Recently I had few cases where the PBFS was corrupted like:
Fatal error [ee02000a] Chain sector invalid (during preboot)
There was another error before the pre-boot which I do not remember by heart at the moment but again is related to the same problem with corrupted PBFS.
So whenever we have this issue we generally have two options:
1) Decrypt the disk and then save the so desired company data (which generally is pictures of the dog ( these are quite important! I have a dog as well! ))
2) Use EETECH (standalone) to boot the system and then sync the framework package with ePO.
However, the problem is that EETECH (standalone) is not easy to build and it is dependable on the USB stick that you use. I had a case in the past when the USB stick just did not work.
As well, what we have is PXE boot image with eetech which we use to boot the system over the network and decrypt. Let's just say that our onsite support does not have write access to USB, CD or any media.
So the question is, have anyone figured out how to perform emergency boot from the standard eetech winpe disk or it necessarily needs to be a standalone media?
Thank you for you help!
Sharing is caring
The only method to perform an emergency boot at this time is to use the DETech Standalone disk.
To answer the question regarding the 21st century, the error you are seeing is a result of using technology that is based on the MBR / BIOS boot process which was developed in the early 70s. This is being replaced by UEFI which was developed by Intel in the late 90s and provided to the Unified EFI Forum in 2005 for development by the alliance members. McAfee Drive Encryption has supported UEFI since version 7.0.0 and both of the specific issues, the sector chain failure and the boot disk not being detected as bootable, are not issues with UEFI. This is because the UEFI boot process does not use a sector chain but rather the preboot environment is run as a UEFI application vs a 16bit Real Time Operating System. The UEFI DETech standalone is also a UEFI application in the form of an efi file that is placed on the USB disk vs the BIOS version of DETech Standalone being a 16bit RTOS that must be imaged in a way to allow the disk be to bootable. Because issues with the disk, the BIOS may not see the USB drive as bootable. While there are issues from time to time where the UEFI doesn't properly boot to the efi application, this problem is generally not unique to McAfee but rather a problem with the UEFI itself or SecureBoot being enabled.
The BIOS version of DETech was originally designed to be placed on a Floppy disk. This method has the highest success rate and a USB floppy can be used for systems that do not have an internal floppy drive. The CD version has a slightly lower success rate but still very high using an ISO that can be obtained from Technical Support. The USB version has a lower success rate due to the design of some disks and how the BIOS interacts with the USB drives. I have found that using a generic an 8GB or smaller disk that has been formatted via command line using the command in the DETech user guide has the highest level of success.
Note: Use the EZPE to produce the tools for data recovery. Supply the Code of the Day and the Machine Key. Use the A56 or A43 and copy the data off BEFORE you click on ANY decryption method\option.
Ah, right. Thank you for the hint. I am aware of this option, however, the problem is that we have additional file encryption which is using MS EFS and apparently those files cannot be copied. I tried robocopy, a43, standalone portable explorer, windows commander and they all failed with "Access Denied" error.
That is why I was looking for a way and especially for those errors related to PBFS so I can boot from other media to windows (using xml of course) and then backup or even re-deploy the McAfee encryption package.
Eeks...Was that my outside voice, lol. I found some of these articles that might help you, no promises. Looks like your not alone.