BUG REPORT: Unable to Decrypt - RDD service is not responding. start or restart the RDD service and try to decrypt again (-12189)

Article:TECH191844  |  Created: 2012-06-27  |  Updated: 2014-01-03  |  Article URL http://www.symantec.com/docs/TECH191844
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



If PGP Desktop is used to encrypt the boot drive and the RDD component was disabled or missing as a result of a custom msiexec operation, the disk cannot be decrypted. This occurs because PGP Whole Disk Encryption depends on the RDD service.


Error



The following error is observed when attempting to decrypt a system that has the RDD component disabled: 

 Unable to decrypt: RDD Service is Not Responding. start or restart the RDD service and try to decrypt again (-12189)

 


Environment



This occurs on a system that was encrypted with PGP Whole Disk Encryption 10.2.0 or later *and* was installed using the MSIEXEC switch PGP_INSTALL_RDD=0 and was then upgraded to 10.2.1.4461 or above.

Example:

  1. PGP Whole Disk Encryption is installed using the following msiexec switch:

    msiexec /i PGPDesktop.msi PGP_INSTALL_RDD=0
     
  2. The system is then encrypted.
  3. PGP Desktop is then upgraded to version 10.2.1 or above (includes Symantec Drive Encryption 10.3.0).

Cause



By installing PGP without the RDD component with earlier versions that were not dependent on this component, and then upgraded to 10.2.1 or above, that was dependent on this component would produce this error.

 


Solution



This issue is fixed in the following release:
  •  PGP Desktop 10.3.0 MP2 or later
This version/Maintenance Pack is available for download via your account on Symantec File Connect. fileconnect.symantec.com

 

Workarounds:

Solution 1 - Upgrade to newer version while enabling RDD Component:

If a system has been installed without the RDD component and then later updated to 10.2.1 or above, it is possible to upgrade the desktop client version to a newer version with the RDD component enabled.

 

Example 1 of Solution 1:

If PGP Whole Disk Encryption 10.2.1 MP1 is installed with RDD disabled, perform an install of 10.2.1 MP2 (or higher) with the following msiexec switch:

msiexec /i PGPDesktop.msi PGP_INSTALL_RDD=1

Once the newer version is installed, the component will be enabled, and decryption should then be possible.

 

Example 2 of Solution 1:

If Symantec Drive Encryption 10.3.0 is installed and the system was encrypted with the RDD component disabled, upgrade to Symantec Drive Encryption 10.3.0 MP1 (or above) with the following msiexec switch:

msiexec /i PGPDesktop.msi PGP_INSTALL_RDD=1

 

Solution 2 - Slave drive to a system that already has RDD enabled to decrypt:

If a system has been encrypted with the RDD component disabled, it is possible to remove the disk from that system and slave into another system running the same version with the RDD component enabled to decrypt the drive.

Check the registry with the next steps to see if this component is enabled (changing this value to 1 if it was set to 0 does NOT enable RDD and must be performed with an upgrade operation as specified):

Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. For more information on backing up the registry see the following article on the Microsoft support site:

How to back up and restore the registry 
 
 
1. Open the Windows Registry Editor.
2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP
3. Check value for PGP_INSTALL_RDD component.
 
If the value was already set to 1, then most likely the RDD component is enabled.
 

 

Solution 3 - Use Recovery CD to decrypt system:
Download the Whole Disk Recovery Images for the version of PGP that the drive was originally encrypted with (This is the slowest method to decrypt as the Recovery CD runs in 16-bit mode and will take several times longer to decrypt).
 
PGP Desktop 10.3.0 for Windows Recovery Disk Images
 

 


Supplemental Materials

SourceETrack
Value3084986, 2843483
Description

 Unable to decrypt: RDD Service is Not Responding. start or restart the RDD service and try to decrypt again (-12189)



Article URL http://www.symantec.com/docs/TECH191844


Terms of use for this information are found in Legal Notices