Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

mac os 10.7.4 breaks pgp desktop/enterprise 10.2 (virtual disk problem) - (Fixed with 10.2.1 MP2)

Created: 10 May 2012 • Updated: 19 Jun 2014 | 143 comments
This issue has been solved. See solution.

updated to .4 tonight, pgp disks will no longer mount.  applog says 'disk already mounted. ignoring.'  but the disk is not mounted and won't mount.

 

is there a fix for this in the works???  totally blindsided me, workflow is stopped.

 

thx.

 

ps - why is it SO bloody difficult to update versions of pgp???  can't these apps do it themselves these days, like everyone else....  really a huge timesuck to figure out how to do this every time...

 

 

Comments 143 CommentsJump to latest comment

JB23zz's picture

I tried the update on an external clone for a secondary computer running 10.7.3 and PGP 10.2.0. 

(1)   I installed 10.7.4 over 10.7.3 with PGP 10.2.0 MP4, and rebooted-no problems at all.

(2)   I then installed PGP 10.2.1 (released last week)  over the 10.7.4 install and rebooted-no problems.

In summary, OSX 10.7.4 installed fine over PGP 10.2.0 MP4, which is the main thing given the bootloader, but also for me there are no compatibility problems with PGP 10.2.1 and OS X 10.7.4.

 

This is an edit to my original post:

I used the Combo update from Apple Support. I've found that the non-combo update can often be problematic.

jimsky7's picture

Same thing here. My "IT guy" upgraded my MacBook Pro to OSX 10.7.4 and PGP thinks that encrypted volumes have mounted, but they do not appear in /Volumes/* where they should be, so I am hosed. Can't do anything including get email because it's all on my encrypted volumes.

jimsky7's picture

FYI upgrading from PGP 10.2.0 to 10.2.1 did not help me. Still will not mount an encrypted volume in OSX 10.7.4.

I also found that I cannot create a new PGP encrypted volume from the PGP app either - so I don't have the option of starting from scratch with new encrypted volumes.

Real bummer this is!

jimsky7's picture

I find that locating the downloads is a nightmare. Others agree (see comments above). The PGP products really need to be able to update themselves like most self-respecting products these days. However, I got on Symantec's notification services some months ago, and they sent me an email about the upgrade. Problem is that my serial number didn't work, so I had to call their support number who gave me an "updated" serial number that did work. You log in at their "File Connect" portal https://fileconnect.symantec.com/ using your Symantec account and the download is available there.

Guillaume Corpart's picture

Go to fileconnect.symantec.com

Enter your S/N and then you get the options for downloading files.

dtich's picture

i've installed 10.2.1 over mac os10.7.4 .. still broken.

 

log says mounting disc, already mounted, ignoring.  then says closing disc.  

 

disc never mounts.

 

WE NEED A FIX FOR THIS ASAP.

 

 

thank you, if anyone at symantec is reading this!!!!!!!!!

dtich's picture

 

2012-05-10 10:57:26: Starting up

2012-05-10 10:57:27: Saving Keyrings

2012-05-10 10:57:27: Setting up Smart Keyrings

2012-05-10 10:57:27: Saving Smart Keyrings

2012-05-10 10:57:27: Setting up Keyservers

2012-05-10 10:57:27: Saving Keyservers

2012-05-10 10:57:27: Ready

2012-05-10 10:57:27: Setting up PGP Virtual Disks

2012-05-10 10:57:27: Setting up PGP Whole Disks

2012-05-10 10:57:28: Setting up Secure Messaging Services

2012-05-10 10:58:14: (Thread 2961838080) -[CPGPDiskController (0x29CA8B0) mountDiskAtPath:readOnly:] Attempting to mount disk at path: /Users/dtich/Documents/dtpgpdisk9.pgd

2012-05-10 10:58:14: (Thread 2961838080) -[CPGPDiskController (0x29CA8B0) openDiskAtPath:] Opening disk /Users/dtich/Documents/dtpgpdisk9.pgd

2012-05-10 10:58:14: (Thread 2961838080) -[CPGPDiskController (0x29CA8B0) algorithmForDiskAtPath:] Determining encryption algorithm for disk: /Users/dtich/Documents/dtpgpdisk9.pgd

2012-05-10 10:58:14: (Thread 2961838080) -[CPGPDiskController (0x29CA8B0) mountDiskAtPath:readOnly:] Disk already mounted. Ignoring.

2012-05-10 10:58:16: (Thread 2961838080) -[CPGPDiskController (0x29CA8B0) diskCloser:] Closing disk 0xB474970 /Users/dtich/Documents/dtpgpdisk9.pgd 

Sarah Mays's picture

Is this only happening with virtual disks? are you seeing any mounting issues with WDE encrypted external volumes?

JB23zz's picture

I've updated the same external disc twice with excellant results.  As I mentioned above, I updated a secondary computer's external backup with 10.7.4 and PGP 10.2.1, with a reboot after each change, to see if I would have any problems, which I did not.

Then I booted to the internal (still at 10.7.3 and 10.2.0), and updated to 10.7.4 and rebooted and then to 10.2.1, with another reboot.

Then I cloned the external to reflect the updated internal.  I've had -0- problems.

