Check following Possibilities
1) Machine have latest reporting to Server.
2)How many time User trying to use User ID and Password.
3) User knows the Password.
Is the user getting a 'Failed to authenticate' error or are they getting 'Unknown user'? Failed to authenticate would imply that there is a password and/or token issue in which case I would recommend trying to reset the token and then see if they continue to have the issue. Otherwise, 'Unknown user' would imply that ALDU is failing to add the user and/or the user is attempting to log in before the full policy enforcement has completed on the workstation. Logs would need to be investigated on client and server side and you may want to consider opening a support ticket.
we saw two steps which are taking a long time.
1) User does a logon in windows. After the desktop is available the user does a reboot. At this state we see an unknown user message in PBA
2) After some time and several logons the user is available in PBA, but now we get the Failed to authenticate error message.
I get it working, no problem, i just looking for an easy approach for the customer. Actually, the customer uses a product, where LDAP authenticaiton is available in the PBA. This is much easier to implement. So i´m looking for an easy to implement approach with McAfee DE and PBA.
1) My reply in the previous post would still apply here. There are too many unknowns for me to make a recommendation on what you should or should not do here.
2) Failed to authenticate implies that the user is entering a bad password. If this is their first time logging into the preboot environment then the user ID has a default password. The default password can be configured in your user based policy settings for MDE in EPO. The 'default' default password is set to '12345'.
If they are looking to utilize the same password from active directory for their preboot user accounts then they can configure single sign-on (SSO) within the product settings policy for MDE in EPO.