9 Replies Latest reply on Aug 30, 2013 6:59 AM by Sathish L

    Single-Sign-On does not take effect

    romardy

      Hi,

       

      Why EEPC SSO does not take effect automatically? When the machine got encrypted and then rebooted, they can input their user account but receiving Token Authentication parameters are incorrect and eepc don't take their password.

       

      As a temporary solution, we do token reset for user to be able to login.

       

      Is there any required time for SSO policy to take effect?

       

      Below are product versions

      McAfee ePO: 4.6.6

      McAfee EEPC: 7.0.1.354

       

      Thanks in advance.

        • 1. Re: Single-Sign-On does not take effect
          tcox8

          Do you have a server task setup to sync AD?

           

          Do you have SSO enabled in your policy?

          • 2. Re: Single-Sign-On does not take effect
            romardy

            Yes, AD Sync happens hourly and SSO policy is enabled.

            • 3. Re: Single-Sign-On does not take effect
              tcox8

              Is this happening on more then one client machine? I'll occasionally have this happen to one machine here and there and it requires a token reset.

               

              You may try to lock and then unlock the computer after they change their password. That will push an event to the Agent to let it know it needs to update the credentials in ePO.

              • 4. Re: Single-Sign-On does not take effect
                romardy

                it happens on every newly encrypted machine. We are not comfortable in doing reset token for every machine that will be encrypted. And also we have machines that are from other region.

                 

                HAve any idea how to resolve this?

                • 5. Re: Single-Sign-On does not take effect
                  Sathish L

                  Did u tried with EEPC default password ?

                  1 of 1 people found this helpful
                  • 6. Re: Single-Sign-On does not take effect
                    tcox8

                    Sathish is correct. The very first time any user logs in they will have to enter in the default password or if you have this disabled in the policy they will have to create a new password that is temporary until they log into windows and the machine is synced.

                    1 of 1 people found this helpful
                    • 7. Re: Single-Sign-On does not take effect
                      Sathish L

                      Hi Tcox,

                       

                      Yes, you are right. first time you need to enter the default password for EE users, When machine boots into the windows and once its sync with SSO. Then, it will take effect in next reboot.

                       

                      on 23/8/13 5:54:45 PM IST
                      1 of 1 people found this helpful
                      • 8. Re: Single-Sign-On does not take effect
                        romardy

                        Thanks for all your post.

                         

                        I've tested to encrypt one test machine. Have my regular account login and activate EEPC. After successful activation, rebooted the machine. Log in with my username and my current password and it successfully booted. I'm expecting I'll be getting the same issue with other user.

                         

                        My idea is, when encryption happens with netwok connectivity and activated, user's password will be synched to eepc. But when encryption started and stopped when user need to bring home the unit and encryption resumes, that's when the passwords don't sync in. And this is how offline activation works (based on eepc documentation). This is only my point of view. You can correct me if I understood the policy wrong.

                         

                        Most of the user's that encountered login issues are those who bring their laptop and encryption is not yet completed. And when they arrived home or they already travel to other country, that's when I received calls for eepc login problem

                         

                        If there will be any detailed or exact explanation on this, I will be very grateful.

                         

                        Thanks again for all your help

                         

                        Message was edited by: romardy on 8/26/13 10:44:43 PM CDT
                        • 9. Re: Single-Sign-On does not take effect
                          Sathish L

                          Don't know what's happening exactly............................ upload the log files, will try to sort it out.