
3/4/2010 1:40:37 PM Updating database token data with local changes for user (ID=00000d4f) [Noticed after the step 6 and 7]