I just want to let everyone know that before posting this, we've spent countless hours reading all the info available in this forum and anything we could find online, so any help will be appreciated.
This is the situation:
HP EliteBook 8540w laptop, running Windows 7 32bit, encrypted C: drive (320 gb) using Endpoint 5.2.
A few months after, windows decided not to boot. The drive was inaccessible and showed up as a RAW partition, so we loaded a version of BartPE with Wintech 5.2, authorized with the daily access code, authenticated with the correct key, removed EEPC using algorithm 12, and after 5 hours of what it seemed to be a decryption process, we found out that the drive was left in an even worst state....
The drive has two partitions, C: starting at sector 2048, ending at sector 620894137 and D:, starting at sector 620912250 and ending at 625121279.
D:, is a recovery partition installed by HP loader, and it wasnt encrypted.
As of right now, Safetech wont authenticate the key, since it shows that the drive seems to decrypted and has an algorithm of 00. So if I manually select the algorithm 12, the key authenticates and all the menu options are available.
Should we try to reencrypt the sectors of the C: partition using the Crypt Sectors option, and see if that returns the drive to its original condition or try to do something else.
Please advise, very important data on this drive!
You don't say anything about the current state of the drive? In what way is it worse? Does the partition boot sector look correct?
Also which option did you use to do the remove, and what was the original error?
The standard remove option works fine for pretty much everyone, the most common way of getting in the position you are in is by using the wrong sdb file, and you can tell that by checking the part boot sector is decrypted properly prior to running the decrypt.
But, knowing exactly what the original problem was helps - if the preboot was working but not windows, then the standard remove without using the sdb should be used.