cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tharion_aaronh
Level 7
Report Inappropriate Content
Message 1 of 7
‎07-15-2014 04:27 AM

Uninstalling Drive Encryption Issue

Jump to solution

One of our machines has recently had a problem with Drive Encryption installed on it when booting it comes up with an error reading the password file and to get into the machine it requires an administrator recovery.

This was the log our ePo received from the machine;

     [0xEE050014] [0xEE050014] Could not read \users\inprogress.pb from the PBFS: expected identifier UIXP but found

Now I googled and read a few articles stating the best way to recover a machine with Drive Encryption issues, is to inactivate the policy on just that machine wait for the disks to decrypt uninstall Drive Encryption and then reinstall and reenable the policy.

However I have failed at the first hurdle, I have setup the policy on the ePo server for just the corrupt machine to inactive drive encryption under the product settings, pushed the new policy out to the machine.

The disks and status in the Drive Encryption still show as Encrypted and Active, I have left it over the weekend to make sure it wasn't decrypting, but still the same result, I have also then tried removing the encryption users from the machine but still the same result.

Does anyone have any suggestions on what to try to recover? I don't really want to have to copy the data off and format the drives from scratch.

Thanks for your time


Aaron

0 Kudos
Reply
1 Solution

Accepted Solutions
dwebb
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7
‎07-15-2014 09:25 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Hi, it looks like you've upgraded this client from a previous version. 

What version was it on prior to the upgrade?

WRT building a DETech disk, please see P53 of the DETech guide for 7.1 https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24871/en_US/...

Best option is to use a floppy disk....failing that, USB may work on some BIOS (and not on others due to BIOS irregularities), or CD.  The basic process requires that you use the "bootdisk.exe" in conjunction with the DETech image file EETech.RTB to burn the image to the boot device.

Once you've booted from the boot device, you can emergency boot the system which will rebuild the PBFS from scratch.

HTH

View solution in original post

Reply
6 Replies
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7
‎07-15-2014 06:12 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

You don't say what version of DE, so it's hard to be exact, but you really have three choices

1. You can look at the logs on the client side and try to work out why it's not picking up the policy

2. You can use DETech/EETech etc and decrypt the drive, then start again

3. You can use DETech/EETech standalone and e-boot the machine so it rebuilds the PBFS

0 Kudos
Reply
tharion_aaronh
Level 7
Report Inappropriate Content
Message 3 of 7
‎07-15-2014 08:11 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Thanks SafeBoot, the version of DE is 7.1.0.389.

I am not sure which of the above would be easiest, but I am having problems getting DETech burned onto a disk so I guess for the moment at least its going to have to be take a crack at option 1.

I have pasted in the last section from the log, apart from the PBFS being corrupt I can't see anything obvious, would the PBFS issue stop the DE Agent from picking up the policy and decrypting the disks?

2014-07-15 12:45:26,398 INFO    UserLib                              Loading user index

2014-07-15 12:45:26,398 WARNING MfeEpeEsEncryptionInformationService ..\..\..\Src\EpeGenInfoHandler.cpp: EPE_gen_info_handler::handle_get_user_info_query: 474: [0xEE050014] Could not read \users\inprogress.pb from the PBFS: expected identifier UIXP but found <?xm

2014-07-15 12:45:26,414 INFO    EpoPlugin                            epoAudit: dispatching audits to AgentHandler

2014-07-15 12:45:26,414 ERROR   EpoPlugin                            collectProperties: failed to handle property collection: [0xEE050014] [0xEE050014] Could not read \users\inprogress.pb from the PBFS: expected identifier UIXP but found <?xm

2014-07-15 12:45:28,254 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1404999285).

2014-07-15 12:45:28,707 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users (i.e. non-default UBP users) before enforcing policy.

2014-07-15 12:45:29,081 INFO    EpoPlugin                            enforceUserPolicy: User (tharion\aaronh) added to policy store.