As I also mentioned above, I used the Combo 10.7.4 update from Apple Support, as I don't trust ANY point upgrade from "Software Update".  Has anybody else used the Combo and had problems?  If so, then that can't be the problem,  but if everyone else used the regular update, then that might be an avenue to explore as the problem source.

JB23zz's picture

I don't know if you've found the answer, but "Combo" updates to OS X consist of all prior updates to the OS rolled into one download.  In the case of 10.7.4, the regular update consists of changes ONLY since the release of 10.7.3.  The Combo update contains ALL updates contained in 10.7.1, 10.7.2, 10.7.3, and 10.7.4.

The tip about only updating using the Combo update was a tip I read many years ago in an Apple users group forum.  And I've never had an OS X update problem (excepting PGP-related) in using the Combo.  The 10.7.3 regular update broke something fairly major in OS X a couple of months ago so badly that Apple actually pulled the regular update and only allowed updating from 10.7.2 to .3 by using the Combo.

The link is here:       http://support.apple.com/kb/DL1524

hickefrit's picture

Could you please to upload pgp desktop 10.2.1 to sendspace.com or so, please. I'm tired of cotacting the symantec support...

PGP_Ben's picture

You cannot request encryption software that is subject to export restrictions be uploaded to a file sharing site. Doing so is actually a violation of several federal and world import/export laws.

Symantec support cannot assist you with getting access to download the PGP desktop software anyway. You have to request that through customer care. (800) 721-3934. Sorry about that!

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

So, i'm trying to catch up on this thread. As this issue has hit us like a ton of breaks today. But it sounds like, if you are updated to PGP Desktop 10.2.1 prior to upgrading and you do the 10.7.4 combo update it works fine? Otherwise it's a gamble whether you can mount a virtual disk or not?

I'm in the process of doing some encryption time benchmarking on my 2011' macbook pro. After that is complete (I already have 10.2.1 installed). I am going to do an image and then try to update to 10.7.4 from the software update utility.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

dtich's picture

yes, please let us know how to fix this.  i was on 10.2 when i updated to os10.7.4 and pgp is bricked.  installed 10.2.1 on top of that but no fix.  i can't go back down to 10.7.3 to fix this, have to go from here..

 

ANY HELP MUCH APPRECIATED BEN, THANKS!

 

 

Guillaume Corpart's picture

Ben, Please see post "at a standstill".  Your help is much appreciated as many of us are left stranded with no way to access our information!

Thank you.

jimsky7's picture

Confirming that at least in my case I had PGP 10.2.0 installed, upgraded OSX to 10.7.4 and then mounting of .pgd based PGP volumes failed for me. Correct that I had -not- upgraded to PGP 10.2.1. Upraded to PGP 10.2.1 after the fact, which did not cure the condition.

Sympathy to PGP for being blindsided by Apple, but there are undoubtedly thousands of PGP users who were also blindsided and can no longer work at this point. It scared the stuffing out of me for an hour, because my entire email was on the encrypted volume, as well as my keychains and SSH keys and other critical stuff. However, I had a backup of my unencrypted volumes under lock-and-key off premises and was able to recover from them. This is certainly one of those situations where the CEO should tell the programmers to grab coffee and pizza and sleeping bags and prepare for a 24/7 fixing and testing party...

Guillaume Corpart's picture

Like everyone here, I can not mount the virtual encrypted disk (which has all my work stuff on it!!).

OS: Mac OS 10.7.4

PGP: Desktop for Mac 10.2.1 SDK 4.2.1

When I could not mount the disk, I:

- Tried rebooting several times - DID NOT WORK

- Uninstall PGP (through the uninstall button) and Reinstall after getting latest software from fileconnect site - DID NOT WORK

- Uninstall PGP (through the uninstall button + manual removal http://prowiki.isc.upenn.edu/wiki/Removing_PGP_Des...) and Reinstall after getting latest software from fileconnect site - DID NOT WORK

- Uninstall Office (sometimes there are compatibility issues between PGP and Office) - DID NOT WORK

- Tried mounting another PGP virtual disk - DID NOT WORK

If you are having this problem as well, I would suggest you don't go through all the things I did and describe above - they are a major waste of time.  There needs to be a software fix.

I am at a complete standstill.  I basically have a very expensive paperweight in front of me, which holds all my work and I can't get access.  At this point, if I can get access just once, I will likely pull all my info from the PGP disk and not risk losing it again.... 

GC

russcus's picture

Installed OS X 10.7.4 Combo over 10.7.3, with WDE 10.2.0 installed

Note, my startup volume is NOT encrypted. I don't trust it ;)

PGP encrypted disk images will not mount. Same as everyone else, PGP App thinks they are.

Restored the entire disk drive from a clone (4 hours) back to OS X 10.7.3

Installed WDE 10.2.1 under OS X 10.7.3

Encrypted disk images mount and function normally

When I have an entire day I can afford to possibly waste, I will try installing the OS X 10.7.3 Combo update now that WDE is updated.

 

 

Guillaume Corpart's picture

I just tried shredding files.  This works fine.  But that's not why I bought the product...  Can I have my encrypted disk back... I'll gladly trade it for the shred function.

PGP_Ben's picture

Do you have the virtual disk drive set to automount upon bootup? or are you manually mounting it?  I don't think we have certified PGP Desktop for 10.7.4 yet. I don't see anything in the release notes about it.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

russcus's picture

I have tried both auto mount at startup and manual mount via PDP application. Neither works. The mount process seems to hang at some point. The Mount menu remains available, the Unmount menu is never available.

