Symantec Endpoint Encryption: Known issue and workaround for Single Sign On
search cancel

Symantec Endpoint Encryption: Known issue and workaround for Single Sign On


Article ID: 151417


Updated On:


Endpoint Encryption


This issue has an immediate workaround and will be addressed through a programming change in the next release of Symantec Endpoint Encryption-Hard Disk.

Symantec Endpoint Encryption is installed on a client computer without Single Sign On (SSO) being enabled The computer is rebooted.
  • A policy is sent from the Symantec Endpoint Encryption Management Console enabling SSO for a user but without force so the computer is not rebooted.
  • The user whose policy was changed to SSO registers.
  • Registration reads that the SSO is enabled in the client database, it does not ask the user for a password and registration proceeds without error. However since the computer wasn't rebooted after the SSO policy was sent, Symantec Endpoint Encryption did not load its Graphical Identification and Authentication (GINA) on boot up and did not capture the user's Windows password. Now there is an SSO registered user and Symantec Endpoint Encryption has an empty password stored for that user.
  • When the user reboots the computer and comes to pre-Windows, entering his Windows password will fail.


The user will have to login to Windows by using the Symantec Endpoint Encryption Authenti-Check.
    • Or, the user will need to login as an Symantec Endpoint Encryption Client Administrator.
    • Or, the user can press Enter at the pre-Windows authentication screen without entering a password and it will perform the Symantec Endpoint Encryption authentication and then load Windows. Since Symantec Endpoint Encryption does not have a valid password for the user, the user will still get the Windows authentication screen asking for a password.

    • After entering the Windows password, the passwords for Symantec Endpoint Encryption and Windows will be synchronized and there will be no login problems.