5 Replies Latest reply on Oct 21, 2014 3:30 PM by theglot

    Drive Encryption 7.1 can't sync users from epo User Directory

    rtrc

      Hello,

       

      we have currently a test Environment for deploying DE v7.1 and epo 4.6.7.

      Now we tried as well the new User Directory functionallity, but the users we created in this directory can't be synced to the client. Error message is the following out of mfeepe.log

      2014-01-20 09:26:15,349 WARNING EpoPlugin                            userHandler: OptIn user (i.e. non-default UBP user) [1\fb2227ceaf454161a01b9d1461caed84] has incomplete UBP (missing UBP/Ident) which will cause this user to be ignored.

       

      So right now we have 2 different user based policies.

      Default UBP: AD Users for logging on with Smartcard

      Admin UBP: User Directory Users logging on with Username / Password

       

      Default UBP is assignet to My Organization.

      Admin UPB is assigned through a policy assignment rule to all users in the User Directory. UBP enforcement is set to true.

       

      Has anyone an idea what went wrong that the users (from epo User directory) can't be synced to the client ?

       

      Message was edited by: rtrc on 1/20/14 5:39:16 AM CST
        • 1. Re: Drive Encryption 7.1 can't sync users from epo User Directory
          mitch_reid

          Try disabling the policy assignment rules and see if the users sync with the clients.

          • 2. Re: Drive Encryption 7.1 can't sync users from epo User Directory
            rtrc

            Yes we tried this.

            The opposite way it is working fine. It seems that the Policy Assignement Rules are not working for the User Directory users.

            I had a look on a System where the problem occures. Show Assigned policies and selected the test users from the User Directory.

            All of them still had the wrong policy (Default UBP) assigned by the System (and not by the Rule as it should be).

            I tried it again with some users from Active Directory, and there the assignement rule is working correct.

            • 3. Re: Drive Encryption 7.1 can't sync users from epo User Directory
              McAfeeKel

              I've seen cases like this one, so I guess that maybe what is happenning is something similar to this:

               

                   The Encryption Users assigned (only those users having the trouble) from User Directory to the machine, and that are considered by the Policy Assignment Rule are being left out of the scope of the Policy Assignment Rule.

               

                   I mean, it could be that the Rule is considering (criteria) somehow only a segment of the System Tree and maybe the machine is located in a different segment and the Rule cannot realy be assigned as intended, so the non-default UBP that is supposed to be applied by the Rule won't be assigned to that machine and the Encryption Users that are supposed to be effected by that non-default UBP are left in an incomplete state regarding the expected non-default UBP .

               

              Could it be?

               

              Try checking the Rule criteria and ...

               

               

              ... a) make sure the machine will be included in the scope of that Rule;

              ... b) also verify that using that Rule criteria all the Encryption Users that are supposed to get a non-default UBP assigned by a Rule will actually get a non-default UBP in that machine.

               

               

              Hope it helps.

               

               

              P.S. make sure also about the order of the Rules (and the criteria or the preceding Rules), it has to be such as the intended Rule doesn't get ignored; I mean, if the criteria for this Rule is ok then check if the higher Rules are not overrding this Rule.

               

              Message was edited by: McAfeeKel on 1/22/14 8:29:51 AM CST
              • 4. Re: Drive Encryption 7.1 can't sync users from epo User Directory
                dwebb

                Could you please try going to Server Settings | User Policies, and changing "Database Mirroring Enabled" to "Yes"....see if that resolves your problem after you wake up the agent on the affected system?

                • 5. Re: Drive Encryption 7.1 can't sync users from epo User Directory
                  theglot

                  what does "Database Mirroring enabled" do in the ePO Server Settings?