cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
JayMan
Level 10
Report Inappropriate Content
Message 1 of 5

MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi All,

We're having a problem on many of our Dell Latitudes where the MNE5.0.x agent will not kick off Bitlocker Encryption due to the error "Failed to apply any of the authentication methods specified in the policy".

Policy is set to use TPM Authentication.

If we remove MNE5.x from an affected system & then install MNE4.x, with the same policy applied bitlocker encryption starts immediately.

 

Interestingly, once a device has been encrypted using tghe MNE4.x agent, we can upgrade to 5.x, decrypt, and it will re-encrypt still with MNE5.x.

 

Had a support case open previously with this, but didn't get anywhere with it.

 

Cheers

Jason

4 Replies
Sigi
Level 7
Report Inappropriate Content
Message 2 of 5

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hey, if you happen to have logs from these machines, would you mind checking if it complains about TPM: "Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310048" right after it mentioning in the log it does find a suitable TPM? I have similar issue with certain Lenovo machines that I am trying to troubleshoot, and so far everything checks up I can encrypt via 4.1.5 and then upgrade, decrypt and re-encrypt with 5.1.2 without any issues..

JayMan
Level 10
Report Inappropriate Content
Message 3 of 5

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

I'll have a look tomorrow.

Which log file in particular do you see this in?
Sigi
Level 7
Report Inappropriate Content
Message 4 of 5

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi, thanks. The logs are Mne_Service and Mne_Debug logs in ProgramData.

JayMan
Level 10
Report Inappropriate Content
Message 5 of 5

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

So we get this in the MneService_Activity.log

 

04/04/2019 06:00:25.390 PM MNEService(5960,5984)  EncryptionProvider.Activity: == Volume state for C: is decrypted (Protection is disabled) ==
04/04/2019 06:00:25.390 PM MNEService(5960,5984)  AuthMethodSelector.Activity: Detected a significant change to previously enforced authentication methods
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  TPMManagement.Activity: A compatible TPM has been detected on this system
04/04/2019 06:00:26.061 PM MNEService(5960,5984)  Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310018
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  EpoComms.event.Activity: Sent event with id 35282
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Error: Unable to apply any of the authentication methods in the policy

 

 

and this in the MneService_Debug.log

 

04/04/2019 06:00:25.405 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Applying authentication to OS volume
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Considering authentication method Tpm
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  TPMManagement.Activity: A compatible TPM has been detected on this system
04/04/2019 06:00:25.421 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Applying Tpm
04/04/2019 06:00:25.452 PM MNEService(5960,5984)  PrebootBootManager.Debug: Successfully restored the default boot manager.
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  PrebootFileSync.Debug: Removed installed files from the ESP
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestState.Debug: Setting PBA compatibility-test state to: Not scheduled
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestPendingFlag.Debug: Clearing PBA compatibility-test 'Pending' flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestRebootFlag.Debug: Clearing PBA compatibility-test 'RebootRequired' flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestModeFlag.Debug: Clearing PBA execution-mode flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  PrebootCompatibilityTest.Debug: Removed Preboot compatibility test variables
04/04/2019 06:00:25.796 PM MNEService(5960,5984)  Tpm.Debug: Setting up TPM protector for volume C:
04/04/2019 06:00:26.061 PM MNEService(5960,5984)  Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310018
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  EpoComms.event.Activity: Sent event with id 35282
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Authentication method is not supported on this machine. Falling back to the next one in the policy.
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Error: Unable to apply any of the authentication methods in the policy

 

 

Seems like the same you get....

 

Now error code 80310018 = 
You must initialize the Trusted Platform Module (TPM) before you can use BitLocker Drive Encryption.

 

So seems like MNE4 is able to initialize & take ownership of the TPM, while MNE5 fails... This is why MNE5 works after encrypting with MNE4 because the TPM is already initialized.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community