Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Encryption does not go past 0%

Created: 29 Aug 2012 • Updated: 08 Sep 2012 | 14 comments
This issue has been solved. See solution.

PGP Desktop encryption shows the status as paused at 0.0% complete. It has not progressed in several weeks. The message at the bottom says Encryption has been paused but the disk is fully functional. The disk is partially encrypted and is not secure. Click resume to finish the encryption process.

When I click Resume it sometimes will prompt for the PGP password, but then nothing happens after it's entered.

I tried running the command: pgpwde --resume -d 0 --passphrase "your passphrase" and it says the resume command was sent successfully, but it still does not progress. I cannot uninstall PGP Desktop because it says the disk is partially encrypted.

The laptop has Windows 7 64 bit.

Comments 14 CommentsJump to latest comment

Alex_CST's picture

Assuming the disk in question is disk 0 (you can check by running pgpwde --enum check the following:

pgpwde --status --disk 0. Take a note of the number of sectors and the highwatermark figures.  The highwatermark is the number of sectors that have been encrypted.  It will also tell you if bootguard is actually enabled or not.

You might be better off seeing if you can decrypt too, then try again:

pgpwde --decrypt --disk <number> --passphrase <phrase> --all 
Please mark posts as solutions if they solve your problem!

http://www.cstl.com

sketch484's picture

Ok, it looks like the drive is listed as Disk 0. Here is the output from the enum command:

Total number of installed fixed/removable storage device: 1

Disk 0 has 1 online volumes:

volume C is on partition 2 with offset 206848

Then I tried the decrypt command and got error code -12287: WDE: Operation not allowed by administrative policy.

I am logged in as an administrator.

Alex_CST's picture

Is this a stand-alone environment?  You might want to look at the policy, its not allowing you to decrypt.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

sketch484's picture

This is an enterprise environment but there are other laptops able to encrypt just fine, so it seems to be a problem on this machine.

Alex_CST's picture

was the number of sectors and the highwatermark the same? 

Has bootguard actually enabled yet? 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

sketch484's picture

I'm not sure what you mean by checking the highwatermark. Bootguard is enabled. I do have to log into the laptop with a PGP passphrase.

Alex_CST's picture

what does pgpwde --status --disk 0 give you?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

PGP_Ben's picture

This is what pgpwde --status should look like if it's fully encrypted:

"c:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde.
exe" --status --disk 0
Disk 0 is instrumented by bootguard.
  Current key is valid.
Whole disk encrypted
  Total sectors: 250069680 highwatermark: 250069618 reserved start sectors: 62
Failed login attempt lockout enabled. Max failures=5
Request sent to Disk status was successful

The "watermark" that weevil describes is the total sectors vs highwatermark. You should always have total sectors - start sectors for your high watermark if it's complete. If highwtaermark is at a much lower number, encryption is still in progress. The watermark is a number that is incrimentally updated based on the encryption progress.

BTW:

Many issues with encryption pausing or not completing can be resolved by following our WDE best practices KBA here:

http://www.symantec.com/docs/TECH149543

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

sketch484's picture

When I run the status command, I get the following output:

_____

Disk 0 is instrumented by bootguard.

Encryption process interrupted by user request.

Current key is valid

Whole disk encrypted

Total sectors: 488397101

Request sent to disk was successful.

____

In the PGP Desktop program window, it says encryption is paused at 0% and if I hit Resume nothing happens. Running the resume command in command prompt also does not trigger it to start encrypting. Is there a way to clear that error that encryption process was interrupted by user request?

PGP_Ben's picture

You can try:

pgpwde --stop --disk 0 -p "passphrase here"

Then

pgpwde --decrypt --disk 0 - p "passphrase here"

Then

Let decryption finish (uninstrumenting)

THen re-encrypt

pgpwde --secure --disk 0 -p "passphrase here"

If that does not work,I would suggest reading the KB article that I posted on the 30th and making sure that you are following all the best practices for encryption.

One of the number on contributors that comes to mind is if you are using a software RAID of any kind or else dynamic volumes for your partioning. This can cause problems with encrypting the drive and is not supported.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

by the way, you might want to see if the following KB article may apply:

http://www.symantec.com/docs/TECH165872

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

stevenuk's picture

Have you tried booting from a PGP recovering CD and trying to decrypt the small amount that was encrypted from that?

sketch484's picture

Unfortunately since so much time had been spent on this one, I went ahead and reformatted the drive and started over. After that, encryption went through with no problems. 

SOLUTION