Non-activated users with Fast User Switching may lock out their Active Directory account due to infinite authentication attempts
Summary: This article provides information regarding Active Directory (AD) account lockouts because of the Dell Data Protection | Encryption client attempting to authenticate a user unsuccessfully an infinite number of times. ...
Symptoms
Affected Products:
- Dell Data Protection | Encryption
Affected Versions:
- v8.4.0 and Earlier
Cause
This situation can occur when a user is logged into Windows on an endpoint that is encrypted with Shield for Windows and selects Switch User instead of logging off when finished. The Switch User option uses Microsoft Windows Fast User Switching and does not end the user’s session. As a result, the Dell Data Protection | Encryption client continuously attempts to activate the user against the Dell Data Protection | Encryption Enterprise Server using the session credentials. If the user is not able to be activated for some reason or the credentials become invalid, then the user’s account in AD is locked out.
Common Scenarios
A desktop engineer travels to several users' desks and logs in to their machine to resolve an issue or install some software. When the work is complete, the engineer selects Switch User (Fast User Switching) rather than logoff. A day later the desktop engineer changes their password and the credentials on the user-switched machines are no longer valid which causes the account to be locked out after several failed activation attempts with the Dell Data Protection | Encryption server.
Log Entry message
Log entry:
"activation attempt #13,000+ (trying again in 13000 milliseconds")
Resolution
To resolve this issue upgrade to Dell Data Protection | Encryption client v8.4.1 and later.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.