Our company recently got new Dell E5470 laptops with specs:
- SK Hynix SC308 SATA SCSI Disk Device (no firmware updates available)
- BIOS 1.8.3 (Latest as of 9/20/16)
- BIOS set to AHCI
- McAfee Agent 126.96.36.1993
- McAfee Drive Encryption 7.1.3
The below occurs:
1) McAfee Drive Encryption is deployed successfully with reboot prompt
2) Reboot occurs, and Windows boots and logs in successfully
3) A 2nd reboot occurs after retrieval of local users, and PBFS is created
4) Reboot into McAfee MDE authentication, and authentication is successful
5) Subsequent reboots result in direct boot into Windows (no McAfee MDE authentication occurs), and Drive Encryption System State (within Windows) displays as "Inactive"
The policy is being changed for the system in some way. You will need to identify why ePO is giving the system the incorrect policy.
Check for duplicate machines: From the ePO system tree, while at "My Organization", select the preset for "This group and all subgroups" and perform a quick find for the system name.
Check the explicit policy assignment for the system: Select the system and click Actions | Directory Management | View Assigned Policies.
Check that the last communication time shown in ePO matches that of the client system.
Verify that the solution found in KB52949 has been applied.
If using tagging and a PAR to apply the policy, verify the system is tagged.
If using system tree based policy assignment, verify the system didn't move to a different location in the system tree.