Endpoint Encryption

OS: Windows 7 Pro, SP1

Product: Symantec Encryption Desktop, Version 10.3.1

The only AV product I have running is Microsoft Security Essentials.

My problem:

I am able to MOUNT .pgd virtual disks as drive letters; however I am unable to UNMOUNT them.

When attempting to unmount (via Explorer, or via the SED tool) I get the same error:

PGP Disk Unmount failed because: "NT driver File request operation failed."

I have closed every application, and even LOGGED off and back on, but the virtual disk is still present.  I can only unmount by restarting windows or by physically disconnecting the drive holding the .pgd image.  (Note: Disabling the AV on-demand process does not resolve this issue).

Any suggestions?

 

 

A small and handy utility is "handle" from Sysinternals. You can check via the command line which process still has some files open on a particular drive. You can obtain it via the following link: http://technet.microsoft.com/en-us/sysinternals/bb896655 If command line is not really your thing. You also have Process Explorer which contains much more features, but it should also show you which files are locked by which process. http://technet.microsoft.com/en-us/sysinternals/bb896653 When you find the process that is locking the opened .pgd, you can troubleshoot from there. -- But in the same time, if you would have open files, I think the error message would be a bit different. More in line with: "PGP Disk Unmount failed because: this PGP Disk is currently in use. Please close all files...try again." As a side question, when the disk is mounted, do you see it as FAT32 or as NTFS (or any other type)?

Error message varies slightly:

    Attempt to close by right clicking the PGD file, SED, Unmount:
    Attempt to close by right clicking drive in explorer, SED, Umount:
    Attempt to unmount in the GUI, PGP Disk Section, Unmount button:
        PGP Disk Unmount failed because: "NT driver File request operation failed."

    Attempt to close by using the tasktray, right click, unmount virtual disks:
        PGP Disk Unmount All failed because: "NT driver File request operation failed."

I've only been able to reproduce the error on NTFS mounted files, not FAT32 files.


TRACE OUTPUTS:

C:\bin\tools>whoami
nt authority\system

C:\bin\tools>handle VOL02

Handle v3.51
Copyright (C) 1997-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

System             pid: 4      type: File           BB0: D:\VOLS\VOL02.pgd

C:\bin\tools>handle -c BB0 -p 4

Handle v3.51
Copyright (C) 1997-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

  BB0: File  (R--)   D:\VOLS\VOL02.pgd
Close handle BB0 in System (PID 4)? (y/n) y
Error closing handle:
T
 

If it is only on NTFS mounted files, and FAT32 mounted files are correctly unmounted, I would suspect either some process that locks NTFS mounts / a filter driver that prevents dismounting NTFS locations. What I can find online is mostly about USB drives that use NTFS and either have problems being removed / show data corruption after being removed. The advise there is to use the "safe removal" / "safe eject" option from Windows to make sure that any write changes are writen to the device and the USB drive / filesystem can be unmounted. But the unmount option of SED should do the same..... Maybe using fsutil from microsoft will shed some additional light on what is locking the NTFS volume. But I do not really have much experience to dig down with this tool. Maybe someone else has... On a test virtual disk (just to prevent any data loss by manipulating ntfs), do you see anything with the following commands (replacing f: in the dismount command by the drive letter you are using for the mounted virtual disk): fsutil transaction list fsutil volume dismount f: The full command reference is available via http://technet.microsoft.com/en-us/library/cc753059.aspx

I encountered the same problem and figured out the reason:

When moving the PGP-Disk Container File to another NTFS volume, the security settings of this particular file will be replaced by the security settings of the new NTFS drive that the PGP-Disk is located on.

By default, new NTFS hard drives have their security settings set to (this applies to Windows 7): Users can only read data, Administrator can modify it. Which means, if you mount your PGP-Disk from such an NTFS hard drive, the PGP drive will be read-only.

However, PGP didn't seem to recognize properly that the file was read-only (probably because the PGP version was too old to work well with Windows 7), instead it treated it like a writable PGP volume, but when you try to dismount it, the NTFS driver wants to write something on the PGP disk and thus the error message appears. When using FAT32 PGP disks, the dismount doesn't require writing data to the PGP disk, so the dismount will work.