I just purchased 20 Lenovo T500s for a project that launches August 1. Being in the healthcare industry, I cannot issue the machines without encryption and I am at a standstill at the moment. Hopefully someone has a suggestion.
The BIOS shows the SATA controller is by default AHCI, the only other option is Compatibility. The machines also have the Computrace module, which is enabled by default, and Intel AMT which is enabled by default. After numerous phone calls to support, I have tried the following suggestions from both Lenovo and McAfee to no avail.
Encrypt machine straight out of the box after joining it to the domain. The EE files include test for Computrace and update number of sides options.
Removed Rescue and Recovery and Lenovo System Toolbox (PCDoctor) and used GPARTED to remove the FAT32 Restore partition before encrypting.
Used WipeDrive to scrub the HDD before re-installing XPsp2 from a Microsoft OEM disk. This test leads me to believe it isn't a software issue, but something hardware related.
Disable "Preboot usb (auto otherwise)" from admin console to see if this works... assuming the system goes to black screen freeze after boot protection credentials are entered. We found that this opiton had to be un-checked for our lenovos.
:)There were a couple different things going on, but we are up now.
One tech recommended "Update number of sides" at the beginning, as the OOB image had 1 active partition, C: and one FAT16 recovery partition. That was my stumbling block.
Because I customize the OS image, and don't want users having the opportunity to try a "restore", I delete the Rescue and Recovery program and use GpartED to kill the recovery partition. I can't say for sure how Update number of sides works, but I am making an educated guess in saying it has to do with multiple partitions and their physical location on the disk.
If you are working with a Lenovo T500 image, and have deleted the recovery partition as I did,specifically look at these issues for troubleshooting: (Files) Update number of sides reported to OS is turned off (General) I have enable boot disk compatibility turned off
The Preboot USB is a tricky one. It can keep keyboards on docking stations from being recognized (it seems to be a dice roll)
If you do delete that restore partition, remember adding it to C: in Windows will create a Dynamic disk, which EE doesn't work with.
And lest I forget, Bravo Zulu to Jason Bentley with Tech support. He's one of the few support personnel out there who doesn't assume he has your fix before he answers the phone.
So basically you are not using "Update number of sides" Mark? Is the controller still set to SATA?
For anyone reading here this file group "Update number of sides"" was made as a fix for a specific issue so shouldn't be used unless you get the issue from the release notes about that. It could be seen on other laptops with the same approach in the BIOS but here's the release notes:
"On HP Compaq DC7100 desktops with the disk encrypted and the BIOS Disk Translation Mode set to Automatic, the machine will hang after preboot logon. The last thing shown on the screen is the "Resetting hardware. Starting operating system." message. It turns out that in Automatic mode, the BIOS will attempt to read the OS boot record for the number of sides. When the disk is encrypted, the OS Boot Record is returned encrypted so the BIOS returns some default of 255.
Unfortunately this is then different to what is used during the actual OS boot .A fix is to modify the OS boot record to set the number of sides to the same as the BIOS default (i.e. 255). This can be done automatically using a sync handler that executes when the client starts for the first time (i.e. before activation of pre-boot).The SbBootSideFix.dll needs to be installed to the client as a post install helper. If this is part of the initial install set, then the OS boot record will be fixed before activation. This means customers using this fix need to update their client file group before they create a “new” install set."