Troubleshooting: Drive Encryption Recovery

Article:TECH149345  |  Created: 2009-03-19  |  Updated: 2013-09-30  |  Article URL http://www.symantec.com/docs/TECH149345
Article Type
Technical Solution


Subject

Issue



This article details troubleshooting computers which are Drive Encrypted (previously PGP Whole Disk Encrypted) and the PGP BootGuard screen is not displayed or your operating system fails to start. This applies to computers using:

  • Symantec Drive Encryption
  • Symantec Encryption Desktop Corporate
  • Symantec Encryption Desktop Professional
  • Symantec Encryption Desktop Storage
  • PGP Desktop Corporate
  • PGP Whole Disk Encryption
  • PGP Desktop Professional
  • PGP Desktop Storage

Solution



When you encrypt an entire disk using the Symantec Drive Encryption (previously PGP Whole Disk Encryption) feature, every sector is encrypted using a symmetric key. This includes all files including operating system files, application files, data files, swap files, free space, and temp files.

On subsequent reboots, the PGP BootGuard screen prompts you for the correct passphrase. Then the encrypted data is decrypted as you access it. Before any data is written to the disk, Drive Encryption secures the data.  As long as you are authenticated to the encrypted disk, the files are available.  When you shut down your system, the disk is protected against use by others.

Symptom 1

The PGP BootGuard screen is not displayed.

This issue may occur when Windows boot files are corrupted or missing. While the chances are extremely low that a master boot record could become corrupt on a boot disk or partition protected by Drive Encryption, it is possible. If it happens, it could prevent your system from booting.

To troubleshoot Drive Encryption when PGP BootGuard is not displayed 

  • Use the Recovery Disk (bootg.iso) to attempt to boot into Windows.
  • Remove the hard disk and slave the disk to another computer with Encryption Desktop installed to fix corrupted Windows files.

Symptom 2

Operating system does not load.

After entering your correct passphrase at the PGP BootGuard screen, your operating system fails to load. This can occur for a variety of reasons including missing Windows boot files, hardware problems, or a conflict with third-party defragmentation software. The following methods can be used to troubleshoot 

  • Use PGP Recovery Disk (bootg.iso) to boot the system and decrypt the disk. Then try booting to Windows.

    Note: Depending on the size of your hard disk, decrypting your disk using the Recovery Disk can consume a large amount of time.
     
  • Use PGP Recovery Disk (bootg.iso) to boot the system to Windows and decrypt the disk using Encryption Desktop.
  • Remove the hard disk and slave the disk to another computer with Encryption Desktop installed to decrypt the disk.
  • Use Windows Recovery to repair the master boot record (fixmbr).
  • After authenticating with PGP BootGuard, use WinPE to decrypt your disk using the PGP WDE command-line tool.


Legacy ID



1283


Article URL http://www.symantec.com/docs/TECH149345


Terms of use for this information are found in Legal Notices