cancel
Showing results for 
Search instead for 
Did you mean: 

EEPC v6.0.1: Endpoint Encryption is Inactive

I am currently having challenges encrypting systems.

I have followed the user guide throughly  and I have also used the unofficial guide on this community and nothing seems to be working.

Funny enough, when i started out this project, we had actually encrypted with EEPC 6.0 but we had issues where systems were crashing. the project was halted and we were able to manually recover the systems with the help of folks here.

So we are resuming the project ( we never get tired of trying out encryption, lol) and we are operating with the EEPCv6Patch1....however, it just shows the system state has inactive.

EEPC is integrated on a VM (Virtual ePO). We later migrated to a physical box and the issue persist!!!!!    please who has got any ideas????

A disturbing fact, however, is that a Mcafee Support Engineer claims encryption would not start without enabling preboot authentication.

I have encrypted with eepc6.0, without preboot authentication and it encrypted.....so I really do not believe that encryption would not work without preboot authentication.

20 Replies

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

There are many reasons that EEPC v6 can show inactive. Many possible situations were covered in recent posts. Please review installation walk through as it had been well documented by Dan Larson:

http://community.mcafee.com/blogs/danlarson/2009/11/30/unofficial-quickstart-guide-for-mcafee-eepc-v...

What is your client OS?

Message was edited by: peter_eepc on 5/4/10 9:35:26 AM EDT
Highlighted

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

Thanks EEPC. I have gone through the unofficial guide and it is still not active.


the client OS  varies from Windows XP to Windows Vista and Windows7. I had encrypted earlier with the eepc v6 without the patch, but not i cannot with the 6.0.1.


i have also tried 6.0 again but it just shows that the encryption state is inactive

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

Did you enable EE Plugin log, and checked that log?

Is proper domain user assigned to your system?

Is that user with admin rights logged in to PC?

EE policy enforced?

Windows XP or 7 (without recovery partition)?

EE policy with encryption enabled on all disks?

EE policy changed recently and ASCI performed?

Windows Server registered and LDAP authenticated with "domain\admin" account?

....just to name a few.

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

Based on your questions, here are the steps/precautions we took:


Did you enable EE Plugin log, and checked that log?    I enabled the log, from registry and set the logging level to 4.

Is proper domain user assigned to your system?           Yes, domain user(active) where assigned to the systems. I tested both at the system level and at the group level.

Is that user with admin rights logged in to PC?               Yes a user with admin right is logged into the machine

EE policy enforced?                                                      I cannot tell if the policy enforces as I have not seen any change. Though agent log displays: enforcing policy

Windows XP or 7 (without recovery partition)?                 Both. Test deployment cover both operating systems

EE policy with encryption enabled on all disks?              Yes, all disk  was enabled

EE policy changed recently and ASCI performed?           Dont understand the question

Windows Server registered and LDAP authenticated with "domain\admin" account?   Yes a domain admin account was used to register the ldap, and subsequent integration



However, can you please clarify this: Do I necessary have to enable pre-boot authentication before encryption can take place?

SafeBoot
Level 21
Report Inappropriate Content
Message 6 of 21

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

encryption will take place regardless of the status of autoboot mode.

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

Thank you SafeBoot. I have always known that, but I had to re-confirm this because a McAfee support engineer told us that encryption would not work without preboot authenication.


I am quite that you have been helpful in the past as regards EEPC failing on systems, when we initially deployed 6.0 and preboot was not enabled.


Now, what baffles me is that going through the same process again, I cannot seem to be able to encrypt the systems anymore............ I dont know if there is an update with the EEPC patch1 preventing encryption.


However this issues is rampant and I suggest mcafee should recall/investigate the eepc patch1.


Thanks

SafeBoot
Level 21
Report Inappropriate Content
Message 8 of 21

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

The problem is, that EEPC patch one seems to work for most customers, certainly it works for more people than the previous version.

I suggest you grab a full logfile from your client and open a support ticket (or post it here for inspection). Most of the time with clients which would not activate, it's because of EPO data channel problems (network issues, or you have an epo4.0 server listed in the connection strategy, or incompatible situations (like the client is detecting another crypto product and is aborting because of it).

Message was edited by: SafeBoot (typo) on 5/4/10 1:06:09 PM EDT

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

OK. I would get a log file and post it here. However i currently do not have access to a client machine now.


I hope tomorrow would not be too late.


In  the mean time, can you just give me a brief or guide on troubleshooting EEPC v6. This product is interesting but its features seem limited.


No appropriate logs

SafeBoot
Level 21
Report Inappropriate Content
Message 10 of 21

Re: EEPC v6.0.1: Endpoint Encryption is Inactive

what features were you looking for?

You need to turn the logging on, then the log is a mile long - there's a tool (EEPC Log Viewer) available to help make sense of it (retabluating it in a nice way etc).