7 Replies Latest reply on Jul 7, 2011 8:26 AM by redbaron51

    Cannot add user too EEPC users

    lfah2000

      Hi,

       

      We are using EEPO 6.0,1 and I am having a problem with my own PC.

      I got encryption last week but cannot login with my own domain account.

       

      It gives error EE050002 unknown user.

       

      Adding my user account to the PC in ePO does not work. I can add other usesr and this works.

      I had EEPC on my old PC (windows XP) and this worked fine.

       

      Any Ideas where too look to solve this problem?

      I checked the logfile (MfeEpe.log) . I can see the other accounts but not my own account.

       

      Regards,

      LFAH2000

        • 1. Re: Cannot add user too EEPC users
          redbaron51

          "I checked the logfile (MfeEpe.log) . I can see the other accounts but not my own account."

           

          How is the entry on MfeEpe.log????? Can you copy and paste a line for us.

           

          The reason I am asking is that in my test environment I do not see a user account being added on MfeEpe.log. I am wondering how long it takes after user logs in to the machine for their account being added EEPC

           

          Mind you I am testing EEPC 6.1

          • 2. Re: Cannot add user too EEPC users
            lfah2000

            Hi,

             

            You have to enable logging first:

            https://kc.mcafee.com/corporate/index?page=content&id=KB67529&actp=search&viewlo cale=en_US&searchid=1309862511177

             

            2011-7-4 9:44:21,924 DEBUG MfeEpeHost From uuid = 70e77e64-14e4-467d-8d22-775dc78d7c3b From Service = MfeEpeEncryptionService To uuid = 2b2f032f-a620-11e0-800d-e02a82c9b94c To Service = MfeEpeEncryptionServiceClient Message = <element xsi:type="ns1:ESGetUpdatedUsersRsp"><sendTo serviceName="MfeEpeEncryptionServiceClient" serviceUUID="2b2f032f-a620-11e0-800d-e02a82c9b94c" xsi:type="ns1:MfeEpeAddress"></sendTo><from serviceName="MfeEpeEncryptionService" serviceUUID="70e77e64-14e4-467d-8d22-775dc78d7c3b" xsi:type="ns1:MfeEpeAddress"></from><userList xsi:type="ns1:ESUserList"><users xsi:type="ns1:ESUser"><uuid>CEBCB9509D44924CA98FA79D91B58D14</uuid><name>XXXXXXXXX</name><policy xsi:type="ns1:ESPolicy"><ident>806</ident><name>AO Userbased Policy</name><timestamp xsi:type="ns1:MfeEpeTimestamp"><milliseconds>133303219</milliseconds></timestam p><section xsi:type="ns1:ESPolicySection"><name>Authentication</name><item name="CertificateRulesQty" value="0" xsi:type="ns1:ESPolicyItem"></item><item name="CertificateUseLates

             

            The characters <name>XXXXXXXXX</name> will note the userID

             

            Regards,

            LFAH2000

            • 3. Re: Cannot add user too EEPC users
              redbaron51

              Hi and thanks for that...

               

              only issue is that this is for debugging only and should be switched off after troubleshooting.

               

              I was hoping that we could see user in the log file (MfeEpe.log) so we did not need to give help desk/support  teams access to this area of ePO and add users to computers.

               

              cheers

              • 4. Re: Cannot add user too EEPC users

                How is your EE LDAP sync task configured? I have seen this issue in the past where your account is added, but not in the format you expect. By default, the task is configured to use the "user name" attribute of Active Directory. So you would have to type in your username in this format "joe user". You are probably used to logging in with the format "juser". If this is happening, you can fix it by modifying your EE LDAP sync task to use samaccountname for the first two fields instead of the "name" or "user name" attribute that is there by default. I have documented this recommendation and all other initial configuration recommendations here: https://community.mcafee.com/blogs/danlarson/2009/11/30/unofficial-quickstart-gu ide-for-mcafee-eepc-v6

                • 5. Re: Cannot add user too EEPC users
                  redbaron51

                  Hi Larson

                   

                  EE LDAP task settings configured:

                  username: samaccountname

                  display name: samaccountname

                  account control: useraccountcontrol

                  user certificate: blank

                   

                  Your guide is good and I had already read it.

                  • 6. Re: Cannot add user too EEPC users
                    lfah2000

                    Hi,

                     

                    I have no direct access to the ePO console.

                    I will check this. But if this was true then it should  not be possible to add other accounts?

                     

                    On the client my local profile was not added either. My domain account also has a local profile.

                     

                    regards,

                    LFAH2000

                    • 7. Re: Cannot add user too EEPC users
                      redbaron51

                      AFAIAK

                       

                      You can add users by either going:

                       

                      Menu - Data Protection - Select System - Actions - Endpoint Encryption - Add Users

                      or

                      From the Product Policy enable "Add Local domain users" and whoever logs on to the machine will be added as an EEPC user on that system

                       

                      What I wanted to see from the MfeEpe.log was something like:

                       

                      ....adding user DOMAIN\username1

                      ....adding user DOMAIN\username2

                      etc so that th esupport team did not need access to this area of ePO to check whether specific user has been added to the system.

                       

                      Message was edited by: redbaron51 on 07/07/11 08:26:31 CDT