Skip to main content

Changing password of an SSO user can prevent system from starting with correct password - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Changing password of an SSO user can prevent system from starting with correct password

Authors list


With DESlock+ client v4.8.3 or earlier there is a problem that can affect workstations using Full Disk Encryption with Single Sign-On (SSO) logins.  This does not apply to Normal FDE logins or workstations which are not managed by an Enterprise Server.

The symptom of this problem is that when the user changes their Windows password it can on occasion result in the password not synchronising correctly with the Full Disk Encryption Pre-Boot screen.  This results in both the original or new passwords not being able to start the system through the Pre-Boot screen and the user receiving an Access Denied error message.


If the user has changed their password and been affected by this problem, the workaround is to start the system using the Lost Detailspassword recovery method detailed here: How do I reset a managed user's Full Disk Encryption password?

When Windows loads following the recovery process, the user will need to login to Windows using their normal Windows credentials.  The process of logging into Windows will resynchronise their Windows and FDE passwords so that the Windows password can once again be used to start the machine and boot into Windows in one process.


Updating the client to the latest version of DESlock+ (v4.8.4)

In order to carry out an upgrade please refer to step 1 in this article in the knowledgebase: - How to upgrade DESlock+ (managed)

or visit our download page: 

Please note that the auto update method will not currently offer version 4.8.4 due to updates being carried out.

Add a comment

Please log in or register to submit a comment.

Need a password reminder?