Guillaume Corpart's picture

I have tried both with Automount and Manual mounting.  Neither work.

I understand PGP Desktop may not be certified for 10.7.4, however, many of us now have 10.7.4 installed and can't get access to our files.  They are litterally in a vault with no way of getting in unless there is a PGP solution ...  Unless we go back to 10.7.3 ?????  how is this done?

Thanks for looking into this Ben.

jimsky7's picture

Your comment "I don't think we have certified PGP Desktop for 10.7.4 yet" says a lot. Obviously before we apply Apple OSX upgrades we have to wait for Symantec/PGP to certify that they work. Unfortunately we can't always afford to wait, as OSX upgrades more often are fixing security issues now. It's a delicate balance. There are also other solutions than PGP for volume encryption, but it's nice to get everything all in one package.

JB23zz's picture

I wish there was something more that I could offer to help.  I have now updated my second computer from OS X 10.7.3/PGP10.2.0MP4 to OS X10.7.4/PGP10.2.1-including cloned backups separately-and I have absolutely never had an easier OS X/PGP upgrade in years.

I'd love to know what I've done differently from everyone else who have had problems, as I have had none.

Guillaume Corpart's picture

It would appear that going back to 10.7.3 would solve the problem.

How do you go back to 10.7.3 once you've installed 10.7.4?

jimsky7's picture

Restoring from your Time Machine backup is the only way I know. And you may not want to risk that. I have more experience with Time Machine restores than I care to ever have again.

russcus's picture

I clone my HDD to an external drive with Carbon Copy Cloner before OS updates. Four hours to clone out, four more to clone back after failures like this one.

Guillaume Corpart's picture

Thank you.  This obviously requires that one does a HDD clone before installing an update... hummmm....  much foresight on your part!  :-)  At least your 8h did you good.  I am now running 12+ h with still no access to my drive info...

Guillaume Corpart's picture

Does anyone know if the following can work????:

1. find someone with OS 10.7.3

2. Install PGP 10.2.1 on their computer

3. Transfer over my encrypted volume

4. Open the volume from that computer (to at least get access to the files)

Can someone from PGP comment on this or propose an alternative solution (other than waiting for a fix to come around....

jimsky7's picture

Yes, that works. I did it this morning using a backup I had made just before the 10.7.4 OSX upgrade.

I then mounted that volume via SMB filesharing and I'm accessing it remotely from the deeply troubled 10.7.4 machine.

Definition: "deeply troubled" -- PGP not correctly mounting encrypted volumes.

Guillaume Corpart's picture

On a last desperate shot for the night, I got the passphrase window to come up.  I typed it in... nothing...

Here is the log.  It appears everything is ready... but the disk did not mount...

2012-05-10 22:51:47:    PGP Desktop 10.2.1 (Build 4461) starting up
2012-05-10 22:51:47:    Initializing PGP Messaging
2012-05-10 22:51:47:    Initializing PGP Virtual Disk
2012-05-10 22:51:48:    Initializing PGP WDE
2012-05-10 22:51:48:    Initializing PGP Tools
2012-05-10 22:51:49:    Initializing PGP Messaging
2012-05-10 22:51:49:    Ready

emorig's picture

I am here to emphasize what has been said above, and to provide as many details as possible for PGP_Ben and the PGP development team. I encourage them to replicate this bug and issue an update to PGP as efficiently as they can - it is a serious problem. 

SUMMARY: Since upgrading to Mac OS 10.7.4, I cannot mount PGPdisk volumes. Uninstalling PGP 10.2.0 and installing PGP 10.2.1 did not solve the problem.

DETAILS: I started with an early 2008 MacBook Pro running PGP 10.2.0 MP4 under Mac OS 10.7.3. An external firewire volume with Time Machine backup was WDE encrypted, but I had not yet encrypted the main drive on the MacBook Pro. Wednesday night (9 May 2012) I downloaded the Mac OS 10.7.4 combo updater and installed it. I also installed Safari 5.1.7 from Software Update. I logged out of the admin account and logged into the unprivileged user account, which I use for my daily work. I tried to open the primary PGPdisk by double-clicking an alias icon for it. The passphrase dialog box appeared, and the OK button stayed gray until I finished typing the passphrase. I pressed the return key. The passphrase dialog box disappeared, but the PGPdisk volume did not appear on the desktop. The PGPdisk volume did not appear in /Volumes from the terminal, either.

PGP is able to verify .sig files. I also used it to decrypt the WDE external time machine disk as a precaution. As far as I can tell, the only problem is mounting PGPdisk files. See my workaround, below.

WORKAROUND: I can boot external drives with earlier versions of Mac OS. They have various disk repair tools and PGP installed for emergencies such as this.

I booted Snow Leopard from a firewire drive, navigated to the main drive on the MacBook Pro, mounted the primary PGPdisk, and used Carbon Copy Cloner to create a duplicate encrypted sparseimage copy of the PGPdisk. I am currently using the Apple sparseimage volume as my primary encrypted working volume, pending an update to PGP that fixes this bug.

