What happens when the network password is changed for a user with an SSO FDE login? - Powered by Kayako Help Desk Software

DESlock by ESET, Technical Support

Technical support

DESLOCK is now ESET ENDPOINT ENCRYPTION

Knowledgebase

(231)ESET Endpoint Encryption Client (221)ESET Endpoint Encryption Server

Knowledgebase

What happens when the network password is changed for a user with an SSO FDE login?

Article ID: KB207

email a link to this article

NOTE: This article does NOT apply to client version 4.8.0 or later, where the process is now handled automatically without user interaction.

If you're having problems signing in after changing a network password and are using client version 4.8.0 or later, please see our article below:

KB424 - Single Sign-On (SSO) and network passwords

Suppose a user has an FDE login on an encrypted workstation, which is using Single Sign-On (SSO). This will enable them to boot directly into Windows by entering their normal Windows login password into the FDE preboot login. In most cases this password would be their domain password, but this could equally be a local Windows account. The pre-boot FDE login username can be anything and is in no way related to their domain or Windows login username.

Normal use case

If this password is changed on the machine directly, then the FDE login password should automatically be updated. Therefore the pre-boot login password should automatically remain in sync with the network password.

However, there are cases where this could not happen. For example the password could be changed directly on the domain server, or the user could have multiple FDE logins and the network password could be changed on one machine which of course not affect any other machines.

Password out of sync

Changing the password on the server, or on another machine, can mean that the preboot FDE login can become out of sync with the Windows login. This will result in the failure of SSO to log into Windows.

Alternatively the user may simply forget their password and will be required to perform Full Disk Encryption password recovery.

In both cases it is likely the machine will simply boot to the Windows login screen and not progress.

Failed SSO

Resync Password

If SSO fails, the user must manually log into Windows.

Windows login dialog

Once this is done, Windows will begin to load. Very soon you should see a dialog prompting to resynchronise the password.

Reconfigure SSO

This dialog will confirm:

The FDE pre-boot login username
The Windows login domain
The Windows login username

The dialog will require the user to enter:

Their current FDE login password

Please note this dialog is asking for the current FDE login password. That is the password that was just entered to boot the workstation, or the password that was chosen in the FDE recovery process. It is not asking for the Windows login password.

If you successfully enter the password you will see the following message.

SSO Reconfigure Complete

If you do not see this message it is likely you entered the password incorrectly and the preboot password will not have been entered. Please reboot and try again but if you cannot login with the new password try the old password.

Help Desk Software by Kayako

© 1992–2019 ESET, spol. s r.o. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET, spol. s r.o. or ESET North America. All other names and brands are registered trademarks of their respective companies.

We use cookies on our website to enhance your browsing experience. Read more