I have run into a few systems where the encryption client refused to sync up with the server - it gives an error stating user not enrolled, and the client is stuck in not-provisioned. They are using the same installer and process as dozens of other clients, but for some reason maybe 1 out of 20 or so get this error.
My team reports that once they log in as themselves the encryption will start immediately.
Any ideas where to look to resolve this so we can avoid running into the problem?
We have two items that we need for activation to occur in the Dell Encryption application. Currently this is based on a device entity being created and a user entity being able to be bound to. The default behaviour is to take any user, and attempt to validate them against the domains that are configured within the Dell Remote Management Console (WebUI). If the UPN that is provided does not exist, has a duplicate entry within our database (this can happen if there was an AD domain migration, or if we potentially had a conflict with multiple domains within the Dell WebUI), or if we cannot resolve the UPN to any of the defined aliases for a domain, activation will fail.
Our CMGShield.log that is within C:\ProgramData\Dell\Dell Data Protection\Encryption will have log lines that give a hex-decimal encoded windows error correlating with the failure for that user. You can search for the user name that is failing to activate within the log, or you can search for CSS:
if CSS (Credant Security Service) is set to "NO" This means that the user that has logged in has not been validated, and keys are not unlocked.
If we see an error for the user, this can be tracked back on the Dell Security Management Server (formerly Dell Data Protection | Encryption - Enterprise Server). These logs will be replicated within the Compatibility Server's logs folder within the output.log file. The error code received on the client can be searched for within this output.log to find more information about the reason of the failure.
If this does not shed any light on the reason for the failures, we may need to collect logs and analyze. I would highly suggest engaging our support teams via one of the methods here:
Dell Data Protection | Encryption
Need Immediate help? Please call DDP |E Support @ +1.877.459.7304 Ext. 4310039