Endpoint Encryption

I have a personal computer (BYOD) whose SSD was encrypted using a managed Symantec Encryption Desktop provided by my company on Windows 8.1.

I figured formatting the drive to reinstall Windows would work as I did not need to recover any of the data on it.

I decided to try installing Windows 10, and deleted all partitions from the Windows installer, selected the new partition, and now install does not pass 14% (Getting Files ready for Installation).  

I ran a tool called "Secure Data Disposal" to format the drive since I did not need to recover any data on it, thinking it would overwrite the encryption and allow me to reinstall Windows.

Is it possible to reuse my drive? I do not need to recover any data on it.

I found the following article - "HOW TO: Clean (wipe) a PGP Whole Disk Encrypted Disk Using the diskpart Utility on Windows" https://support.symantec.com/en_US/article.HOWTO55966.html

Will this do the trick? Is there any Linux tool I can use?

Thanks.

If it is failing at 14%, I'm not sure what might be causing that.  When the drive is reformatted, it should be ready for use again, and our product should not get in the way of that.  It should be perfectly fine to re-use the drive.

In some of cases, when the drive is reformatted, the boot sector is not actually cleared properly.  This can lead to our product's pointers remaining on the drive, which can cause booting issues after a new OS is installed.  I haven't seen it cause issues during the installation, but it can usually be fixed by running the following using the installer media:
bootrec /fixmbr

That should write a clean boot sector for the new OS you are trying to install.
 

I agree with Mike, it sounds like the issue is with the SSD. In a few rare cases, the reformat doesn't clear out the MBR / Boot sector. However, that would not interfere with a Windows installation. You would notice this problem only after the installation. 

If Mike's suggestion does not fix the problem, I suggest contacting the SSD manufacturer to ask about any utilities they have to test the drive. Also, any recalls for that model that have come up, and utilize any available manufacturer's warranty if there is a hardware problem.

Hello, thank you both for your response. I'm able to install Ubuntu 15.10 desktop 64-bit without issues on it.

I had already tried bootrec /FixMbr but that did not do the trick.

I'm trying Secure Erase as instructed on Samsung's site: http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/support/faqs_03.html

When I run the following command, I get the following results:

$sudo fdisk -l
Disk /dev/sda: 477 GiB, 512110190592 bytes, 1000215216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 21817CED-B8AF-4934-88A9-D0BE3CF64BC1

Device         Start        End   Sectors   Size Type
/dev/sda1       2048    1050623   1048576   512M EFI System
/dev/sda2    1050624  933337087 932286464 444,6G Linux filesystem
/dev/sda3  933337088 1000214527  66877440  31,9G Linux swap


daniel@desktop:~$ sudo hdparm -I /dev/sda

/dev/sda:

ATA device, with non-removable media
    Model Number:       Samsung SSD 850 PRO 512GB               
    Serial Number:      ?????????????????? (removed)  
    Firmware Revision:  EXM01B6Q
    Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
    Used: unknown (minor revision code 0x0039) 
    Supported: 9 8 7 6 5 
    Likely used: 9
Configuration:
    Logical        max    current
    cylinders    16383    16383
    heads        16    16
    sectors/track    63    63
    --
    CHS current addressable sectors:   16514064
    LBA    user addressable sectors:  268435455
    LBA48  user addressable sectors: 1000215216
    Logical  Sector size:                   512 bytes
    Physical Sector size:                   512 bytes
    Logical Sector-0 offset:                  0 bytes
    device size with M = 1024*1024:      488386 MBytes
    device size with M = 1000*1000:      512110 MBytes (512 GB)
    cache/buffer size  = unknown
    Nominal Media Rotation Rate: Solid State Device
Capabilities:
    LBA, IORDY(can be disabled)
    Queue depth: 32
    Standby timer values: spec'd by Standard, no device specific minimum
    R/W multiple sector transfer: Max = 1    Current = 1
    DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
         Cycle time: min=120ns recommended=120ns
    PIO: pio0 pio1 pio2 pio3 pio4 
         Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
    Enabled    Supported:
       *    SMART feature set
            Security Mode feature set
       *    Power Management feature set
       *    Write cache
       *    Look-ahead
       *    Host Protected Area feature set
       *    WRITE_BUFFER command
       *    READ_BUFFER command
       *    NOP cmd
       *    DOWNLOAD_MICROCODE
            SET_MAX security extension
       *    48-bit Address feature set
       *    Device Configuration Overlay feature set
       *    Mandatory FLUSH_CACHE
       *    FLUSH_CACHE_EXT
       *    SMART error logging
       *    SMART self-test
       *    General Purpose Logging feature set
       *    WRITE_{DMA|MULTIPLE}_FUA_EXT
       *    64-bit World wide name
            Write-Read-Verify feature set
       *    WRITE_UNCORRECTABLE_EXT command
       *    {READ,WRITE}_DMA_EXT_GPL commands
       *    Segmented DOWNLOAD_MICROCODE
       *    Gen1 signaling speed (1.5Gb/s)
       *    Gen2 signaling speed (3.0Gb/s)
       *    Gen3 signaling speed (6.0Gb/s)
       *    Native Command Queueing (NCQ)
       *    Phy event counters
       *    READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
       *    DMA Setup Auto-Activate optimization
            Device-initiated interface power management
       *    Asynchronous notification (eg. media change)
       *    Software settings preservation
            Device Sleep (DEVSLP)
       *    SMART Command Transport (SCT) feature set
       *    SCT Write Same (AC2)
       *    SCT Error Recovery Control (AC3)
       *    SCT Features Control (AC4)
       *    SCT Data Tables (AC5)
       *    reserved 69[4]
       *    DOWNLOAD MICROCODE DMA command
       *    SET MAX SETPASSWORD/UNLOCK DMA commands
       *    WRITE BUFFER DMA command
       *    READ BUFFER DMA command
       *    Data Set Management TRIM supported (limit 8 blocks)
Security: 
    Master password revision code = 65534
        supported
    not    enabled
    not    locked
        frozen
    not    expired: security count
        supported: enhanced erase
    2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT. 
Logical Unit WWN Device Identifier: 50025388a07e50d8
    NAA        : 5
    IEEE OUI    : 002538
    Unique ID    : 8a07e50d8
Checksum: correct
Device Sleep:
    DEVSLP Exit Timeout (DETO): 50 ms (drive)
    Minimum DEVSLP Assertion Time (MDAT): 30 ms (drive)

There are many reasons a windows 10 installation can fail, but at this point I think you have safely ruled out your previous drive encryption by formatting the disk completely.

Sounds like you may have a problem with the Windows installer disk. If other OS's install OK. 

There are also a lot of reports that Windows 10 will hang near the beginning of an installation while it attempts to download updates. 

See : http://www.thewindowsclub.com/windows-10-upgrade-hangs  or http://www.ibtimes.co.uk/how-fix-windows-10-stuck-25-installation-error-0xc1900101-0x20004-1513631  

 

I figured as such, and used an original Windows 8 DVD instead of the 8.1 and 10 versions I was using (downloaded the ISOs from Microsoft.com and burned them).

Even though the previous install of Windows 10 using the downloaded DVD iso worked, for some odd reason it no longer does. 

After successfully installing Windows 8 from an original OEM DVD, I was able to upgrade to Windows 10.  I was hoping to perform a clean install, but the upgrade worked since this was a fresh new install of Windows 8 and I decided to keep nothing during the upgrade process.

Thank you all for your help. :)

Best regards,
Daniel