2 Replies Latest reply on Dec 9, 2011 10:13 AM by SafeBoot

    Issues with MEE Authentication / Sync with Active Directory

      Hi All,

       

      We are using McAfee Endpoint Encryption to encrypt laptop data and use Altiris to deploy, we have 2 jobs a MEE (Include DB job) and a standard MEE job which requies you to sync the database (takes about 1-2 days to compelte a sync and encrypt a laptop drive.

       

      When using the Include DB job a SBXFER.SDB file is installed and we manually have to add this file to the MEE server and the laptop will be able to sync and it seems to work fine.


      The problem i am having is when running the standard sync job. No SBXFER.SDB file is created. McAfee appears to sync users down fine and encrypt the drive however I have users constantly coming to me advising that they are unable to login with there current AD credentials. We have reset there token and resynced and logged in with a default password of 12345 and then changed the password to there AD password. This seems to work for a couple of days however it seems to drop out again and they are unable to login. When logging in with my own admin details after a sync it only seems to want to accept a previous password that I used ~6 months ago. I have reset my own token however it still onyl accept the older password.


      When doing a sync should it be creating a SBXFER.SDB file and if so is there anyway to manually create this file and place it on the machine as it does not appear in there C:\Program Files\McAfee Endpoitn Encryption folder.

       

      Anyhting else you can suggest that may be causing this would be great.

       

      Thanks,

      Ben

        • 1. Re: Issues with MEE Authentication / Sync with Active Directory

          Another example:

           

          Install MEE (without the include DB)

          Log into machine using my creds / run sync / encrpyted drive

          User goes to log on (has previously had a MEE account synced with AD. User is only able to login with his old AD password.

          Next day user is unable to logon using old password, MEE is now accepting his current AD password.

          Today user goes to login and none of his passwords are accepted. Logged onto machine for user and MEE would onyl accept my passwod used ~6 months ago.

          • 2. Re: Issues with MEE Authentication / Sync with Active Directory

            check the client log - it will tell you which way the token is flowing. Most likely the user is provisioned on multiple machines, and they are sending token updates to EEM for distribution.

             

            SBXFER files are only created if you use offline install mode - they are not needed for online mode. No, there's no way to create it again. You only need it once (during install to copy the keys back to EEM) - if you are doing online installs you don't need it at all.

             

            It sounds like you're online though - so using offline mode is totally unnecessary - just get EEPC to send stuff directly over the network to EEM. Offiline install mode is really for people who have zero connectivity.