Endpoint Encryption

 View Only

  • 1.  Blue screen during windows boot after uninstalling SEE 11.0.1

    Posted Nov 30, 2015 12:40 PM

    I am testing out Endpoint Encryption 11.0.1 in a managed AD 2008 R2 environment on Win 7 x86 PCs. Installed Agent, Disk, RME, Autologon all by GPO. Everything was working. I decided to test the uninstall process and removed one PC from the GPO security group - the MSI policy is set to uninstall when a target falls outside of the policy's managment. 

    At this point I'm expecting it to decrypt and then unstaill so I reboot the PC and it looks like the Agent and RME are still installed. I reboot again and get pre-boot warning that system has not checked in with SEEMS and needs Help Desk or Administrator recovery.

    I log in with Administrator recovery and it gets to the windows logo and fast blue screen reboot. I log in with Help Desk recovery and it gets to the windows logo and fast blue screen reboot. I tried options for Safe Mode, Startup Repair, etc., but I always get bluescreen while it's loading.

    I see some instructions online now that say manually decrypt before uninstalling. The setup docs seem to imply this would be done automatically with phrasing like must be decrypted before uninstalling, etc. A bit unclear.

    The file system seems to be intact because I can begin loading windows, and the non-SEEMS pre-boot options are clearly working.

    So what's my next step here?



  • 2.  RE: Blue screen during windows boot after uninstalling SEE 11.0.1

    Posted Dec 09, 2015 12:33 PM

    Fixed it.

    This problem also occurred on a second machine with no changes made to it after it worked for about a week.

    Machine #1 was the uninstall failure. Machine #2 has a hardware RAID mirror in degraded state and I'm assuming that previously unreported problem may be to blame for its failure, but both ended up in the same reboot loop, with the same 0x0000007b BSOD.

    Created the WinPE discs.

    Machine #1: Booted to PE and decrypted. Followed normal steps for repairing bad boot sectors or boot lists. No good. Just could not manually fix boot records. Windows startup repair found no problems. Eventually managed to use a boot recovery disc to use System Restore and booted normally, reinstalled SEE, and no more issues.

    Machine #2: Booted to PE and decrypted. Went straight to System Restore and luckily there was an old restore point that fixed this one too. Old restore point broke workstation/domain trust, rejoined domain, all fixed.

    My takeaway is make sure you have a good System Restore point before encrypting. It can save you a *lot* of headache with boot records after you decrypt.