6 Replies Latest reply on Aug 24, 2015 1:37 PM by skparkj

    Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

    skparkj

      Hello,

       

      I've currently installed Drive Encryption 7.1.3 and am getting this error message at the pre-boot login screen after I type in the username and password. I know this password is correct because I can login to my domain with the same username/password. In addition, it also works on another laptop (I have it assigned to 2 different laptops for testing purposes). This is a brand new laptop so no one has been able to login the pre-boot environment and change the password. The password hasn't been changed in AD and the account hasnt been removed. I'm quite perplexed as there is probably a simple solution. Any help would be greatly appreciated.

        • 1. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)
          skparkj

          I just typed in the default password '12345' and was able to change the password. I'm confused because on a different machine it had accepted the password that was setup in active directory. Is this due to me removing a user-based policy?

          • 2. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)
            Troja

            Hi,

            have you checked if your user is added to the preboot? You can check this in EPO. When adding the user with the "add local domain users", your user should be shown here.

            Have you ever been logged on to this system? Or is this the first login to the system?

            Have you checked this KB? https://kc.mcafee.com/agent/index?page=content&id=KB73697&actp=null&viewlocale=e n_US&showDraft=false&platinum_status=false&locale=de_DE

             

            Which McAfee Agent are you using?

            Have you activated the "Database Sync" option in the EPO Server settings?

            Is the LDAP Sync task running without any trouble?

            What settings have you configured in detail for user adding to Preboot and how the settings are configured based on the KB article above?

            Is the Agent Data Channel working probably?

            How about the Drive Encryption LOG Files? Are there any errors visible?

             

            Cheers

            • 3. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

              A few things.

               

              1. The eepc and AD passwords are separate credentials - they may be the same, they might not be - EEPC tries to keep the eepc password the same as your AD password, but no attempt is ever made to keep the AD password the same as the EEPC password.

               

              2. The only time your AD password is known, is when you type it - AD doesnt store it. So if you change your AD password somewhere other than on an EEPC protected machine, EEPC won't get to know about that.

               

              3. EEPC passwords are sent from PCs to EPO periodically, and from EPO to PCs periodically - within a few hours in most cases, a password change by a user on one PC that they use will get replicated to all the other PCs their account is assigned to. IN MOST CASES. It depends on your policy sync time periods, connectivity etc.

               

              Because sync is not immediate (to reduce network load), you can end up in situations like you have, where the same user on two different machines has two different EEPC passwords. This situation should resolve itself as the PCs sync up with EPO though.

              • 4. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)
                skparkj

                Does EEPC get the password from AD when the new user becomes assigned or will the password be 12345. So is the default password, if never changed, always going to be 12345?

                And is there a way to start a server task to have the passwords synced right away or is that up to ePO.

                • 5. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)

                  huh..

                   

                  2. The only time your AD password is known, is when you type it - AD doesnt store it. So if you change your AD password somewhere other than on an EEPC protected machine, EEPC won't get to know about that.

                   

                  So no - EEPC never gets the password from AD - there's nothing to get.

                   

                  It's not a server task you need - it's a client send/receive props if I remember right (or it could be an ASIC) - there's been innumerable threads here about it.

                  • 6. Re: Error EE0F0001 at Pre-Boot Login (Failed to authenticate)
                    skparkj

                    Just wanted to triple check because I was able to login with my AD password into EEPC without changing the password.. I guess someone must have changed it. Thanks for your help.