BUG REPORT: PGP Auto-Login process for Windows halts and displays PGP SIngle Sign-On icon with no manual method to login

Article:TECH192308  |  Created: 2012-07-03  |  Updated: 2013-05-09  |  Article URL http://www.symantec.com/docs/TECH192308
Article Type
Technical Solution


Issue



PGP Whole Disk Encryption (WDE) allows regular passphrase users and Single Sign-On (SSO) users. 

With PGP WDE SSO users, the user enters the passphrase at PGP BootGuard (pre-boot) and once the user authenticates, the system will automatically login to the user’s Windows profile without requiring the user to enter the credentials a second time.
Since PGP Whole Disk Encryption version 10.2 MP5, there are some instances where the auto-login process, which would normally log the user into the Windows profile, can halt. When this halt has occurred, a user account will be displayed “PGP SSO” with no apparent method to login to any other Windows profile.

There are a few scenarios where this has occurred that can prompt this behavior:

1.       The Windows user password has expired and must be changed per Windows policy.
2.       The PGP WDE SSO account has used credentials that do not correspond to the Windows login or Domain login.

Cause



In the first scenario, a user’s Windows or Domain password has expired. Once this has been detected by the Windows login process, in order to login to Windows, the user must first change the Windows password. Once this has completed, this behavior will no longer be seen.

In the second scenario, a PGP WDE SSO user may have been created with a username or domain that does not exist. If this is the case, it will be necessary to correct the PGP WDE SSO user, and then the halting process will go away.
In both of these scenarios, it may be difficult to login to Windows because there is no “switch user” icon available at this prompt. 

 


Solution



 

This issue is fixed in the following release:
  •  PGP Desktop 10.2.1 MP2

The fix involves adding a "Switch User" button such that users can click the button and login with the new Windows password, or change the Windows password as applicable.

This version/Maintenance Pack is available for download via your account on Symantec File Connect. http://fileconnect.symantec.com/

etrack: 2774279

NOTE: In versions prior to 10.2.1 MP2, the workaround if the system has halted at the PGP SSO user is to put the system to sleep, then wake it back up in order to switch the user account.




Article URL http://www.symantec.com/docs/TECH192308


Terms of use for this information are found in Legal Notices