I'm fairly new to this product so sorry if this question might sound amateur.
This is the overview of the situation I'm currently in.
- We have purchased 30 HP Elitebook 755 G2 laptops. When we first got them encrypted, we were able to restart the laptops once and they would run fine, however upon a second restart the laptops will not boot past the BIOS. You can see the screen flicker with the Mcafee Encryption 7.X.X loading screen, but you are never presented with a login.
- After a while we figured that the TPM drivers must be the cause of the issue, we removed the drivers off the PC and they appeared to fix the issue. Everything was working fine for a few weeks until the same issue occurred again. These laptops have Windows Updates turned off to stop the drivers from being put back on.
- After a collection 3 and a bit hours on the phone to McAfee support I still haven't managed to get the DETech stuff from booting. I am presented with 3 options which are:
1) Start DETech
2) Set BootDisk
3) Set Configuration
Whenever I select Start DETech, it never proceeds any further. I got the McAfee technician to send me the correct version of the DETech I need for our version but this still doesn't seem to work. I have tried this on USB, CD, and Floppy and they've produced identical results. I'm starting to think that clearly I'm doing something wrong, but I am only following the guide which McAfee gave me, and this still doesn't seem to work either...
I'm stuck between a rock and a hard place now because if I can't get to the emergency boot option then I can't replicate the same issues to product the log files which they asked for. I'm getting to the stage now where I may have to remove the Encryption completely and try something like HP Drive Encryption or an alternative because I only have a few days left before these laptops need to be used, and McAfee won't inform me if these laptops or incompatible with the product or not.
So if anyone could possibly help me out with this, I'd really appreciate it!
I too am experiencing this problem. Mine is with MDE 7.1.1 and a Dell Latitude 14 (7404 Rugged Laptop). It has Windows 7 SP1 and a Samsung PM851 SSD drive. I'm using PC Software as the encryption since the PM851 isn't supported for OPAL encryption in MDE. I get it fully encrypted (even tested partial encryption with a reboot in the middle and it does the same). I won't boot into Windows. It does the typical boot text messages and then never boots. I try the DETech Standalone (via a CD and a USB drive) and it never gets anywhere. Stops at a blank, black screen. There are options that can be selected by hitting ESC but I can't find any documentation anywhere to say what those options could be. I can boot into the PE environment and use that DETech tool to unlock the drive or Remove MDE but I'm back to square one again. I tested out 7.1.3 with the laptop talking to my DEV server. I set it to only encrypt the C: partition and only activate once DEGo showed it healthy. I felt that the answer was the partition option (use Encrypt Boot Partition normally). It has no OEM or utility partition according to Windows Disk Manager. So, that shouldn't be it. I started out telling it to no use AutoBoot and logged in that way and it booted fine. So then I removed the Pre-boot option and it continued fine. But back in production following the same setup except for the healthy check and the pre-boot setting and switch. Now I'm back to decrypting and trying again. I'll try the exact same thing but I'll have to do change control to add 7.1.3 if that's the case and possibly use the Evaluation branch for the client software so that our production working systems don't get 7.1.3 until it's approved (since the damn thing requires a reboot to update the software).
We found that with devices that no longer boot past the Text Screen, you cannot boot any further with the standalone software running from (USB, CD, and Floppy). We did figure out that flashing the BIOS sometimes enables you to login once to the Standalone software so you may want to try that. We also found that if you hard shut down (Holding the power button down) rather than using the Shut Down feature in Windows, and then this also causes the PC to stop booting correctly from the moment the PC is turned off. This could also explain why some PCs that ran out of battery but weren't touched stop working.
7.1.3 has a list of a number of HP Elitebooks that has issues almost identical to mine, so I imagine that our ones are suffering from the same issue (Not that McAfee would admit to that). I'm not totally sure what Dell Laptops were on that list so it's worth checking the release notes for that 7.1.3 patch.
If you're going to be updating to 7.1.3 please keep me updated on your results, I don't think we will be updating anytime soon unfortunately so it would be great to hear that it's fixed your issue.
OK, here's what finally worked.
Installed 7.1.1 DEGo, MDE Agent & SW all at once.
Used the setting to only encrypt the C: partition (there were none others shown but just to be sure).
Had the setting to "Only Activate if health check passes" enabled
Had the PC Software provider as the first and OPAL as the second
Changed the normal default (for us) from AutoBoot to force it to use the Pre-boot authentication
Set to "Never" for the TPM setting
The only boot option was "Always enable pre-boot USB support"
Selected the "Use windows system drive as boot disk and Enable Pre-Boot Smart Check"
The BIOS item you mentioned was not relevant since all boot ups, shutdowns, etc. were all done normally and without any issue. The BIOS was up to date and set to AHCI.
So, with this scenario it installed all three and after the last one it asked for the reboot.
I logged into Windows and proceeded to force communication until things started.
It looked and saw that it hadn't done a "pre-boot health check" so it told me that it would be shutting down/rebooting in two minutes.
I clicked OK and then did the reboot myself. I then logged back in and continued to accelerate the activation (Send events, check policies, etc.).
Once it had created the PBFS, synced the local domain user profiles and sent the key up, it started to encrypt.
I let it go till it was about 4% done and then did a reboot.
It was now at the stage where pre-boot authentication was ready.
I enter my credentials and it proceeded to boot. I logged into Windows and let it continue to encrypt.
At about 50% I did another reboot test and it still worked. I was finally making progress.
So, since I didn't want to do a full decrypt if it failed after the next step, I switched to the Autoboot feature which is our default.
I applied the policy and did a reboot. Autoboot worked as expected and I logged back in.
I let it finish encrypting and once done I did both a reboot and a shutdown to make sure both scenarios would work as expected.
Not sure what caused it to work but that method got me past my booting issue. However, the standalone emergency boot disk still does not work. The PE one does though.