Endpoint Encryption

Hello,

Firstly, sorry for the long post but I hope someone here can help me please, otherwise I'm going to lose 1.5TB of data. ;/

I used WDE on an external 1.5TB drive in a USB3 enclosure connected to a laptop running Win7 64bit Ult. It seemed to work fine for 2 weeks until one day I couldn't mount the drive - although another identical 2TB one works fine. I've swapped it into another identical enclosure - no difference. I've now taken the drive out & put it in a fresh built Win XP SP3 machine, running the same version (although 32 bit) of PGP Desktop, connected via SATA though - to rule out lots of possibilities. Same problem.

When (either machine) boots into Windows, diskmgr sees it as RAW & asks to format it (I click "NO"). PGP launches & asks for key's passphrase, which then happily mounts the WDE volume on  another external USB3 enclosure (if connected) plus a PGD volume on the internal disk (all encrypted with same user key & PGP version).

Sometimes I've entered the passphrase before devicemgr complains about it being raw, then PGP basically "locks up..!" The machines grind to a snail's pace and just queue up the commands I issue / progs I launch. After 10 mins (although I've waited hours) I unplug the bad drive & suddenly the machine bursts into life, launching all the apps that wouldn't respond seconds earlier "as if nothing happened".

I tried launching PGP Desktop "before" plugging the drive in, so I could decrypt it. It seems to start OK, the taskbar progress indicator spins but when I took a look at the GUI, it claims it's going to take "MONTHS" to decrypt the drive..! Eventually it seems to drop off (I know because devicemgr can't see it anymore), so I just disconnect it & try again...

I could write a horrible book about everything I've tried...

Now it's in a state of about 1% decrypted - but I can't access the decrypted volume. I'm hoping someone here might be able to suggest something I haven't tried to help me get the data off please...!

I haven't tried the dreaded boot disk decrypt because I read that if it fails to complete, the data's gone.... (please tell me if that's not right).

Otherwise I've been trying the following:

(disk is non-system / non boot in XP SP3 32bit machine connected internally via SATA)

1. boot up, login as local admin, but "don't" enter PGP passphrase when prompted, decline MS' offer to format the RAW partition.

2. use devicemgr to confirm disk appears "normal"

3. use CMD prompt to run PGPWDE commands. Here's what happens:

================================================================================
CMD: **** pgpwde --enum ****
-------------------------------------------------

Total number of installed fixed/removable storage
device (excluding floppy and CDROM): 3
Managed disks:
  Disk Group d287e9ae-141e-4a42-8f2d-a57969a2c01d:
    Disk 2 has 0 online volumes:
Unmanaged disks:
  Disk 0 has 1 online volumes:
    volume C:\ OS is on partition 3 with offset 30928896
  Disk 1 has 0 online volumes:
Request sent to Enumerate disks was successful

================================================================================
CMD: **** pgpwde --list-users -d 2 -k 0x89ACED2D ****
-------------------------------------------------

Total of 1 user:
  User  1: Name: Admin7 <admin07@test> Type: PGP Key ID: 0x89ACED2D
System Record Information:
      Disk UUID: d287e9ae-141e-4a42-8f2d-a57969a2c01d
     Group UUID: d287e9ae-141e-4a42-8f2d-a57969a2c01d
Attribute Information:
  S = SSO, O = Offloaded, L = Locked out, A = Anti Theft, M = Managed Admin
  LSR = Local Self Recovery Available
Request sent to List users on disk was successful

================================================================================
CMD: **** pgpwde --status -d 2 -k 0x89ACED2D ****
-------------------------------------------------

Disk 2 is instrumented by bootguard.
  Encryption removal process is running in the background.
  Current key is valid.
Whole disk encrypted
  Total sectors: 2930274304 lowwatermark: 1374207 highwatermark: 2930274304
  Authentication needed to decode disk session key.
Request sent to Disk status was successful

================================================================================
CMD: **** pgpwde --show-config -d 2 -k 0x89ACED2D ****
-------------------------------------------------

         Login Message:
Display Startup screen: No
  Display Machine Name: Yes
          Machine Name: GLORY
     Use Audio Prompts: No
          User lockout: Disabled
    Allow user decrypt: Yes
Request sent to Show configuration information was successful

