Microsoft Online accounts do not sync password changes with Symantec Drive Encryption Single-Sign-On (SSO) passphrase
search cancel

Microsoft Online accounts do not sync password changes with Symantec Drive Encryption Single-Sign-On (SSO) passphrase

book

Article ID: 159199

calendar_today

Updated On:

Products

Drive Encryption Desktop Email Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

When users update their Microsoft account password, they will not be able to use that new password to authenticate at Boot Guard. They will have to continue using their old Microsoft account password to authenticate at Boot Guard, or until the user goes through "Solution 2" below to reset their passphrase.

When the customer authenticates at Boot Guard with their old Microsoft account password, they will see the following error at the Windows welcome screen;

“Incorrect password or username”

When you click “OK” the "PGP SSO" user account is displayed.

Cause

If a user is using a Microsoft account changes to the password do not automatically synchronize with Symantec Drive Encryption passphrase SSO. Microsoft linked accounts are not limited to the Microsoft domain name scheme.

Resolution

Solution 1

To enable automatic synchronize of password changes and the Symantec Drive Encryption SSO passphrase, authenticate at Windows using a local user account instead of Microsoft account. Password changes will automatically synchronize when the local user account password is changed using Ctrl+Alt+Delete.

To create the Windows local user account follow the steps below:
1.      Move your mouse to the lower right corner of the screen.
2.      When you see the charm screen appear, click on the settings charm that looks like a gear.
3.      Click on “Change PC Settings”
4.      Under “PC Settings”, click on “Accounts”
5.      Click on “Other accounts”
6.      Under “Manage other accounts”, click on “Add an account”
7.      On the new screen, click on “Sign in without a Microsoft account (not recommended)”
8.      Click on “Local account”
9.      Fill out the four boxes and then click on next.
10.   Click on finish.

Solution 2

To continue using the Microsoft account, and you have recently changed your Microsoft account password, you can manually change the Symantec Drive Encryption passphrase. Follow the instructions below to manually change your passphrase-user passphrase:
1.      Move your mouse to the lower right corner of the screen.
2.      When you see the charm screen appear, click on "Search"
3.   Type "command" and then click on "Command Prompt"
4.   When the command prompt appears, type in the following commands. Press "enter" at the end of each line.
 
cd C:\"Program Files (x86)\PGP Corporation\PGP Desktop"
pgpwde --change-passphrase --disk <number> --username <user> --new-passphrase <newpass> --passphrase <phrase>
 
Example:
pgpwde --change-passphrase --disk 0 --username "User1" --new-passphrase STr0ngP@ssw0rd! --passphrase 0ldPa$$word
 
Note:
If the name or password has a space within it the name is required to begin and end with a quote.
If the name or password does not have a space within it the name does not need quotes.
 
Eaxmple:
Username with spaces:         --username "User 1"
Username without spaces:    --username User1
Passphrase with spaces:       --new-passphrase "STr0ng P@ssw0rd!"
Passphrase without spaces:  --new-passphrase STr0ngP@ssw0rd!
 
For more commands and detailed information on these commands see the PGP Whole Disk Encryption Command Line User's Guide.
 
Powered by Wolken Software