Unknown User (displayed during preboot after Drive Encryption usernames are changed to FQDN format)
Last Modified: 2024-01-06 09:28:44 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Unknown User (displayed during preboot after Drive Encryption usernames are changed to FQDN format)
Technical Articles ID:
KB83931
Last Modified: 2024-01-06 09:28:44 Etc/GMT EnvironmentDrive Encryption (DE) 7.1.x
ePolicy Orchestrator (ePO) 5.3.0, 5.1.x Problem 1Users are unable to successfully authenticate at preboot, and users who could previously authenticate successfully at preboot for a long period suddenly fail.
During the preboot authentication stage, the system displays the following error: Problem 2The username has been changed from
The default
NOTE: Only the username should be displayed, such as UserName.
CauseThe Username attribute in Manage LDAP Attributes isn't available owing to one of the following conditions:
NOTE: Although the usernames are changed, the token data is maintained.
SolutionThis issue is resolved in ePO 5.1.3 and ePO 5.3.1. With these releases, if the LDAP sync task runs while the ePO server is still initializing, it doesn't corrupt the MDE user data.
This issue is also resolved in Hotfix EPO5xHF1048264 for ePO 5.1.0, ePO 5.1.1, ePO 5.1.2, and ePO 5.3.0. The issue documented in this Knowledge Base article is addressed in ePO 5.1.2 and ePO 5.3.0, which are also both available for download. EPO5xHF1048264 contains fixes for two additional issues that aren't addressed in ePO 5.1.2 or ePO 5.3.0. For this reason, we recommend that all customers who use DE apply the hotfix. Please see the hotfix release notes (PD25978) for a full list of resolved issues. Also, if you have ePO 5.1.0 or ePO 5.1.1 with EPO5xHF1048264 applied and you upgrade to ePO 5.1.2 or 5.3.0, you must reapply the hotfix as the upgrade process removes it.
NOTE: The fix prevents the ePO server from entering the error state, but it doesn't correct the problem if the ePO server is already in an error state. Use one of the workarounds below to correct the error condition.
Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Workaround 1The following scenario numbers refer to the numbered list in the "Cause" section of this article.
To prevent scenario 1: Check the Username attribute in Manage LDAP Attributes to make sure that the proper attribute is set:
NOTE: By default, the attribute is set to
To prevent scenario 2:
Workaround 2If you have DE endpoints where the users can't authenticate on the preboot screen, perform these steps to remediate the issue. The following scenario numbers refer to the numbered list in the "Cause" section of this article.
Remediation for scenario 1: Check the Username attribute in Manage LDAP Attributes to make sure that the proper attribute is set:
NOTE: By default, the attribute is set to
Remediation for scenario 2:
Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|