DESlock+ Support DESlock+ Support
Knowledgebase: DESlock+
Single Sign-On (SSO) and network passwords
Article ID: KB424 email a link to this article

Problem

An SSO enabled user can't log in after their network password has been changed and is being presented with 'Access Denied' at the pre-boot login screen.

Please see our article below to check what message you're receiving at the pre-boot login screen:

KB247 - How to start a system that is Full Disk Encrypted 

Cause

The user's password has been changed outside of their Windows account. This could be for several reasons:

  • A user has changed their password on another workstation.
  • A user has their password changed for them on a server e.g. using Active Directory on the Domain server.
  • A user attempted to change their password but has not been authenticated at the FDE login screen.

If this is the case, then the local pre-boot information has become out of sync.

Note: 

The DESlock+ Full Disk Encryption login page is pre-operating system and will not receive the change until the user has successfully logged into their Windows account.

Once the user has successfully logged into their Windows account, SSO will automatically re-sync during the Windows logon process.

The user changing their password must have successfully been authenticated to boot the workstation at the FDE login screen. The user must have used their own credentials to boot the machine.

Resolution

At the pre-boot login screen the user should enter their previous password. (this is because the pre-boot login can't receive the changed credentials pre-os and will only know the previous password)

When the user boots to Windows, they will need to log into Windows manually as SSO will fail. Once they have logged into Windows, SSO will automatically re-sync and the new password can be used on the next reboot. 

If a user changes their Windows password from within their Windows account, the pre-boot login will be automatically updated so Single Sign-On will still work.

 

If the user has forgotten their previous password, please follow the article below in order to regain access:

KB143 - How do I reset a managed user's Full Disk Encryption password?

 

Related Articles:

KB221 - Why does Single Sign-On (SSO) not log me in to Windows

KB187 - What is Single Sign-On (SSO)

 


keywords: SSO single sign-on sign network password access denied

 


We use cookies on our website to enhance your browsing experience. Read more