JB23zz's picture

I absolutely don't want to be the "elephant in the room" so to speak, but I started with 10.7.3 and PGP 10.2.0MP4 and in two separate steps I upgraded to 10.7.4 and PGP 10.2.1 with NO-repeat-NO- problems. 

There must be something other than a presumed bug with the PGP upgrade or I wouldn't have been able to do what I have done, and I will absolutely tell you I have a perfect upgrade to OS X 10.7 4 over PGP 10.2.0MP4, and then to PGP 10.2.1.  I've rebooted at least 4-5 times to my external and back again to the internal on two different computers with over two years difference in age. 

I'm only guessing, but I can only assume I have done something no one else having problems has done, but what??

James M Madden's picture

 

FWIW, I believe that I've found an alternate workaround using Apple's Disk Utility to restore a PGP image onto an unencrypted and useable .img file:

 

1. Try to mount the PGP image by double clicking it or using the mount command in PGP Desktop.  The first time you do this you should be asked to enter the encryption key for the disk.  Do so.

2. Open Disk Utility.  You should see a disk image in the left column with a name something like 'nnn MB Symantec Corporation PGPdisk Media'. 

3. Click in the disk column on blank space so that no disk is selected.

4. Select 'New Image' from the tool bar on the main window.  In the resulting dialog, enter a name for the alternate disk as you want it to appear when mounted, choose a size that's larger than that of the original image and enter a name for the new alternate .img file.  Click Save.

5. Select the 'Restore' function from the function bar on the main window.

6. Click in the 'Source' field and then select the 'Symantec' disk from the left column so that it appears in the Source field.

7. Click in the 'Destination' field and then select the disk image that you created in step 4.

8. Select Restore to copy the data from the original encrypted disk to the new image.

 

This should create a non-encrypted, useable copy of the PGP disk from which you can retrieve needed files.

JB23zz's picture

Thank you for this workaround; I'm going to print these directions out.  I might not have done anything differently than everyone else; I might have just been lucky with this upgrade cycle.

Guillaume Corpart's picture

James, you truly ROCK.  Thanks so much for this. 

PGP - I now have to remove you from my computer, as well as that of the 5 other people I work with.  We will be migrating to other disk encryption solutions.  We just can't risk compatibility issues like this. 

dtich's picture

i wouldn't call this a solution exactly, yes i had done this too, to get access to my files, but now the volumes are unencrypted and can't be left in memory or on disk.. the whole point of encryption.  

 

a very good workaround, but not a solution per se.

 

symantec.  please.  give the users a way to feel more *secure* in using your product.  let us know we will get timely updates when things like this happen, and make it simple and easy to update the app.  pgp is an integral part of many company workflows at this point and as such you should be testing your products on developer os releases and anticipating hiccups like this and working to make the end user experience as rock solid as possible.  

 

i have to say i have yet to feel rock solid in upgrading and dealing with 'broken' versions of pgp.. and i've been using it for years.  i had hopes symantec might finally get a grip on this product and manage it.

 

perhaps, as others have said, it's time to move on.

emorig's picture

 

James M. Madden's post is an excellent workaround. In my opinion, it is not a solution, and the thread should not be marked "Solved", which is misleading. What I would like to see is a post from PGP_Ben or another authority from the PGP team saying that they have replicated the issue and are working on a true solution (one where PGP is able to open PGPdisk files). 

I would not mark this thread "Solved" until PGP releases a fix where PGP works as intended.

Just sayin'.

 

outer's picture

So by closing this issue as "solved", is Symantec seriously recommending that current users abandon PGP ASAP and migrate to Apple's built-in encryption solutions?

outer

Tom Mc's picture

Just for clarification - when someone starts a thread in this forum for a problem, he or she is having, it is only he or she that is able to later mark a post as providing the resolution to his or her problem.  This is appropriate since it is only he or she who is able to determine whether the presenting problem is resolved to his or her satisfaction.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

JB23zz's picture

Then I stand corrected and apologize for believing the solution was determined by Symantec.  However, just because the OP is back to sqaure one,does not solve the overall problem; it only allows, after a lot of time and effort, to say the bullet was dodged-but not be able to use the functionality anyone with a service agreement is paying for.

Symantec needs to get out in front of this ASAP, and at least give everyone some idea of what's happening to correct the problem.  The reason I'm as vocal as I am is that unlike this time, I have been burned in the past, and I am unaware of any instance, with the exception of the 10.7.3 upgrade, that Symantec has ever anticipated problems in upgrading, but I may be misinformed. 

Can't there be a better method to notify customers of new upgrades, or problems with existing versions of WDE and new versions of the OS?  Symantec must get developer updates of OS X when they come out.  Why aren't any potential problems identified immediately-immediately-when the new OS version is upgraded over the existing WDE installation? Within maybe 5 minutes?  All of the end-users seem to find out that quickly of blow ups when their machines become unusable.  Why not Symantec?

dtich's picture

well that's interesting since i started this thread and i did not mark any post as a solution, and yet one was marked...

 

UPDATE: i was however able to 'clear' the solution flag... even though i didn't mark it in the first place.  fyi.

Tom Mc's picture

While there are some here from Symantec, including myself, who actually have the ability to mark a post by anyone as the solution, this is not normally done, and it is possible that someone from Symantec could have used poor judgement in this instance. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

dtich's picture

thx tom, in that case, i think someone at your place must've marked it.. but be that as it may, it isn't really the point.  

