5 Replies Latest reply on Sep 16, 2010 1:54 PM by Valkyrja

    Locked machines will not accept credentials

      Morning!

       

      My search fu failed me so I have another question. I found out recently that a few of the machines that have been encrypted are giving the users issues when logging after their session is locked. In this case after 30 minutes have passed the workstation will lock itself and require the user to provide their credentials to login. The OS for each has been WinXPSP3. At least two of the machines are Dell Latitude 800 series. I cannot assume all current patches and most recent BIOS since I have no direct control of the machines outside of the encryption process. If the user does a hard shutdown they can then sign in fine at the pre-boot encryption screen.

       

      Currently using EEM to manage and the version that all of the machines have been encrypted with is 5.1.7. Under Windows Login, for every group that exists, all of the options are selected. Also Do Not Display Last Username is selected but none of the options that deal with locking or suspension are selected.

       

      Any help would be greatly appreciated.

       

      Thanks in advance,
      Val

        • 1. Re: Locked machines will not accept credentials

          what's the exact message the user is seeing, and, is it a Windows login box they are putting creds into, or a SafeBoot one?

          • 2. Re: Locked machines will not accept credentials

            CTRL+ALT+DEL brings up the Safeboot one. I have asked for verification of an exact error message and awaiting on their replies. I was initially told that the machines said "that their logins were incorrect." Will update when I hear back.

             

            Thanks for the quick response.

             

            Val

            • 3. Re: Locked machines will not accept credentials

              The most common reason pre-boot passwords work in the pre-boot, but not in Windows, is because of a mismatched keyboard layout between the two. EEPC5.1 does not tell you which layout you're using pre-boot (5.2x does), but you can check via the options page.

               

              If the two differ, strange password problems can occur - for example French/UK is a classic where the Q/A and W/Z keys get transposed.

               

              one trick is to get the user to type their password into the user box in the pre-boot so they can SEE what chars are being used, and confirm it in the user box in Windows.

              • 4. Re: Locked machines will not accept credentials

                English (US) on both and upon verifying the make and model I discovered that they were actually: Dell Latitude D531. Due to a lack of response from the support folks I have contacted the users directly and am awaiting replies on the exact error message.

                 

                Edited to add:

                still have not received any responses to my queries on the error message but viewing the audit file showed that there were no failed logon attempts recorded. There was activity after the estimated time of the incident but there is activity after the period of time in which the issue occurred.

                 

                9/16/2010  8:00:51 AM   0x02000001   "[username]" (userID\Type)  Logon attempt

                9/16/2010  8:00:51 AM   0x02000001   "[username]" (userID\Type)  Logon successful

                9/16/2010  8:45:51 AM   0x02000001   "[username]" (userID\Type)  Logon attempt

                9/16/2010  8:45:51 AM   0x02000001   "[username]" (userID\Type)  Logon successful

                 

                The workstation locked a few minutes before the last recorded entry.

                 

                ~V~

                 

                 

                Message was edited by: Valkyrja on 9/16/10 12:39:18 PM CDT
                • 5. Re: Locked machines will not accept credentials

                  Error message, as e-mailed to me:

                  The error code is 0xe0010002. Token Authentication parameters are incorrect. 

                   

                  If it were one or two users I would suspect some fat fingering but it appears to be several. At least two of the machines have been encrypted for over 3 months and this problem just started.

                   

                  Thanks again,

                  ~V~