================================================================================
CMD: **** pgpwde --auth --interactive -d 2 -k 0x89ACED2D ****
-------------------------------------------------

Enter Passphrase:
Request sent to Authenticate disk was successful

================================================================================
CMD: **** pgpwde --verify-user --username Admin7 --disk 2 --keyid 0x89ACED2D ****
-------------------------------------------------

Successfully Verified User
Name: Admin7 <admin07@test> Type: PGP Key ID: 0x89ACED2D
Disk Group: d287e9ae-141e-4a42-8f2d-a57969a2c01d
Attribute Information:

  S = SSO, O = Offloaded, L = Locked out, A = Anti Theft, M = Managed Admin
  LSR = Local Self Recovery Available
Request sent to Verify user authentication was successful

================================================================================
CMD: **** pgpwde --resume -d 2 --interactive -k 0x89ACED2D ****
-------------------------------------------------

Enter Passphrase:
Request sent to Resume encrypt or decrypt was successful

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ...But after 30mins or so (I waited 12 hrs once), I notice the disk light has no activity and that devicemgr can no longer see the disk at all... :(
 
{
C:\bin>pgpwde --status -d 2
Disk 2 is not found.
Operation disk status failed:
Error code -11984: item not found
}

When I reboot & check the lowwatermark or highwatermark there's NO change....
 
Is there any more I can try, other than use the ISO Recovery Image CD....????

Thank you for helping..!

- Vash

This forum topic may help.

I would check disk´s health, you can lookup for specific vendor application,

Next, you can try to decrypt the disk from another PC with PGP installed.

 

Thanks Tom, Please accept my apologies for the late response. The post you pointed to sounds EXACTLY what I've endured. Achelon described the drives being falsely recognized with incorrect drive letters. I had that issue "consistently" but simply uttered unkind remarks about Mr Gates & Win7x64. I didn't mention that I've had the same issue trying to get WDE running in a stable manner on some other external USB3 drives because ultimately I could authenticate to then, run disaster recovery tools & get back all my data, reinitialize, goto "start", etc, etc. I assumed it was not a PGP issue because it worked well for weeks before failure. I now suspect I triggered the effect each time after simply removing or swapping ext drives (which I don't do that often). It makes sense in retrospect. This time though, the drive halts (and the O/S) after authentication. Then either before I can launch the recovery SW or soon after it begins, the drive drops off. My issue now is that I am left with just one drive in this state. If there was BGFS record data to be swapped between drives, then I'm afraid I nuked that when I wiped the last drive. The full case is otherwise identical. As you stated that you fwd'd it to Tech Support a year ago, what was their response please? It's thoroughly reproducible & causes catastrophic failure (top marks to "Achelon" for his analysis!). For perspective's sake, I have an engineering degree in comp sys & yet I didn't see this failure pattern as likely a PGP bug. *doh* Maybe I'm just losing it too but this does present in an odd way - more like HW failure. Ultimately it may be causing WDE, PGP & hence Symantec significant unnoticed damage. I was planning on going back to multiple PGD volumes to store my backups, as I've never had ANY issues with corruption there. Otherwise in my case, would you suggest attempting to decrypt from the boot.iso now or is that just suicide..? I do appreciate your help.

When I sent that to tech support, I didn't request or receive feedback, so don't know what may have come from that.  As Julian suggested, you might want to try decryption first from another machine with PGP installed - the WDE Recovery CD is considered a last attempt, both because it is slow 16 bit processing, and that it must not be stopped once it is started.

Thanks for responding Julian, As per my original post, I've thoroughly tried the "attach & decrypt via other machine" method. In terms of running Spinrite or the like, I'm yet to find any mention on their support site of using it AFTER WDE - only before. I assumed any relocation of data without authentication would nuke a perfectly working WDE drive. Is that not correct? Is this what you're recommending I do now..?

It has been some time since I had a computer with WDE that would not boot.  However, at that time, I had purchased SpinRite, and was informed by their tech support that it was safe to use on WDE encrypted disks.  It took a long time and the final result was that it did not find any errors needing correction.  I then used the WDE Recovery CD to successfully decrypt the disk.  Since you mentioned SpinRite, I thought I would relate this experience.

 power options are set to sleep drive when not using computer for a  while ?