what's the exact message the user is seeing, and, is it a Windows login box they are putting creds into, or a SafeBoot one?
CTRL+ALT+DEL brings up the Safeboot one. I have asked for verification of an exact error message and awaiting on their replies. I was initially told that the machines said "that their logins were incorrect." Will update when I hear back.
Thanks for the quick response.
The most common reason pre-boot passwords work in the pre-boot, but not in Windows, is because of a mismatched keyboard layout between the two. EEPC5.1 does not tell you which layout you're using pre-boot (5.2x does), but you can check via the options page.
If the two differ, strange password problems can occur - for example French/UK is a classic where the Q/A and W/Z keys get transposed.
one trick is to get the user to type their password into the user box in the pre-boot so they can SEE what chars are being used, and confirm it in the user box in Windows.
English (US) on both and upon verifying the make and model I discovered that they were actually: Dell Latitude D531. Due to a lack of response from the support folks I have contacted the users directly and am awaiting replies on the exact error message.
Edited to add:
still have not received any responses to my queries on the error message but viewing the audit file showed that there were no failed logon attempts recorded. There was activity after the estimated time of the incident but there is activity after the period of time in which the issue occurred.
9/16/2010 8:00:51 AM 0x02000001 "[username]" (userID\Type) Logon attempt
9/16/2010 8:00:51 AM 0x02000001 "[username]" (userID\Type) Logon successful
9/16/2010 8:45:51 AM 0x02000001 "[username]" (userID\Type) Logon attempt
9/16/2010 8:45:51 AM 0x02000001 "[username]" (userID\Type) Logon successful
The workstation locked a few minutes before the last recorded entry.
Error message, as e-mailed to me:
The error code is 0xe0010002. Token Authentication parameters are incorrect.
If it were one or two users I would suspect some fat fingering but it appears to be several. At least two of the machines have been encrypted for over 3 months and this problem just started.