This issue has an immediate workaround and will be addressed through a programming change in the next release of Symantec Endpoint Encryption-Hard Disk.
Symantec Endpoint Encryption is installed on a client computer without Single Sign On (SSO) being enabled The computer is rebooted.
- A policy is sent from the Symantec Endpoint Encryption Management Console enabling SSO for a user but without force so the computer is not rebooted.
- The user whose policy was changed to SSO registers.
- Registration reads that the SSO is enabled in the client database, it does not ask the user for a password and registration proceeds without error. However since the computer wasn't rebooted after the SSO policy was sent, Symantec Endpoint Encryption did not load its Graphical Identification and Authentication (GINA) on boot up and did not capture the user's Windows password. Now there is an SSO registered user and Symantec Endpoint Encryption has an empty password stored for that user.
- When the user reboots the computer and comes to pre-Windows, entering his Windows password will fail.