ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Endpoint Encryption Full Disk Client (SEEFD Client) - Waiting until Password Expiry to change password can cause SEE Account to be unregistered automatically

book

Article ID: 161366

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Applies to Symantec Endpoint Encryption Full Disk Client (SEEFD) :

If domain policy has been set for passwords to expire after a given number of days, and the end user waits till the last day, when they're forced to change password after the following password expiry message:  

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

 "Your password has expired and must be changed."

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<  

 

then there's a good chance that the SEEFD's password synchronization will not catch the password change and SEE Framework client will then automatically unregister the user    

 

 

 

 

Once the end user logs in to desktop, after a short delay they see the following message from 'SEE Framework Registration' with a choice of 'Register Now' or 'Cancel' buttons:

  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Symantec Endpoint Encryption has been installed on this computer to protect its data. If you are a regular user of this computer, please register for an SEE account.  You can restart your computer 2 more times without registering before access to Windows is denied.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<    

 

 

Cause

Not yet definitively determined.

   

 

 

Resolution

Recommended steps for relief:

1. Get end users to change password as soon as they start seeing the 'Consider changing your password ....' bubble popup in their system tray 2. If after a password change (at any time), you don't see the following password sync message from 'Single Sign-On Password Synchronization', then follow steps 2a through 2d to try and 'force' the password sync:  

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

SEE has detected a change in your Windows password. Your SEE password has been changed automatically to match your Windows password.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 

 2a.  Lock your desktop and then use CTRL+ALT+DEL to unlock. Watch for the password sync message.

2b. If you still see no password sync message, try accessing a Network Share that you DO NOT have access to (one that will for you to provide credentials in a popup box). You don't need to actually provide any credentials, but sometimes just the.

2c. Under any circumstances, DO NOT do a log off at this stage, as this will most likely force and SEE account unregistration.

2d. If you still cannot get the password sync notification to show up, reboot the endpoint, feed your OLD credentials at the SEE PreBoot Authentication screen (since the passwords have not synced yet, the SEE PreBoot will expect your credentials before the password change in windows occured) and once you get to the Window CTRL+ALT+DEL prompt, you'll get an error message about incorrect credentials and will then be asked for your proper credentials (your new password). This will trigger the SEE password sync operation and sync with SEE PreBoot Authentication password with the Windows password.

 

 

 

 

 

 

 

Applies To

 

Active Directory domain setup with a Default Domain Policy that mandates a Maximum Password Age setting, after which users are forced to change their password. The users will usually start seeing a warning bubble popup in the system tray asking them to consider changing their password several days in advance:

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

Consider changing your password

Your password expired in x days.

To change your password, press CTRL+ALT+DELETE and then click "Change a password..."

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<