 

it would be great if you guys would let us know the plan for a fix/update to pgp that will get it all working again.  as soon as you can/know.

 

thanks very much.

mach_one's picture

James,

  thanks for this very creative workaround.  It works.  I've been able to recover my files.  I've used PGP for years but not anymore for disk encryption.  We can't have it breaking this often. 

m1

Svowels's picture

I hate it when I get one of these problems, come here and see 41 comments.  You KNOW it's going to be a bad day.

So no fix announced?

-Scott

grateful_one's picture

James, you are the BEST, I owe you several rounds of beers... you've saved my ass with that workaround.

BTW, Symantec - I'm junking PGP. Thanks.

 

Svowels's picture

After trying to mount earlier today with no success...the drives suddently appeared and are accessible.  I didn't do anything.  I'm going to dismount and test it.  I've got copies:)

 

-Scott

russcus's picture

Is it possible that mounting the images for the first time after the update just takes an unusually long time? That the mounting process does not actually hang? Mine typically mount in less than 30 seconds, so when nothing happens after a few minutes I assume it never will and abort it.

JB23zz's picture

I am also open to any suggestions anyone has about alternative encryption packages that don't have the continual drama of PGP.  However, I have the impression-hopefully very wrong-that most people who are really serious about disc encryption will be disappointed with the (very) few options, other than PGP, availble for OS X that offer full disc encryption.

I am unable to quote the source(s), but I have read that FileVault2 built into Lion is so-so at best. Sorry, I can't give any technical explanation of what I read. It supposedly has nothing to do with whether FV's AES128 is sufficient compared to AES256 as used in PGP WDE; I seem to remember it having something to do with FV's actual encyption methodology or some such. Plus the pass phrase used in FV is the computer's Admin password I think.  Anyone using 30-50 character pass phrases would find that a chore. If there is a separate way to boot up and then have a relatively short Admin PW, I'm not aware of it.

The only other package I've found is TrueCrypt, which is open source (and free).  However, it can not be used to encrypt boot volumes.  I guess it'd work fine for non-booting externals with no OS installed, and I guess it'd work for potentially bootable clones if not actually made bootable,  but that's an incomplete solution to me. 

If anyone has knowledge of a good alternatve, I am all ears.  Please show how how wrong and/or uninformed my pessimism is!

jimsky7's picture

I have looked a number of times at alternatives, but PGP Desktop's combination of email encryption plus volume encryption has always won out for me.

If you don't need external volumes (I do!) then FileVault (version 2) appears to be a good solution for data on the computer itself. They had a security snarl with version 1 a week ago when someone discovered it was logging passwords in the clear, but version 2 is supposedly not affected. It was a "debug switch" that some developer left turned on and nobody noticed for over a month. I'm certainly considering using it.

But PGP email encryption in terms of its close integration with various email clients, is better than GnuPG [GPG] or other alternatives, in my opinion, being almost entirely transparent and requiring very little effort to set up. The key-discovery process is certainly much, much easier than other systems.

So personally, I am likely to continue keeping external copies of encrypted volumes as emergency backups, and only upgrading one computer system at a time. And keeping an "old" version of PGP operational on a second system to read those volumes in an emergency. Good thing they don't validate for duplicate keys on a network -- that would really kill the deal.

JB23zz's picture

Thank you for another point of view and add'l information.  I also need external discs for daily use because I am waiting for an (I hope) updated MacPro, where I'd add several internal discs, and I could use my existing externals for backup. Considering the backups would then be bootable clones, I'd still be stuck with Symantec.

I definately would reconsider FV2, particularly if I could locate the info on what I thought my objections were, but honestly, I think for me I'll use PGP WDE as long as I use OS X, which I hope is a long time.

The main lesson to take away from all this mess here is to never, never, NEVER upgrade either PGP and/or OS X without current backups for all machines to be upgraded.  My upgrades the last couple of days went smoothly, but I started with a smallish 320GB secondary backup of a 1T iMac drive (not much on it), and if it'd blown up, I'd had the backup drive erased in 5 minutes, and within 30 minutes the new OS X installed and 5 hours after that it'd be re-encrypted.  My main drive on the secondary computer, and all drives for my primary would've been untouched.  I learned all the lessons people are learning the last few days a ways back. Never again.

emorig's picture

In addition to PGP users having problems mounting PGPdisk volumes, Mark James of SoftRAID is reporting that a small percentage of SoftRAID (and Apple RAID) users are having similar problems:

http://www.macintouch.com/readerreports/lion/index...

 

outer's picture

As others have pointed out, this problem has NOT, in fact, been "solved" by any stretch of the imagination. Being able to recover my plaintext is totally not the same as being able to recover my functionality.

How many of us suffering from this pox are using case-sensitive journaled disks?; I know I am, and Apple has of late become somewhat sloppy in its handling of case-sensitive filenames Is it possible that in one of the many LaunchDaemon .plists that 10.7.4 installed there lurks a case-sensitivity problem?

outer

JB23zz's picture

Obviously this problem is not "solved."

You're at work and your car burns up in the parking lot.  You have two problems now-an unusable car and no way to get to your home.  Symantec is saying that you only have one problem-how to get home.

