Troubleshooting Pre-OS boot issues with Symantec Endpoint Encryption.

Article:TECH123713  |  Created: 2010-01-05  |  Updated: 2011-04-14  |  Article URL http://www.symantec.com/docs/TECH123713
Article Type
Technical Solution


Environment

Issue



A system encrypted with SEE will not boot up in one of the following circumstances:

  1. SEE has just been installed.
  2. SEE has been installed for some time, and the issue occurs unexpectedly.
  3. The system has just come out of hibernation.

Error



An error such as the following may appear:

The EAFS volumes contain errors run recover

E+ Err 5! Run recover

SEE has discovered an unsupported storage controller, contact SEE Tech Support.


Cause



There are 4 main causes for issues that occur while booting the SEE Pre-OS:

  1. Hardware Compatibility and BIOS firmware: The Linux Pre-OS must be fully compatible with the hardware, and the BIOS version should be up to date. Storage Controller errors should be immediately reported to Symantec Technical Support.
  2. Disk geometry / Master Boot Record (MBR) issues: SEE will take the original MBR and replace it with it’s own so that the pre-OS can be loaded. However, after the pre-OS authentication, it will begin loading the OS from the address specified in the original MBR so it is important that the original MBR is accurate and not corrupt. Windows can often still boot if the MBR is corrupt because the system bypasses it and tries booting from a standard disk location, but SEE needs everything to be correct. There is more information on this in TECH123378.
  3. Bad blocks on the disk: Occasionally bad blocks on the disk that have not been flagged by running checkdsk can cause issues. Running “chkdsk /f /R” prior to installing SEE will check for and flag bad blocks. Once flagged by Chkdsk, Bad blocks are not neccessarily dangerous to the integrity of the system, but they may indicate that the disk is progressively degrading. Be aware that if a sector containing SEE Volume Files were to become bad, the system may not be bootable, and recovery problems may also occur, so it is recommended not to install SEE on a system where disk failure is a strong possibility, or to take appropriate precautions by backing up important data on such systems regularily.
  4. Volume file corruption, usually caused by a hard reset during or after encryption: During the encryption process (and, to a lesser extent, after the encryption process has completed), the system is sensitive to problems caused by forcibly switching off the machine. This is because it can corrupt the volume files which are the protected OS files in which the Pre-OS is located. There is a system driver that is designed to protect these files, but this can only do so much and a hard reset can still provoke issues.

Solution



We can roughly diagnose the issue from the exact point at which the boot process failed. Note that these are only pointers and do not cover all eventualities:

1. At the initial Black Screen: “Starting Symantec Endpoint Encryption…” -> Most likely a Hardware Compatibility issue.
2. At the initial Black Screen: “Starting Symantec Endpoint Encryption…” after “Please wait” is displayed -> Most likely a Corrupt volume file.
3. At the colour screen “Initializing Symantec Endpoint Encryption…” -> Most likely a Corrupt volume file.
4. At the Pre-OS Ctrl-Alt-Del screen, but the Authentication dialogue does not display -> Most likely a Corrupt volume file.
5. After entering the correct credentials when the system is switching from the Pre-OS to the OS -> Most likely an MBR issue.




Legacy ID



2010030514323948


Article URL http://www.symantec.com/docs/TECH123713


Terms of use for this information are found in Legal Notices