PGP Whole Disk Diagnosis and Recovery - PGP Desktop 10.x for Windows
| Article:TECH149679 | | | Created: 2010-01-04 | | | Updated: 2012-11-09 | | | Article URL http://www.symantec.com/docs/TECH149679 |
Problem
This article provides tools and steps to diagnose and recover disks that are PGP Whole Disk Encrypted.
You can also use the PGPWDE command-line tool to troubleshoot and perform other PGP WDE commands if the graphical user interface is not available. For more information on using the PGPWDE command-line tool, see the following article.
Solution
Section 1 will discuss some symptoms that users with Whole Disk Encrypted disk problems may encounter. Section 2 gives procedures for using the PGPWDE command line interface. The third section details use of the PGP Whole Disk Recovery Disk.
|
Note: If a system hard disk has been "fully" decrypted, and will not boot, Please make sure to slave the disk and backup all your data, or use bit by bit copy of disk. Connect hardisk back to system and run fixmbr command from the Windows Recovery Console from a Windows XP installation CD. |
SECTION 1 - Symptoms
On rare occasions internal or external disks that are PGP Whole Disk Encrypted may experience the following issues:
- Inability to decrypt or read the contents of a secondary or non-system disk.
- System displays "Error loading operating system_" after entering the passphrase at the WDE Login screen.
- Master Boot Record (MBR) corruption causing the system to no longer boot.
- After starting the system with the hard disk encrypted to a passphrase and an eToken, valid passphrases are not accepted.
1. Users able to access their PGP WDE disk from Windows should proceed to Section 2.
2. Users unable to access their disk from Windows or who are unable to boot should proceed to Section 3.
SECTION 2 - PGPWDE Command Line
The following commands will help diagnose and decrypt the disk. Other commands can be listed by typing pgpwde --help.
1. To begin working with the PGPWDE interface open a command prompt and change to the PGP installation directory (default directory shown) C:\Program Files\PGP Corporation\PGP desktop.
2. To list all installed hard disks in the system type: pgpwde --enum. Entering this command will give us a list of disks with numbers we will use in the next few steps.
3. Now type pgpwde --status --disk 1. Substitute the PGP WDE disk number listed in the previous step for the number 1 in the command if different. The output of this command will tell us whether the disk is still encrypted.
- If the disk is not encrypted, "Disk 1 is not instrumented by bootguard" will be the output.
- If the disk is encrypted, the output will display:
- "Disk 1 is instrumented by Bootguard."
- The total number of sectors.
- A Highwater value (number of sectors encrypted).
- Whether the current key is valid.
4. Type pgpwde --list-user --disk 1. This will tell us the user information contained on the disk. This will help in multi-user environments to determine which user passphrase was used to implement WDE.
5. Type pgpwde --decrypt --disk 1 --passphrase {MYPASSWORDHERE.EN_US}. This will start the decryption process. To view progress, type the status command listed in step 3 and note the Highwater number, this number will get smaller and smaller as the number of sectors encrypted decreases.
6. In case if your primary partition was formatted and your secondary partition is still encrypted, you may try to recover it by following TECH170574.
SECTION 3 - Using the PGP Recovery Disks (bootg.iso or bootg.img)
|
Warning: Use of the PGP Recovery Disks should be used as the last step when attempting recovery. Should there be a power loss while decrypting with the recovery disk, the result to the disk could be fatal and non-recoverable. It is also highly recommended to use the latest PGP Recovery Disk available for the version of PGP Desktop you are running.
|
| Caution: Users with extended partitions on their hard disks that were Whole Disk encrypted should ONLY use the latest available Recovery disk. Prior versions could cause these partitions to no longer be visible to Windows after fully decrypting the disk. Once you have started to decrypt a disk or partition using a recovery disc or diskette, do not stop the decryption process. Depending on the size of the disk being decrypted, this process can take a long time. A faster way to decrypt the drive is to use another system that has the same version of PGP Desktop installed on it. |
Use the Recovery Disk with the following instructions if experiencing blue screen failures at boot up:
1. Boot with PGP Recovery Disk.
2. Do not continue with the normal sequence of entering a passphrase.
3. Go to the "advanced" panel.
4. This message "PGPWDE record inconsistency on 1 disk(s) was found and fixed" might be displayed. If this message is seen, the BSOD (blue screen failure) will be fixed.
5. Return back to the previous screen and continue boot from recovery CD. Rebooting without the Recovery Disk in the drive is also okay.
Use the Recovery Disk with the following instructions should the system not boot into Windows for any other reasons:
- The PGP Desktop for Windows User's Guide provides instructions for creating recovery disks.
- Booting from the recovery disk will give the option to either decrypt the PGP Whole Disk or to continue loading Windows, provided the necessary information (one of the session keys used to encrypt the drive) can be found.
1. Enter a passphrase when prompted, and hit any key to continue booting Windows.
2. If this is not possible, reboot the machine, enter the passphrase when prompted and select D to decrypt the drive. The Decryption process, when executed from the Recovery disk, takes considerably longer than it does from within Windows.
|
|
Related Articles
Legacy ID
1850
Article URL http://www.symantec.com/docs/TECH149679
Terms of use for this information are found in Legal Notices
Thank you.