Symantec's solution is to just call a tow truck and have your car towed to your garage, [the workaround above, useful ONLY to recover your files] and as a result, you get a free ride home with the tow truck driver. See, problem solved.

Anyway, what's the big deal, you're at home, aren't you?  What about the burned car, Symantec?

Uh-serious, serious fail here by Symantec.

 

jimsky7's picture

Keep posting here - still need PGP solution. The "solution" so far is to abandon PGP by using a backup and another 10.7.3 (three) system to decrypt or use the volume, OR to not upgrade to OSX 10.7.4, OR to use Disk Utility (it worked for me too) to unencrypt the volume.

All of these solutions (I liked the burned car analogy) require that we abandon PGP and go to another encryption solution. Although many of us feel like we'd like to abandon PGP/Symantec at this point, it may not be an option for everyone. Let's encourage Symantec to fix this crispy critter!

JB23zz's picture

I totally agree with your two paragraphs.  They succinctly sum up the whole problem here with Symantec.  I think PGP WDE is a great product being maintained by (I'll be nice) a company that frankly doesn't give a d**n about Apple.  I don't know how many employees Symantec has, but it seems like that not only are Apple products and support only an after thought, but there aren't enough programmers to adequately develop the product, although just being an after thought product probably sums it up.

As I said before, the first time a developers version of a proposed OS X upgrade was installed would reveal if PGP's bootloader would be broken-in five minutes.  Everyone here with a problem found out the upgrade breaks it in, you guessed it, five minutes.

I'm not sure there is any other product for me, and I'm not sure about File Vault2 either, but it's worth exploring further.  I may be stuck, but I am tired of every upgrade, major or minor, requiring many weeks for Symantec to release a solution.  

And Mountain Lion could be released (rumors) next month.  I'd be willing to bet the WDE upgrade for that will be a minimum of 60 days later.

(( I've gone back and re-read a bunch of comments I originally missed, and although I was prepared for failure when updating, thing upgraded fine.  I used a meaningless secondary external 10.7.3 clone to experiment with but my point is that upgrading 10.7.4 over 10.7.3, rebooting and THEN upgrading WDE from 10.2.0 MP4 to 10.2.1 and rebooting worked great.  Others did similar things and it blew up.  I still don't have a clue why mine worked and these others didn't))

jimsky7's picture

I tried to report this bug to Symantec by calling them a few hours after it happened to me and they wouldn't let me report it without purchasing PGP support. I didn't really push it, but the agent really did not want to talk to me until I purchased support. Does anyone know whether there's a way to phone them and report this without paying?

PGP_Ben's picture

Hi guys, at risk of being flamed on this thread since I'm going to come out and say this. Please don't update your mac's to 10.7.4 yet if you want Virtual Disk to work for you. We have seen issues with this process and customers have reported problems. There is a bug logged on this. Symantec Engineering team is looking into the problem. We have documented the problem in a KB. The solution that was suggested is a solution to get access to your data, encrypted or not. It may not be a viable solution for EVERY customer. But it is the best solution we have at the moment. Please don't flame Symantec support employees for working hard to try and get you guys back up and functional ASAP.

If you wish to keep up with what is happening with the bug. Please subscribe to updates on the KB article found here:

 

http://www.symantec.com/business/support/index?pag...

Thanks!

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

emorig's picture

Reply to PGP_Ben:

No flame, just a thank you for letting us know that Symantec/PGP is aware of the problem and is working on it. I, for one, understand that it takes time to replicate a problem and _fully_ understand it (and all its nuances), it takes time to devise and implement a solution, and it take takes time to fully test the fix to ensure that it fixes the problem without introducing new bugs and side effects.

I learned long ago that applying heavy handed pressure may get the fix out sooner, but does not yield the desired results. That said, I encourage Symantec/PGP to avail themselves of the help offers from the fine people on this forum (logs, testing beta fixes, etc.) to optimize a fix with minimum effort and time.

I also encourage PGP_Ben to keep us posted on progress, good or bad, even if it is to say, "this problem turned out to be more complex than we though". Schedule predictions are scary, but it would help if you can share with us the general scale - days? weeks? months? Frequent posts reminds us that the bug is actively being worked, and has not been temporarily shelved for the latest hot feature in some other product.

jimsky7's picture

You've been responsive in terms of verifying the bug once it was reported and keeping people in the loop. Since SoftRAID is having issues (and I'm maybe seeing some other issues as well with some other devices) with 10.7.4, this is probably a more pervasive Apple-related problem. Having been an Apple developer in the latter part of the previous century, I know there are challenges there. These are large complex systems.

In my case, having volumes encrypted while in transit (on MacBook Pro) is mission-critical. I'd say I can go another week like this before I move to a different product. No flames there - just reality - I can't travel without my data being encrypted while in transit, and FileVault is nice, but not quite enough given the recent issues with FV 1.x.

I was able to retrieve my data without the workaround because I keep backups and have un-upgraded systems, but having the data is not my issue -- encrypted data is my issue.

Can't live without PGP email encryption, however, so I'm glad that's still functioning, and I use it every day so I can indeed verify that it's working for me. It's still the slickest solution, not requiring any explicit key-sharing nor manual decryption.

Subscribed to the KB article. Now, just get it solved.

