1. Click Synchronize policies to create logs in the diagnostic monitor logs.

2. Check the network icon, it should display as blue.

   

Check the enterprise log events for the following:

On the PolicyServer MMC, navigate to Console Root > QA1 > QA Group1 - Group > Log Events to view the following:

• FDE agent log shows the message "Device synchronized".
• FDE agent log shows the message "Unsuccessful logon using fixed password".

• Policy Server agent shows the message "User unable to log on using LDAP Authentication Failed".

  

• In diagnostic monitor logs, you will see these similar logs:

  • LogonUser() with domain qatd1.com, user tmeeuser1: Invalid UserName Password:1326

  • Change the user who is logged in to preboot as the enterprise Administrator or Authenticator on the policy server MMC and login MMC, to verify the password.

    

• Verify that the Num Lock and Caps Lock are working as expected in preboot.

• Verify that the keyboard layout is working as expected in preboot.

  • Check the language display on the upper right corner.
  • Check the language code in the preboot log: preboot\var\log\keyboard-setup.log

When the user and device are not in the same group, it displays "User 'tmeeuser1' and device '{device id}' do not share a group:

1. Log in to the Policy Server with enterprise Administrator/Authenticator credentials.
2. Check if the user and device are in the same group.

To resolve the issue:

1. Check if the network is available between PS and LDAP.
2. Install ldp.exe and verify the connection.

The issue often occurs in Windows 2008 or in newer versions.

Diagnostics Monitor logs show the following message:

Failed to connect to an IPC Port: The system cannot find the file specified.

The Account Lockout Policy Settings can be configured in the following location in the Group Policy Management Console:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy

Unlock the domain user and try to log in again.