Troubleshooting: User Registration and Single Sign-on with Symantec Endpoint Encryption

book

Article ID: 163588

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

In some rare instances there have been reports where users are unable be automatically registered after Symantec Endpoint Encryption 11 was installed or Single Sign-On will not automatically login to Windows.  This article will go over how to troubleshoot user registration issues, which can sometimes resolve Single Sign-On issues.

A symptom of this behavior is that a system will automatically reboot to the Windows logon prompt even though the system was encrypted.

In this scenario, there is something that went wrong during the user registration event, however, Administrators have been added to the disk, which will allow encryption to take place on the system.

For information on how to change your password with Symantec Endpoint Encryption 11 and Symantec Encryption Desktop, see article HOWTO79569.

For information on how to Troubleshoot Symantec Encryption Desktop 10 Single Sign-on issues, see article TECH149470.

 

In the eedservice log of Techlogs, the following entry may appear:

[ERROR][4156][0x1938][SEDE][SYSTEM][Error when registering user: DE Error : -12368 ]

 

02/29/16 15:58:38][WARNING][5012][0x105C][SEDE][USERNAME][User Cache is not current][CDEALHelperImpl.cpp:284]

[02/29/16 15:58:38][ERROR][5012][0x105C][SEDE][USERNAME][(SilentEnrollmentTask::Initialize) : Stale User Cache detected. User may not be registered properly.][UserTask.cpp:141]

[02/29/16 15:58:38][ERROR][5012][0x105C][SEDE][USERNAME][(GetLoggedInUser) : GetLoggedInCachedUser() failed Error(-11984)][DERegistrationHelper.cpp:682]

 

Environment

Unable to register users with Symantec Endpoint Encryption  11 with error: Stale User Cache Detected

Resolution

*Check if the machine is already encrypted with Bitlocker. 
If the machine has been encrypted with Microsoft Bitlocker Encryption, Drive Encryption cannot start, and subsequently user registration cannot happen automatically.  For more information on this, see article TECH231177.

*Check the following registry keys and note what is inside:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder

If any security software is protecting this entry point, or if a GPO is changing the Network Provider Order, the Endpoint Encryption Password Filter component (eedpasswordfilter) which would handle user registration, may not be inserted properly.

In one scenario, a GPO was changing the Network Provider Order:
Under: Policies\Administrative Templates\Desktop Settings
Change Network Provider Order
ProviderOrder = LanmanWorkstation,RDPNP,WebClient

Missing this eedpasswordfilter value prevents proper user registration.  Disable that GPO setting and adding the eedpasswordfilter item back can resolve this issue.

TIP: Starting with Windows 10, you can now copy/paste a registry location in the address so you do not have to click your way down to the registry keys.

Network Connections

  1. At the Run field (Windows + R), type: control netconnections
  2. Once Network Connections appears, press the Alt key to display the drop-down menu.
  3. Click the Advanced menu and then select Advanced Settings.
  4. Click the Provider Order tab.
  5. Under Network Providers, select the eedPasswordFilter entry, and click the Up arrow to move the SEE connection above any other third-party connections in the list.
  6. Click OK to apply the changes and reboot.
     

In another scenario, the ProviderOrder value started with a comma (",") (i.e. ",LanManWorkstation,RDPNP,....."). These leading commas can prevent the user from being properly registered. Deleting the leading commas form both locations can resolve the issue.


*Check System Event logs on system Symantec Endpoint Encryption 11 was installed.  In particular, is there an event being logged which indicates the system has gone down for a reboot?

"The kernel power manager has initiated a shutdown transition"

Installing the Symantec Endpoint Encryption before this security software can allow the proper installation to occur.


*Reboot the Machine again to see if this will allow proper user registration.  In order for proper user registration to occur, it is necessary that a system has had a successful reboot.  If a reboot may have been interrupted, reboot the system again to allow for proper user registration to occur.


*Uninstall and reinstall Symantec Endpoint Encryption may resolve this issue.

*Register the user manually:

eedAdminCli --register-user --disk X -u username-here -p userpassword-here -sso --domain domain-here --au adminusername-here --ap adminpassword-here


Further Troubleshooting
If the above troubleshooting steps does not help, or if other solutions have been tested to work, please contact support.  When contacting support, obtain the following information:
 

*Backup of the registry of affected systems to provide for analysis

*Information in the ProviderOrder entries above

*Check to make sure the latest version has been installed.  To find out which the current version is, see article TECH187067.

*Review the techlogs to see if this similar event is occurring: eeduserXX.log

For information on Debug Techlogs for Symantec Drive Encryption clients see article TECH223784.

Etracks:
3721699
3879454
4022239