Jump to content

No windows login box appearing after Authpoint integration


SaintKev

Recommended Posts

Hi All

I have a bit of an unusual situation here and I am not sure how to prevent it from happening.

We have been using ESET Encryption for several years with no issues, I have recently taken on Watchguard Authpoint and installed it on machines for MFA.

I have now had two machines have the following situation happen, a user has managed to disable their Encryption due to an incorrect password being entered 3 times, after this they have to use the reset password option, I give them a recovery password and then it boots into windows, the login screen appears (so windows background but its all fuzzy) but no logon box ever appears, no buttons on the screen for ease of access, shutdown, switch user anything... all you can do is hold in the power button on the PC to shut the device down.

I can get a logon box if I boot into safe mode so I can still access the machine that wasy but obviously I cant work on the machine in safe boot. Unfortunately no other Encryption users are set up on that machine so I cant try and access the machine via another account (however in safe boot I can still log on as any domain user)

I think the issue is being caused by Authpoint rather than Encryption but I am posting here in the hopes that someone else may have encountered this issue and knows how to prevent it happening? I have had this happen on 3 machines so far, and the only solution I have found is to do a full reinstall.

Any help would be greatly apperciated, thank you.

Link to comment
Share on other sites

  • ESET Staff

Hi @SaintKev,

Sounds like a very strange and niche issue I have not seen reported before. If you are happy doing so I would report this via ESET Support here: https://www.eset.com/uk/about/contact/ and we will take a look and see if there is anything we are able to do to assist in resolving this. However in all honesty, it sounds like an issue you may need to bring up with Watchguard Authpoint support :D

You are able to boot into Windows via Safe Mode and the only solution you have found it via a full reinstall, is that a full reinstall of Windows? What happens if you simply uninstall Authpoint instead (As it seems by what you are saying you have only started experiencing these issues since installation of this 3rd party product)?

Have their been any other changes to the machines, Windows Updates etc, or just the installation of Authpoint?

Thank you.

Kieran

Edited by Kstainton
Link to comment
Share on other sites

Hi Kieran

Thank you for the prompt response

I went to log it via support but on my Endpoint Encryption it doesnt show a license ID as detailed here https://support.eset.com/en/kb7197-find-product-id-in-eset-endpoint-encryption

It only shows a Serial and Group code so not quite sure how to proceed as (we pay via monthly subscription if that helps?)

I have logged pretty much the same message on the Authpoint forums but no response yet!

You are correct it was a full reinstall of Windows, I am fairly sure that when this happened on the first machine I looked in Programs and fetaures and Authpoint wasnt in the list. I can see it on my machine now, so I wonder if that not showng was something to do with safe boot maybe?

Only changes would have been the Authpoint install

I currently have the machine with our external IT/Resellers who have said that its using an over version of the Encryption (5.0.7) so they are going to update it to the latest version, I am not sure how they plan to do that whilst its stuck in safe mode, but I will see if that helps also..

Link to comment
Share on other sites

  • ESET Staff

Hi @SaintKev

Hmm can you message me directly with a screenshot and your other details. :) 

Going by the fact the fault does in fact occur after the EEE Pre-boot and its at the stage whereby it has reached the Windows Logon albeit with issues, I believe Authpoint are the only ones that will be able to advise you on this as it seems to be an issue at the MFA/Windows Logon point. Have you tried contacting them via their Online Support: https://watchguard.force.com/customers/WGMyCases ?

It never hurts to be on the latest EEE Client, as you will be ensuring that you do not encounter other unrelated issues. I have to admit I doubt it will resolve your issue as it seems to not be related to any stage in which EEE has involvement. But trying certainly does not hurt if you are able to test on another machine that has had Windows reinstalled and possibly attempt to replicate the issue in the same way.

Thank you.

 

Link to comment
Share on other sites

Hi Keiran

So a bit more further on with this, when booting in safe mode if I uninstall authpoint and reboot normally I can login again as expected, so at that point I have the working machine back. I am now confident this issue lies 100% with Authpoint, I have a ticket in with them to see if they can stop it from happening what I am going to do at our end is the following, update all machines EEE to 5.1.5.38 and change the default lockout policy from 3 to 12 attempts, in the hope that before someone manages to lock the machine out they will pick up a phone and call me instead! do you know if there are any knowledge base articles regarding rolling out client updates?

Regards

Kev

Edited by SaintKev
Link to comment
Share on other sites

  • ESET Staff

Hi @SaintKev,

How many machines are you looking to alter?

The number of 'Password Attempts' cannot be changed once the FDE User has been added to a Workstation. Only when new users are added can they have the 'Password Attempts' re-configured.

If you change the Workstation Policy (https://support.eset.com/en/kb7409-modify-workstation-policy-on-the-eset-endpoint-encryption-server) and apply to all machines, the default will be altered for any future additions of FDE Users or future Workstations you FDE.

But the only real way to change it for your current users, would be to delete their FDE Login, Proxy Sync on the EEE Client and Re-add their FDE Login, all within a single session that they are logged in else they will not have a FDE User to login as (Unless they know the Admin FDE User Credentials). However, this falls back on my earlier question, as it really depends on how many machines you have as to if this is worth it.

Thank you,

Kieran

Link to comment
Share on other sites

Thanks Kieran

This will be about 120 machines, which I am happy to complete the above steps as I will be manually installing Authpoint on each machine anyway so I can just do that at the same time.

The only issue now is to find a sweetspot number of attempts between the user contacting me before disabling the account and having too many attempts for a potential intruder!

 

Thanks again for getting back to me

Regards

Kevin

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...