JB23zz's picture

Ben,

I won't flame; I've said about all I've got to say the last couple of years in general and the last few days in particular.  There are a large number of improvements we end-users would like to see, but I could overlook most of the problems if I were assured that your programmers received the Developer updates for OS X  from Apple.  If in fact you do, it appears you're wasting your money because these types of problems should be absolutely obvious at some point of the multiple beta point releases Apple gives to developers to find, and solve, these types of problems prior to the official release.

I can remember at least two instances on this forum where there was a tech support comment to the effect that the particular non-booting problem under discussion at the time was a "surprise", or something to that effect.  

I am not a programmer, and I understand this is, or at least appears to me to be, a complex product.  But the view I get is that there appears to be with rare exceptions no planning or development on WDE until the final releases from Apple are available and "surprise" Symantec with customer blowups, or at the very least,  very late in the Apple beta process.

If you have an official explanation, or even a personal, informal explanation, I hope you will share it with us.

Thank you

spyro's picture

PGP Engine crash after I enter a password for a wde encrypted disk, even if I click cancel on the enter password window.. underlying pgpwde process seams to work, but that is very annoying. Have to open PGP.app so that PGP Engine start again for every disk. Anyone else having the same issue ?

 

here a crash log when I click cancel:

 

Application Specific Information:

objc[196]: garbage collection is OFF

*** Terminating app due to uncaught exception 'PGPSDKException [-11987]', reason: 'User cancelled passphrase dialog (user cancelled)

'

*** Call stack at first throw:

(

0   CoreFoundation                      0x90ef4a67 __raiseError + 231

1   libobjc.A.dylib                     0x97df4149 objc_exception_throw + 155

2   PGP Engine                          0x000d266f -[CPGPWDEController getPassphraseForWholeDiskUUID:] + 2668

3   PGP Engine                          0x000ca349 _Z29getPassphraseForWholeDiskUUIDPh + 97

4   PGP Engine                          0x0013bec1 _ZN10VerifyUser12authenticateEv + 97

5   PGP Engine                          0x0013c3f9 _Z17keyRequestedEventR14WDEEventStruct + 47

6   PGP Engine                          0x0013c489 _ZN19KeyRequestedHandler11handleEventERKN3PGP6WDESDK8WDEEventE + 103

7   PGPwdesdk                           0x00cb6e11 _ZN3PGP6WDESDK12EventManager12notifyThreadEv + 483

8   libsystem_c.dylib                   0x94314ed9 _pthread_start + 335

9   libsystem_c.dylib                   0x943186de thread_start + 34

)
 

 

 

jimsky7's picture

I have not seen that issue, but my "PGP Engine" crashes every few hours, and so I just keep the PGP desktop app running at all times. It will detect the crash and restart the engine.

PGP_Ben's picture

I apologize for those who might be confused. But I moved the pgp engine crashing issue over to another forum discussion. This makes the dicussion thread less to read through for help and will allow someone to focus on the other issue being reported (PGP engine crashing) with the attention it needs and not getting it lost in the noise of this thread.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

outer's picture

What do you need from us? Kernel logs? Crash logs? Anything?

Once again, is this even an open-ticket item yet at Symantec?

If so, ticket-numbers please (for tax write-off purposes if nothing else).

PGP_Ben's picture

We have several support cases open on this issue. There is also a public kb article with the bug number attached to it. I cannot provide case numbers for other customers. But if you have a valid support contract you can contact Support and log a case on this issue (800) 342-0652.

I just posted an update from Engineering. Since we can reproduce the issue in house now after testing on final version of 10.7.4 we are working dilligently to resolve the issue. As soon as we have a fix, we will release an update shortly thereafter. Please follow the KB (you can even subscribe to it) to get updates on when this problem is fixed.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

BCrookAtRA's picture

Ben,

Does Symantec perform testing on developer preview releases of Apple OSX, before a release is made to the general public?

This is a VERY glaring, and obvious bug.  It took me no more than four minutes to reproduce, and I am only a paying customer.

PGP_Ben's picture

Engineering update:

 

We are continuing to actively work on resolving the incompatibility issue between PGP Virtual Disk and OSX 10.7.4, and we wanted to provide a quick update on the status.

 

PGP Virtual Disk uses standard interfaces to mount the encrypted disk. In early developer seeds of 10.7.4, this interface continued to function as it always has. In the last developer seed before release, our testing showed errors being thrown in debug mode when mounting a disk. We have seen other errors creep in and out of developer seeds, so we confirmed that Apple had not documented a change in the interface and expected these errors would be resolved in the final build. They were not, and our root cause analysis continues.

 

The first developer seeds of Mountain Lion also exhibited this problem. Interestingly however, Virtual Disks successfully mount again as of the latest seed, 10.8 developer preview 3. This may indicate a fix from Apple.

 

The Symantec engineering team continues to explore the possibility that a change in Apple’s code exposed a previously hidden error in Virtual Disk code, but we are also reporting our results to Apple in an attempt to find the root cause. Given the recent results with Mountain Lion (10.8), it is also possible that the problem will be resolved by an Apple software update instead of a Symantec software update.

 

We understand the inconvenience this has caused our Mac customers, and the security concerns associated with the workaround (i.e., recovering the data but leaving it in a decrypted state). We are working hard to fix this as soon as possible. Thank you for your patience.

