Unable to log in to local accounts through PBA after registering two or more domain user accounts.


Article ID: 164390


Updated On:


Endpoint Encryption


SEE 11.1.1 MP1

1.After installing SEE 11.1.1 MP1 the Pre-Boot Authentication (PBA) doesn't show "This Computer" in the domain field after the local user login.
2.The domain "This Computer" was there for one day and then it disappeared and now it is the same domain name as the AD domain.
3.Customer has tried adding a different test domain and its shows in the PBA along with the original AD domain.

- Steps to recreate:
Register one local user with SEE.
Register two or more domain users on the system with SEE.
It does not seem to matter what order users are registered in.

- Actual Result:
Domain shows twice in pre-boot authentication, instead of the domain and "This Computer".

- Expected Result:
Local account should still be able to log in by selecting "This Computer".


Symantec Endpoint Encryption 11.1.1 MP1


Three workarounds in SEE 11.1.1 MP1:

1. A local user can be registered using the system name in lieu of the domain name.
It will allow the user to select the computer name as the domain, and allow them to log in.  
This will also, however, cause the local user to register again on the system, with a blank domain.  
For example:
Register user Bob on BobComp (computer name), using BobComp as the domain name.
Log user Bob on the system, selecting BobComp as the domain.
Bob will be registered again on the system, with a blank domain.  
You will see the other entry in the client admin console.

2. Second workaround is to log on using client admin credentials, then log in to Windows on the local user.
However, this does require giving client admin credentials to all users.
This may not be desirable or even acceptable in your company.

3. Third workaround is to log in as a domain Windows user, log off (not shut down), then log in as the local user.

Engineering has fixed this in SEE 11.1.2.