cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_B
Level 10
Report Inappropriate Content
Message 1 of 11

McAfee Drive Encryption - Status Remains Inactive

Dear McAfee Community,

We have a Windows 10 laptop, reasonable spec - i7 CPU, 8GB RAM, 300GB+ HDD etc but which is failing to activate for Drive Encryption.

The device is managed by an ePO server running v5.9.1 and has the following products installed:

  • MA 5.5.1.388
  • ENS 10.6.1
  • DLP 11.0.700.182
  • MCP 2.3.5.243
  • MDE 7.2.8.4

The BIOS has been upgraded to the latest supported version. In ePO it reports the version of MDE to be 7.2.8.4 for the Encryption software, the Agent and DEGO however, under the Drive Encryption tab it still says Inactive.

The user sent across the MfeEpe.log from the device, the last few lines of which are shown below (they tend to repeat themselves).

MDE Activation Failures on device US01LMOTOUM (most recent entries).PNG

 

Also, I've checked the MDE (Product Settings) policy applied and this is below also (for where there are settings configured; the tabs not shown are blank. This same policy is applied to over 1,000 devices on the estate. The device has been rebooted several times since MDE was installed.

MDE Product Settings - General.PNGMDE Product Settings (General)

 

MDE Product Settings - Encryption.PNGMDE Product Settings (Encryption)

 

MDE Product Settings - Log On.PNGMDE Product Settings (Log On)

 

MDE Product Settings - Encryption Providers.PNGMDE Product Settings (Encryption Providers) 

I look forward to hearing to your thoughts, guys!

10 Replies
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hello,

Most probably the machine just needs a reboot as per below article:

0xEE010001, No providers installed

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Nick_B
Level 10
Report Inappropriate Content
Message 3 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hi,

Yep, saw that KB and I understand from the IT guy on site the device has been rebooted several times since MDE was installed.

Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

In that case, probably another error in the MfeEpe.log can show us the reason about that. Can you upload it so I can take a look?

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Nick_B
Level 10
Report Inappropriate Content
Message 5 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Thanks Ninov,

Please see below a link to the MfeEpe.log from the laptop where Activation is failing, for McAfee Drive Encryption.

MfeEpe.log file for Laptop Failing MDE Activation

Speak soon.

 

Nick_B
Level 10
Report Inappropriate Content
Message 6 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

One other thing, I ran a couple of DEGO queries yesterday and here is the results from that.

DEGO Test Results.PNGDEGO Test results

And the DEGO DataChannel status is below.

DEGO DataChannel Status.PNGDEGO DataChannel Status

 

Are you familiar with the Server log on the ePO server - that may shed light on this issue? 

Nick_B
Level 10
Report Inappropriate Content
Message 7 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hello Ninov,

Any thoughts on this?

Highlighted
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 8 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hello,

Unfortunately the one drive locations are blocked for me and I could not review MfeEpe.log but I have some ideas.

Was the DEGO initially disabled and later switched off? Do you see errors for failed health checks?

Regarding the data channel issue, it is a known one - even for simplified environments with great connectivity, I have seen that failing but still activating later in case DEGO is disabled.

Try restarting the MDE Agent service, open "Show DE Status" and "Agent Monitor", then click few times first four buttons of the Agent Monitor and wait for a message in the Status window. If all prerequisites are met, it should start activating.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
Nick_B
Level 10
Report Inappropriate Content
Message 9 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hi Ninov,

So what I did was I removed MDE using a standard removal task (no need to use the PRT tool or anything fancy) then I re-deployed MDE to the device and it activated pretty quickly afterwards.

The only other change which was made prior to the removal and redeployment was a Product Settings policy one - on the Encryption Providers tab all the options were disabled whereas on the policy which was previously applied two of these were enabled - Use Windows System Drive as Boot Disk and Enable Pre-Boot Smart Check.

Usually, I do not select any of the options on the Encryption Providers tab, but I cannot say for certain whether this would have been why it suddenly sprang into life.

Would you enable any of the options on the Encryption Providers tab at all?

Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 10 of 11

Re: McAfee Drive Encryption - Status Remains Inactive

Hello,

In case most of your machines use BIOS mode, it is best practice to enable it. It edits the activation sequence and adds additional checks. You can refer to these best practices since they still apply:

MDE 7.1 Best Practices - Page 23

 

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community