In some rare instances there have been reports where users are unable be automatically registered after Symantec Endpoint Encryption 11 was installed or Single Sign-On will not automatically login to Windows. This article will go over how to troubleshoot user registration issues, which can sometimes resolve Single Sign-On issues.
A symptom of this behavior is that a system will automatically reboot to the Windows logon prompt even though the system was encrypted.
In this scenario, there is something that went wrong during the user registration event, however, Administrators have been added to the disk, which will allow encryption to take place on the system.
For information on how to change your password with Symantec Endpoint Encryption 11 and Symantec Encryption Desktop, see article HOWTO79569.
For information on how to Troubleshoot Symantec Encryption Desktop 10 Single Sign-on issues, see article TECH149470.
In the eedservice log of Techlogs, the following entry may appear:
[ERROR][0x1938][SEDE][SYSTEM][Error when registering user: DE Error : -12368 ]
02/29/16 15:58:38][WARNING][0x105C][SEDE][USERNAME][User Cache is not current][CDEALHelperImpl.cpp:284]
[02/29/16 15:58:38][ERROR][0x105C][SEDE][USERNAME][(SilentEnrollmentTask::Initialize) : Stale User Cache detected. User may not be registered properly.][UserTask.cpp:141]
[02/29/16 15:58:38][ERROR][0x105C][SEDE][USERNAME][(GetLoggedInUser) : GetLoggedInCachedUser() failed Error(-11984)][DERegistrationHelper.cpp:682]
Unable to register users with Symantec Endpoint Encryption 11 with error: Stale User Cache Detected
*Check if the machine is already encrypted with Bitlocker.
If the machine has been encrypted with Microsoft Bitlocker Encryption, Drive Encryption cannot start, and subsequently user registration cannot happen automatically. For more information on this, see article TECH231177.
*Check the following registry keys and note what is inside:
If any security software is protecting this entry point, or if a GPO is changing the Network Provider Order, the Endpoint Encryption Password Filter component (eedpasswordfilter) which would handle user registration, may not be inserted properly.
In one scenario, a GPO was changing the Network Provider Order:
Under: Policies\Administrative Templates\Desktop Settings
Change Network Provider Order
ProviderOrder = LanmanWorkstation,RDPNP,WebClient
Missing this eedpasswordfilter value prevents proper user registration. Disable that GPO setting and adding the eedpasswordfilter item back can resolve this issue.
In another scenario, the ProviderOrder value started with a comma (",") (i.e. ",LanManWorkstation,RDPNP,....."). These leading commas can prevent the user from being properly registered. Deleting the leading commas form both locations can resolve the issue.
*Check System Event logs on system Symantec Endpoint Encryption 11 was installed. In particular, is there an event being logged which indicates the system has gone down for a reboot?
"The kernel power manager has initiated a shutdown transition"
Installing the Symantec Endpoint Encryption before this security software can allow the proper installation to occur.
*Reboot the Machine again to see if this will allow proper user registration. In order for proper user registration to occur, it is necessary that a system has had a successful reboot. If a reboot may have been interrupted, reboot the system again to allow for proper user registration to occur.
*Uninstall and reinstall Symantec Endpoint Encryption may resolve this issue.
*Register the user manually:
eedAdminCli --register-user --disk X -u username-here -p userpassword-here -sso --domain domain-here --au adminusername-here --ap adminpassword-here
If the above troubleshooting steps does not help, or if other solutions have been tested to work, please contact support. When contacting support, obtain the following information:
*Backup of the registry of affected systems to provide for analysis
*Information in the ProviderOrder entries above
*Check to make sure the latest version has been installed. To find out which the current version is, see article TECH187067.
*Review the techlogs to see if this similar event is occurring: eeduserXX.log
For information on Debug Techlogs for Symantec Drive Encryption clients see article TECH223784.