Endpoint Encryption

 View Only
  • 1.  Self Recovery Setup Not appearing on Logon

    Posted Jul 17, 2015 09:01 AM

    I'm running Symantec Encryption 11.0.1, when I rollout the FDE package to a laptop it installs on startup and then I logon using a domain network login to setup the user as the owner. What I expect to happen is once logged on to recieve the Self Recovery Setup screen, it usually appears automatically. 

    Instead I get nothing. If I check the management agent I can see it connected to the Symantec server fine. 

    If I browse to c:\program files\SYmantec\Symantec Encryption\ and run the self recovery tool manually I get the below error.

    I've attempted to reinstall the SYmantec Management Agent and FDE agent but get the same problem, can anyone help?

     

    Capture.PNG

     

    Thanks 



  • 2.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 17, 2015 09:42 AM

    Can anyone help? Thanks 



  • 3.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 19, 2015 01:10 PM

    Hello Ghath,


    Kindly provide us with the make and model of the client. Is this the behaviour of all the clients? are they the same make and model as the affected one ?

    If you manually install Management Agent first, then without restarting install FDE, does the issue still persist ? Could we do try installing them on the same account without switching them.

    Can we confirm if the disk is of a supported type on the client:

    Supported and unsupported disk types for Drive Encryption


    Following are the supported and unsupported disk types and file systems for Drive
    Encryption:


    Supported disk types


    ■ Desktop or laptop disks, including solid-state drives (either partitions or an
    entire disk)
    ■ USB flash disks
    ■ Advanced format drives with 512-byte emulation mode (512e)
    ■ FAT32, and NTFS formatted disks or partitions
    ■ GPTboot disks on MicrosoftWindows 8.x and MicrosoftWindows Server 2012
    (UEFI systems only)
    The following are the supported Opal v2 compliant eDrives for Drive Encryption:
    ■ Samsung SSD 840 EVO mSATA
    ■ Intel SSD Pro 2500
    Before installing Symantec Endpoint Encryption 25
    Symantec Endpoint Encryption system requirements
    Drive Encryption manages these drives and uses the Opal drive's built-in hardware
    encryption capability when these drives are used with following laptop models:
    ■ Lenovo ThinkPad W540
    ■ Lenovo ThinkPad T540p
    ■ Lenovo ThinkPad X240


    Unsupported disk types


    ■ Any configuration where the system partition is not on the same disk as the
    boot partition
    ■ Native mode advanced format drives
    ■ Dynamic disks
    ■ SCSI drives and controllers
    ■ Software RAID disks
    ■ exFAT formatted disks
    ■ Resilient File System (ReFS)
    ■ Extended partitions.



  • 4.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 19, 2015 02:21 PM

    Also do let me know what happens if we click on Debug, what is the log in Event viewer - Application for DESR  



  • 5.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 20, 2015 04:34 AM

    Hi, machine spec is as follows. This is affecting 3 laptops the same model as the below.

    Windows 7 

    Dell Latitude 7250

    M510 SATA Solid State Drive 128gb

     

    I' ve successfully installed the management agent and FDE agent previously on these machines, and enroled a user by completing the recovery questions, the disk was encryped successfully.

    The issue above occurs when we attempt to enrol a different user on the laptop (log onto Windows as a different domain user) and attempt to complete the recovery questions. 

    In an attempt to troubleshoot the problem I decrypted the disk and reinstalled the management agent and the FDE agent and when I log on I get the same error when launching the recovery questions menu.

    Is this a compatibility issue with the disk? I will hopefully get round to checking the logs later on today. 



  • 6.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 21, 2015 09:37 AM

    As it worked before it should have worked unless something changed on the client.

    Could we try creating new packages from the server and check if the issue persist.

     

    To check disk compatibility check if the SSD is AF or legacy:

    https://support.symantec.com/en_US/article.TECH194586.html

     



  • 7.  RE: Self Recovery Setup Not appearing on Logon

    Posted Jul 22, 2015 09:11 AM

    I ran the command sutil fsinfo ntfsinfo <drive letter>:

    And got the below results:

    Capturedisk.PNG

    Does this mean the disk is compatible and the MS hotfix isn't required?

    Re-exporting the packages is the last resort as if it works I will need to decryp the disks and reinstall the packages on each workstation from the begining, which is very time consuming and hard to do remotely.

    Thanks