Windows 8.1 and Windows 10: Microsoft account does not sync password change with Symantec Drive Encryption Single-Sign-On (SSO) passphrase

book

Article ID: 159199

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

When users update their Microsoft account password, they will not be able to use that new password to authenticate at Boot Guard. They will have to continue using their old Microsoft account password to authenticate at Boot Guard, or until the user goes through "Solution 2" below to reset their passphrase.

When the customer authenticates at Boot Guard with their old Microsoft account password, they will see the following error at the Windows welcome screen;

“Incorrect password or username”

When you click “OK” the "PGP SSO" user account is displayed.

Cause

If a user is using a Microsoft account (e.g. sign in credentials that look like [email protected]) in Windows 8.1 or Windows 10, changes to the password do not automatically synchronize with Symantec Drive Encryption passphrase SSO.

Resolution

Solution 1

To enable automatic synchronize of password changes and the Symantec Drive Encryption SSO passphrase, authenticate at Windows using a local user account instead of Microsoft account. Password changes will automatically synchronize when the local user account password is changed using Ctrl+Alt+Delete.

To create the Windows local user account follow the steps below:
1.      Move your mouse to the lower right corner of the screen.
2.      When you see the charm screen appear, click on the settings charm that looks like a gear.
3.      Click on “Change PC Settings”
4.      Under “PC Settings”, click on “Accounts”
5.      Click on “Other accounts”
6.      Under “Manage other accounts”, click on “Add an account”
7.      On the new screen, click on “Sign in without a Microsoft account (not recommended)”
8.      Click on “Local account”
9.      Fill out the four boxes and then click on next.
10.   Click on finish.

Solution 2

To continue using the Microsoft account, and you have recently changed your Microsoft account password, you can manually change the Symantec Drive Encryption passphrase. Follow the instructions below to manually change your passphrase-user passphrase:
1.      Move your mouse to the lower right corner of the screen.
2.      When you see the charm screen appear, click on "Search"
3.   Type "command" and then click on "Command Prompt"
4.   When the command prompt appears, type in the following commands.Press "enter" at the end of each line.
 
cd C:\"Program Files (x86)\PGP Corporation\PGP Desktop"
pgpwde --change-passphrase --disk <number> --username <user> --new-passphrase <newpass> --passphrase <phrase>
 
Example:
pgpwde --change-passphrase --disk 0 --username "Alice Cameron" --new-passphrase [email protected]! --passphrase [email protected]
 
Note:
If the name or password has a space within it the name is required to begin and end with a quote.
If the name or password does not have a space within it the name does not need quotes.
 
Eaxmple:
--username "Alice Cameron"
--username AliceCameron
--new-passphrase [email protected]!
--new-passphrase "STr0ng [email protected]!"
 
For more commands and detailed information see: PGP Whole Disk Encryption Command Line User's Guide