How to Troubleshoot Dell Data Protection Encryption Activations

Affected Products:

• Dell Data Protection | Encryption

Due to users being unable to access help until Dell Data Protection | Encryption has been activated, the Service Desk may receive inquiries about:

• How to activate
• Log in
• Reset a forgotten password.
• Authenticate manually.

Not Applicable

If Dell Data Protection | Encryption activation fails, check the following issues and correct if necessary:

• The Active Directory user objects must include these attributes
  • Distinguished Name (DN)
  • Common-Name (CN)
  • SamAccountName (SAM)
  • UserPrincipalName (UPN)
  • Display Name
• Attempts to activate an account that is missing a required attribute creates an error is logged to the Active Directory server.
• Administrator and Guest UPNs may not be defined in Active Directory and cannot activate.
• Migrated Active Directory accounts may not have a UPN and cannot activate.
• Ensure that the fully qualified domain name is used in the Host Name field.
• Shortcuts such as local host or 127.0.0.1 does not allow users to activate.
• If the user enters a bad parameter, a Windows Shield activation attempt results in error code 0x20000001 being logged into CMGShield.log.

[02.27.08 10:51:34]Activation request failed [code:0x20000001]:
[02.27.08 10:51:34 Activator: 184] Activation failed! error=0x20000001'

• Use the UPN instead of the DN to connect to the domain controller.
• Using a DN in place of a UPN an authentication error may occur when attempting activation against an EE Server.
• Dell Data Protection | Encryption Log:

12.15.07 12:01:07 Activation request failed [device server fault:0x13ec]: org.apache.xmlrpc.XmlRpcException: Auth failure: Error authenticating user@domain.com

• Dell Data Protection | Enterprise Edition Server Log:

2007-12-15 10:43:07,625 WARN Resolver [RMI TCP Connection(162)-192.168.0.44] - HRESULT of 80070005, being converted to a ResolverException
2007-12-15 10:43:07,625 ERROR Resolver [RMI TCP Connection(162)-192.168.0.44] - Unable to find user:user@domain.com while searching the domain:LDAP://abcdef.domain.com/DC=domain,DC=com

• Device Server Log:

2007-12-15 10:43:07,656 ERROR ActivationHandler [http-192.168.0.44-8081-Processor4] - Error authenticating user user@domain.com

User activation of the Dell Data Protection | Encryption may fail due to the incorrect domain being used to authenticate the user. Newer versions of the Dell Data Protection | Encryption attempts to use both the internal domain name and the alternate domain name to allow activations to succeed. In cases where the activation attempt fails the cmgshield.log may indicate an ERROR=1326, which is a log in failure due to unknown username or bad password. In the example below, the internal domain is AMERICA, but the activation request is sent as dell.com\joe_smith instead.

Sample log snippet:

[07.18.19 08:22:49:137 GinalessEEObjec: 392 H] UserIdentityLookup log callback - NPDomainName: AMERICA
[07.18.19 08:22:49:137 GinalessEEObjec: 392 H] UserIdentityLookup log callback - NPUserName: joe_smith
[07.18.19 08:22:49:137 GinalessEEObjec: 392 H] UserIdentityLookup log callback - Logon Type: Domain
[07.18.19 08:22:49:137 GinalessEEObjec: 392 H] UserIdentityLookup log callback - IdentityName: joe_smith@dell.com
[07.18.19 08:22:49:137 GinalessEEObjec: 392 H] UserIdentityLookup log callback - DomainName: dell.com
[07.18.19 08:22:49:137 EEObject.cpp: 5516 I] Event Engine - Setting event to process user log in for dell.com\joe_smith
[07.18.19 08:22:49:137 User.cpp: 2294 I] Event Engine - calling log in user network (dell.com\joe_smith)
[07.18.19 08:23:01:328 User.cpp: 2332 E] Event Engine - Logon user dell.com\joe_smith failed [MS error = 1326]

In other instances, the username being used to activate may be empty or blank, resulting in the activation failing. In the cmgshield.log file, the username after the domain may be missing, resulting in Microsoft error 87, ERROR_INVALID_PARAMETER. In this instance, the user’s UPN is joe_smith@dell.com, but joe_smith is missing after the domain name when processing the user login.

[08.27.19 09:30:48:524 GinalessEEObjec: 392 H] UserIdentityLookup log callback - ************************************************
[08.27.19 09:30:48:525 GinalessEEObjec: 392 H] UserIdentityLookup log callback - NPDomainName:
[08.27.19 09:30:48:525 GinalessEEObjec: 392 H] UserIdentityLookup log callback - NPUserName: joe_smith@dell.com
[08.27.19 09:30:48:525 GinalessEEObjec: 392 H] UserIdentityLookup log callback - Cloud Joined: TRUE
[08.27.19 09:30:48:525 GinalessEEObjec: 392 H] UserIdentityLookup log callback - Logon Type: AzureAd
[08.27.19 09:30:48:525 GinalessEEObjec: 392 H] UserIdentityLookup log callback - IdentityName: joe_smith@dell.com
[08.27.19 09:30:48:526 GinalessEEObjec: 392 H] UserIdentityLookup log callback - DomainName: dell.com
[08.27.19 09:30:48:526 GinalessEEObjec: 392 H] UserIdentityLookup log callback - ProviderName:
[08.27.19 09:30:48:526 GinalessEEObjec: 392 H] UserIdentityLookup log callback - ************************************************
[08.27.19 09:30:48:527 EEObject.cpp: 5516 I] Event Engine - Setting event to process user log in for dell.com\

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Related Articles

• How To Troubleshoot Failed Activation of Dell Data Protection Encryption by Checking Active Directory Settings
• Troubleshoot failed activation of Dell Data Protection Encryption by verifying user principal name settings