Client always shows the System State as Inactive (when duplicate users exist in ePolicy Orchestrator)
Last Modified: 2024-01-06 09:50:58 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Client always shows the System State as Inactive (when duplicate users exist in ePolicy Orchestrator)
Technical Articles ID:
KB85677
Last Modified: 2024-01-06 09:50:58 Etc/GMT EnvironmentDrive Encryption (DE) 7.1.x
For details of DE 7.1.x supported environments, see KB79422 - Supported platforms for Drive Encryption 7.x. Problem 1Some systems fail to activate after installing DE.
Client side: The user sees the following in the Encryption System Status window, even though the encryption policy is activated in ePolicy Orchestrator (ePO):
ePO Console: The administrator sees the Client System Details showing for DE:
Selecting More, Disks shows the following message: No details available, as Drive Encryption is not Active Problem 2
CauseDuplicate users can be created if multiple entry points exist to the same Active Directory (AD) forest or if ePO is able to query the same user objects from two different ePO-Registered LDAP Servers. This duplication often occurs when two Registered LDAP servers are pointed to the same domain, but it can also occur if multiple Registered LDAP Servers are pointed to child domains and the Global Catalog or Chase Referrals options is enabled. DE allows duplicate users if the same domain is registered twice with different Registered LDAP Servers.
Solution
Remove all duplicate user entries to allow the systems to activate. IMPORTANT: A new query (Drive Encryption – Duplicate Users) is included in DE 7.1 Update 3 (7.1.3) to locate and remove duplicate users. Duplicate users can be created when AD Servers have been misconfigured or when you have used LDAP chase referrals. ePO also allows you to register the same AD Server multiple times, which leads to duplicate users being created. For deatils, see KB84531 - How to identify and remove Drive Encryption duplicate users and groups. Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|