I have been testing with Opal disks lately. All works fine when having one Opal disk in a system. However, when I want to test with 2 Opal disks in one systems, things are starting to get buggy.
Issue 1: when installing a clean system (to be sure I don't have any Opal locking remainders I did a factory reset of the disk with the PSID on the disk label) with two disks, upon activating the policy, Drive Encryption will show both PhysicalDisks as encrypted. When I reboot the system, the PBFS login screen is shown and I can logon successfully. But then, the system says 'No Bootable Device Found' and I have to manually select the first harddisk to boot from. Windows then boots just fine and both disks are shown in Windows and are accessible. When looking at the Drive Encryptin status, it shows 'An Error Has Occured'.
Issue 2: when installing a clean system with only one SSID, all works fine. The disk is shown as PhysicalDisk0 Encrypted. All works as expected. When I reboot the system, the error message says: [0xEE7F0002]] Failed to open session with PIN.
Issue 3: whenever booting with the WinPE DETechOpal recovery CD and starting DETechOpal, the error mesage: DETech Version: 7.1 / McAfee Drive Encryption Version: 86.118 / Version Mismatch is shown (see screenshot). The standalone DETechOpal works just fine. This is also the case when there's just one disk in the system.
Any clues on these three issues?
Here are a few thoughts:
1. First screenshot. Enter the DETECH. Add the code of the day and then your xml machine recovery xml file from the ePO server. If you get an error using the machine recovery key, you don't have the correct xml file. Don't fret yet, enter a valid user and password. Click disk info button and copy down disk key check info and provide that to the ePO server via:
enter the disk key check and generate the correct xml recovery file.
2. I have noticed the infamous disk mismatch message as of 7.2. You will see this when the drive doesnt match your detech or I have found in the lab it isnt always an obstacle. Provide code of the day, your machine recovery key OR username and password. Browse to the actual disk volume and look for your data. If you see it, copy it off before you think of decrypting it!
my two cents.
Thanks for you reply.
To be able to obtain the keycheck value, I need the 'disk information' from the DETech tool. When clicking this button, the message is 'Failed To Connect' (screenshot ending with 133122), so that won't work too. I have tried all combinations: token authentication fails, xml authentication fails, cannot obtain disk information, etc.
I don't mind the mismatch issue, as long as I can use the functions, but in my case, I'm unable to use the functions of DETech, although the standalone version works just fine. I do have all the same versions: 126.96.36.1994 for DETech WinPE, DETech standalone and installed software on the system.