 

 

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

emorig's picture

Thank you for this informative and helpful update. We know that it takes time out of a busy day to document these issues for your PGP customers, but it is so beneficial to us.

eddyisgreat's picture

I too am inconvenienced by this issue but I am completely on PGP (not symantecs; lol antivirus) side on this one. I'm sure there will be a point soon where symantec will just say "fuggetabout it" and kill the product (on mac) while we will be left with stupid filevault or checkpoint FDE if apple decides to keep screwing with things at the last minute and throwing everyone in a tizzy.

Why is anyone acting surprised? Like this is the first time Apple has done something like this?

Yanking Carbon Framework from developers at the last minute? (Debatable) 
Those of you who manage OS X in the enterprise; remember how 10.7.x simply did not bind correctly to active directory and if it did it would constantly lose it's status every time? Remember how they decided to completely remove 802.1x profiles in the client version and require that we use the server version of OS X or iphone configuration utility to create profiles? Keep in mind 10.6 worked PERFECTLY. 
Suicide commiting filevault? 
Failed delta updates from 10.7.2 to 10.7.3?
What about exposed FV passwords in 10.7.3? 

In my organization PGP is the SAVING GRACE as for COMPLIANCE reasons if they weren't available then we WOULD NOT allow macs in our organization.  

 

 

outer's picture

In a word, Apple's stock is over-priced.

Their demonstrated ineptitude on Lion, let alone Lion updates, shows that their engineering quality control has, and continues, to fall sharply and deeply.  I don't really care if some disaffected employee somehow corrupted the final release: how the puck was it released?

Sell now, while you have the chance.  This company no longer - did it ever? - commits itself to ongoing customer satisfaction, only to out-the-front-door sales.

Sorry to have to conclude,

outer

 

secureman's picture

http://macperformanceguide.com/blog/2012/20120523_...

Excerpt: While working with Apple engineers, we discovered was that Apple had disabled one of the two sets of read / write calls in 10.7.4. Before 10.7.4, volume drivers could use one of two types of read / write calls for transferring data to and from a volume, the older one which was introduced in 10.0 and a newer one introduced in 10.6. 

 

larry218's picture

Those of us that depend on PGP and had the misfortune to update to OSX 10.7.4 need help from Apple or Symantec.  We have been limping along waiting for relief.  Does anyone have any news on when Apple or Symantec will provide a revision to get us back to business?

Thank you.

 

dtich's picture

really?  nothing new to report, no help on the horizon??  this is crazy...... is this a professional app or what???

BCrookAtRA's picture

Their handling of this issue reflects extraordinarily poorly on all other Symantec products that Symantec claims to be enterprise-ready.  A month is a long time for any company to be down.  

I have observed no evidence that Symantec intends to fix this.  As it stands, the bug is that they list OS X 10.7 as a supported platform on advertising materials, and that is a false claim.

Perhaps the reason they haven't fixed it, is that their developers' laptops were themselves, destroyed by the bug, and they are waiting for the patch like the rest of us.

JB23zz's picture

I totally agree with your frustration, but the fix for the OS X 10.7.3 upgrade, WDE 10.2.0MP4, wasn't released for over two months after 10.7.3 was released in January.  There is absolutely no excuse in my mind for this, but I'm just pointing out that generally no information is given on progress, and several weeks to actually fix the problem(s) associated with OS X upgrades is SOP.  It may be several more weeks before a fix is out if prior history is any guide.  In any event, OS X 10.8.0 is rumored to be released by Apple in a couple of weeks.  This merry-go-round may start all over again.

In the past, excepting the above upgrade, I don't even remember being notified there were fixes available; I had to manually search the site, sometimes weeks after the release.  

dtich's picture

@JB, not a helpful comment really... it almost sounds like you're making excuses for how they handle the bug/conflict, and also perhaps encouraging them not to address it at all as a new version of os is expected soon... not too helpful, thanks.

even when 10.8 is released, there are many of us who will not be able to upgrade a major os version right away as our servers have many legacy customers depending on continued compatibility... see how that works?  you test and make sure the products all work together before declaring them compatible, and then once they are out you are beholden to make maintenance updates to keep up with dot releases... that's part of the agreement when you claim a product is compatible with another product.  you work hard to ensure that it stays that way so the customer can use your products reliably and hassle-free.... i guess some people around here were in the bathroom when the handbook was passed out......

very... un... cool.  

JB23zz's picture

Because of totally understandable frustration, I think you misunderstood my comments.  I actually believe it is a travesty the way Symantec manages this product, and under no circumstances do I, or would I, make excuses for Symantec.  I just understand that Symantec does not appear to properly prepare for the obvious-and then they frequently blame Apple for changing something at the last minute on them.  I've been "beat down"; I have no alternative to WDE, and I am simply tired of beating my head against the wall over this; my present comments over this fix are far more tempered than comments I've made in the past over other fixes.

I know from being on the site for a number of upgrades that no amount of complaining will hurry them up. This product is absolutely NOT handled in a professional manner, and while your original comments are spot-on, they will not make a bit of difference.  My comments on 10.8 was not an excuse to delay a fix now; it was actually an attempt, poorly I see now, to point out how bad the situation is for all of us end users-they can't fix what we've got, and another train is barreling our way.  I'm sorry for the confusion; I'm with you completely on this.