cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 14

MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi All,

We're having a problem on many of our Dell Latitudes where the MNE5.0.x agent will not kick off Bitlocker Encryption due to the error "Failed to apply any of the authentication methods specified in the policy".

Policy is set to use TPM Authentication.

If we remove MNE5.x from an affected system & then install MNE4.x, with the same policy applied bitlocker encryption starts immediately.

 

Interestingly, once a device has been encrypted using tghe MNE4.x agent, we can upgrade to 5.x, decrypt, and it will re-encrypt still with MNE5.x.

 

Had a support case open previously with this, but didn't get anywhere with it.

 

Cheers

Jason

13 Replies
Level 7
Report Inappropriate Content
Message 2 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hey, if you happen to have logs from these machines, would you mind checking if it complains about TPM: "Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310048" right after it mentioning in the log it does find a suitable TPM? I have similar issue with certain Lenovo machines that I am trying to troubleshoot, and so far everything checks up I can encrypt via 4.1.5 and then upgrade, decrypt and re-encrypt with 5.1.2 without any issues..

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

I'll have a look tomorrow.

Which log file in particular do you see this in?
Highlighted
Level 7
Report Inappropriate Content
Message 4 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi, thanks. The logs are Mne_Service and Mne_Debug logs in ProgramData.

Highlighted
Level 10
Report Inappropriate Content
Message 5 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

So we get this in the MneService_Activity.log

 

04/04/2019 06:00:25.390 PM MNEService(5960,5984)  EncryptionProvider.Activity: == Volume state for C: is decrypted (Protection is disabled) ==
04/04/2019 06:00:25.390 PM MNEService(5960,5984)  AuthMethodSelector.Activity: Detected a significant change to previously enforced authentication methods
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  TPMManagement.Activity: A compatible TPM has been detected on this system
04/04/2019 06:00:26.061 PM MNEService(5960,5984)  Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310018
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  EpoComms.event.Activity: Sent event with id 35282
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Error: Unable to apply any of the authentication methods in the policy

 

 

and this in the MneService_Debug.log

 

04/04/2019 06:00:25.405 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Applying authentication to OS volume
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Considering authentication method Tpm
04/04/2019 06:00:25.405 PM MNEService(5960,5984)  TPMManagement.Activity: A compatible TPM has been detected on this system
04/04/2019 06:00:25.421 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Applying Tpm
04/04/2019 06:00:25.452 PM MNEService(5960,5984)  PrebootBootManager.Debug: Successfully restored the default boot manager.
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  PrebootFileSync.Debug: Removed installed files from the ESP
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestState.Debug: Setting PBA compatibility-test state to: Not scheduled
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestPendingFlag.Debug: Clearing PBA compatibility-test 'Pending' flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestRebootFlag.Debug: Clearing PBA compatibility-test 'RebootRequired' flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  CompatTestModeFlag.Debug: Clearing PBA execution-mode flag
04/04/2019 06:00:25.764 PM MNEService(5960,5984)  PrebootCompatibilityTest.Debug: Removed Preboot compatibility test variables
04/04/2019 06:00:25.796 PM MNEService(5960,5984)  Tpm.Debug: Setting up TPM protector for volume C:
04/04/2019 06:00:26.061 PM MNEService(5960,5984)  Tpm.Error: Cannot activate using TPM: No compatible TPM found on this system when activating volume: C:. TPM error: 80310018
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  EpoComms.event.Activity: Sent event with id 35282
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Debug: Authentication method is not supported on this machine. Falling back to the next one in the policy.
04/04/2019 06:00:26.171 PM MNEService(5960,5984)  PrecedenceAlgorithm.Error: Unable to apply any of the authentication methods in the policy

 

 

Seems like the same you get....

 

Now error code 80310018 = 
You must initialize the Trusted Platform Module (TPM) before you can use BitLocker Drive Encryption.

 

So seems like MNE4 is able to initialize & take ownership of the TPM, while MNE5 fails... This is why MNE5 works after encrypting with MNE4 because the TPM is already initialized.

Highlighted

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

anyone a solution or advice on this, have exact same issue on most of our Dell equipment.  Remove v5 and install MNE 4 (no policy changes) and starts encrypting.

Highlighted
Level 10
Report Inappropriate Content
Message 7 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

I've not come across a fix for this yet.

Our janky workaround is to deploy MNE4 via SCCM, then have ePO Client Tasks assigned to systems with MNE4 to upgrade to MNE5.

Tho... After our recent license renewal we seem to have lost MNE from our account & waiting on account manager to get back to me on that... So we might just move away from MNE completely if we don't hear soon.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi @JayMan ,

Thank you for writing in here.

Could you please share the screenshots of the Bitlocker Product settings policy and the windows version and McAfee Agent version

MNE policy.PNG

Thank you.

Regards,
Jithendran S
McAfee Employee
Highlighted

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

screen shots attached, worked fine for years as is on MNE v4

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 14

Re: MNE 5.0.x - Failed to apply any of the authentication methods specified in the policy

Hi @SteveWilkinson / @JayMan  / @Sigi ,

Similar activation issues is reported to McAfee with TPM enabled with MNE 5.0.X.

The fix will be made Release to World in MNE 5.0.3.

Kindly open up a service request with McAfee Technical Support and kindly submit the MNE logs in the SR, so that support can check the same and provide you more technical details and help you temporarily with a workaround or POC. 

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thank you. 

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community