Hi. I am struggling to find confidence in the EEPC deployment. It seems to bomb a lot of the time. I need help to diagnose why or I will never be able to get this deployed without upsetting many people. I want to get this working.
Thus far my process has been to build a few fresh images, let them settle down and then encrypt. it seems that anywhere from 25-50% of the time the restart after the drive encryption has happened I get "EEPC has been corrupted."
I am deploying GO first, and my EEPC is dependant on a successful GO evaluation.
My last test depoyment consisted of a pair of Dell Latitude E6400s. One went perfectly. One is kaput. Here is what I get when I boot up the failed one.
When I boot into a WinPE environment to try to wake the dead I am able to authenticate and pass it a daily code. Here is what I see for DiskInfo:
and when I try to decrypt
Any help/ideas? What can cause this situation?
Thanks in advance
At a guess it's the option ROM you have installed.....in the screenshot you can see Intel Matrix Storage Manage option ROM.
Try switching this off in the BIOS.
The alternative is that you have a disk defragmentation software installled which is moving our (locked and) protected sectors which should not be moved.
As per the release notes:
Dynamic and RAID disks in Windows
Endpoint Encryption works at sector level, consequently it does not support software-based dynamic disks and software based
Hardware RAID — Endpoint Encryption is untested in this mode, but may work properly in a situation where pure
Hardware RAID has been implemented. However, Endpoint Encryption can't support diagnostic or disaster recovery in this
Intel® Matrix Storage Manager option ROM
Thanks for your reply. I was all set to believe that this could be the culprit as it sounded plausable.. so I took these two machines and changed the SATA mode from IRRT to AHCI, applied the latest BIOS and reimaged them.
After they encrypted and restarted I got the same result. The same unit that failed before failed again. The one that worked before worked again.
Could this failure be tied to specific systems? Properties of the hard drive?
As I wipe and reload this machine again (and expect it to fail) should I look for something before it reboots?
FWIW, through WinPE/EETECH I am able to access the encrypted disk enough to look through logs. MfeEpe.txt does not show anything unusual to me but I attached it anyway. Are there any other logs that might be useful?
I do appreciate your time.
Also, I wanted to suggest that there is no defrag software installed beyond what ships with windows. Here is an fairly exhaustive list of what is installed:
Windows 7 x64 Enterprise
Cisco Anyconnect client
Desktop Central management Agent
Mandiant MIR Agent
Oracle client x86
Quest Privilege Authority agent
Java JRE x86
SilentFax print driver
and some misc print drivers
I have 2 Dell Latitude E6400 and they usually have troubles with encryption.
On these laptops you should wait till EEPC finish ecryption completely. Only after that you can restart laptop otherwise you can get many problems.
Thanks. I always do. It doesn't seem to prevent this type of problem though.
I reimaged them again last night and a weird thing happened. Even though they had new system names, a new image with a new guid, etc... when EPO found them it automatically assigned them the tag that I am using as a trigger for encryption. As a result when I arrived this morning they were already encrypted.
They both encrypted fine this time. Will be repeating this process until I discover why it breaks or I become more confident in the product.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center