2014-07-15 12:45:29,097 INFO    StatusService                        Policy enforcement has started

2014-07-15 12:45:29,097 INFO    EpoState                             == Start of policy enforcement ==

2014-07-15 12:45:29,097 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

2014-07-15 12:45:29,097 INFO    EpoPlugin                            policyHandler: handling EnforcePolicy event

2014-07-15 12:45:29,159 INFO    EpoPlugin                            policyHandler: checking for machine ID/ePO server change.

2014-07-15 12:45:29,175 INFO    EpoPlugin                            themeHandler: theme ID change detected (old: 1, new: 15E092C3-184A-4625-B3D6-CE75B1783D3D).

2014-07-15 12:45:29,175 WARNING EpoPlugin                            themeHandler: no theme package found.

2014-07-15 12:45:29,175 ERROR   EpoPlugin                            themeHandler: failed to unzip new theme file.

2014-07-15 12:45:29,175 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers event

2014-07-15 12:45:29,190 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers response

2014-07-15 12:45:29,222 INFO    EpoPlugin                            userHandler: processing user updates/requests

2014-07-15 12:45:29,237 INFO    UserLib                              Loading user index

2014-07-15 12:45:29,237 WARNING MfeEpePcEncryptionProviderPlugin     ..\..\..\Src\EpeGenUserHandler.cpp: EPE_gen_user_handler::get_updated_users: 530: [0xEE050014] Could not read \users\inprogress.pb from the PBFS: expected identifier UIXP but found <?xm

2014-07-15 12:45:29,253 INFO    EpoPlugin                            epoAudit: dispatching audits to AgentHandler

2014-07-15 12:45:29,268 ERROR   EpoPlugin                            userHandler: failed to perform user updates: [0xEE010002] [0xEE050014] Could not read \users\inprogress.pb from the PBFS: expected identifier UIXP but found <?xm

2014-07-15 12:45:29,268 ERROR   StatusService                        Failed to process a batch of user data received

2014-07-15 12:45:29,268 INFO    EpoState                             == End of policy enforcement ==

2014-07-15 12:45:29,268 INFO    StatusService                        Policy enforcement has completed

0 Kudos
Reply
dwebb
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7
‎07-15-2014 09:25 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Hi, it looks like you've upgraded this client from a previous version. 

What version was it on prior to the upgrade?

WRT building a DETech disk, please see P53 of the DETech guide for 7.1 https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24871/en_US/...

Best option is to use a floppy disk....failing that, USB may work on some BIOS (and not on others due to BIOS irregularities), or CD.  The basic process requires that you use the "bootdisk.exe" in conjunction with the DETech image file EETech.RTB to burn the image to the boot device.

Once you've booted from the boot device, you can emergency boot the system which will rebuild the PBFS from scratch.

HTH

View solution in original post

Reply
pjw2012
Level 10
Report Inappropriate Content
Message 5 of 7
‎09-15-2014 09:26 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Hi Aaron

I have exactly the same issue. Did you overcome this in the end?

Pete

0 Kudos
Reply
tharion_aaronh
Level 7
Report Inappropriate Content
Message 6 of 7
‎09-17-2014 03:32 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Pete,

No unfortunately I ended up wrecking the machine completely. I booted using the DETech disk as dwebb advised using the Emergency Boot option and it booted into the OS fine, the status changed from active to recovery. I then waited for it to for the policies to be reapplied from the ePolicy server and the status then changed back to active, rebooted and the original issue occurred again.

So next time through the options in DETech I told it to restore the MBR back to the default McAfee Disk Encryption MBR and now it won't Emergency Boot or Boot with Challenge Response code from Server it comes up with a message stating the EEPC boot sector is corrupt.

Is taking so much of my time to try and rebuild I have given up and am just reformatting the machine and reinstalling the OS from scratch and will then re-add Disk Encryption back on once the machine is up and running though it does mean I have lost all data on the machine, luckily there wasn't much on it anyway.


Aaron

0 Kudos
Reply
SafeBoot
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 7
‎09-17-2014 06:13 AM

Re: Uninstalling Drive Encryption Issue

Jump to solution

Yes, removing the MBR from the machine means you loose any data re the encryption status, the pre-boot etc.

the data is STILL RECOVERABLE though, you just need to use the force decrypt options. 

I'll mark this question as answered.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC