search cancel

Symantec Encryption Desktop (SED): User cannot log in to Windows with PGP SSO or Other User account

book

Article ID: 161902

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Gateway Email Encryption

Issue/Introduction

The user is able to authenticate at BootGuard; however, the user is unable to authenticate at windows. 

After authenticating at BootGuard, the Windows login screen presents two options: "PGP SSO" and "Other User".

  When the user attempts to login with "Other User", they receive an invalid credential error.

 

Cause

The user created an invalid passphrase or SSO User in Symantec Encryption Desktop. As a result, the user is unable to log in to Windows. The user may not remember their username, as it is often pre-filled, and they only need to enter their password to login. If the user does not recall their Windows username, they will be unable to log in. The only logon options presented are "PGP SSO" and "Other User", which requires the Windows username and password to be entered.

The user may not have a Windows password, and previously may not have had to authenticate to the Windows login screen.

The "SSO User" may have been mistakenly created within Symantec Encryption Desktop by the user instead of creating a passphrase user.

 

Resolution

1. Have the user authenticate at BootGuard with their Whole Disk Recovery Token (WDRT).
    
    Note: After authentication, BootGuard will NOT pass the SSO credentials to the Windows login screen.

2. The user will be presented with a Windows Logon screen. It should contain their username or account display name, and they will be able to log in to windows.

3. Once you are logged in to Windows, open Symantec Encryption Desktop and create a new passphrase or SSO user using the correct credentials.

4. Remove the bad SSO user after creating a your new passphrase or SSO user.