Try disabling the policy assignment rules and see if the users sync with the clients.
Yes we tried this.
The opposite way it is working fine. It seems that the Policy Assignement Rules are not working for the User Directory users.
I had a look on a System where the problem occures. Show Assigned policies and selected the test users from the User Directory.
All of them still had the wrong policy (Default UBP) assigned by the System (and not by the Rule as it should be).
I tried it again with some users from Active Directory, and there the assignement rule is working correct.
I've seen cases like this one, so I guess that maybe what is happenning is something similar to this:
The Encryption Users assigned (only those users having the trouble) from User Directory to the machine, and that are considered by the Policy Assignment Rule are being left out of the scope of the Policy Assignment Rule.
I mean, it could be that the Rule is considering (criteria) somehow only a segment of the System Tree and maybe the machine is located in a different segment and the Rule cannot realy be assigned as intended, so the non-default UBP that is supposed to be applied by the Rule won't be assigned to that machine and the Encryption Users that are supposed to be effected by that non-default UBP are left in an incomplete state regarding the expected non-default UBP .
Could it be?
Try checking the Rule criteria and ...
... a) make sure the machine will be included in the scope of that Rule;
... b) also verify that using that Rule criteria all the Encryption Users that are supposed to get a non-default UBP assigned by a Rule will actually get a non-default UBP in that machine.
Hope it helps.
P.S. make sure also about the order of the Rules (and the criteria or the preceding Rules), it has to be such as the intended Rule doesn't get ignored; I mean, if the criteria for this Rule is ok then check if the higher Rules are not overrding this Rule.
Could you please try going to Server Settings | User Policies, and changing "Database Mirroring Enabled" to "Yes"....see if that resolves your problem after you wake up the agent on the affected system?
what does "Database Mirroring enabled" do in the ePO Server Settings?