3 Replies Latest reply on Feb 19, 2009 2:22 PM by SafeBoot

    Corrupted safeboot and MBR

      Hi Safeboot

      History:
      I had to decrypt my Win XP laptop that was encrypted with safeboot 4.2 after a system registry crash due to a power outage.

      I decrypted succesfully using the SafeTech floppy disk. I fixed the registry database error and everything seemed fine.

      Unfortunately I had overlooked in the manual that I had to do the sbsetup -Uninstall before connecting to my corperate intranet again. Consequently the safeboot logon screen was present after next reboot.

      Using my normal username and password on the safeboot screen did not allow me to boot Windows.

      At that point I could not believe that another encryption of my two partitions had already been completed (due to the 6 hours it took to decrypt) so I assumed the files would be accesible through the BartPE disk A43 file browser. Therefore I used first the SafeTech tool "Restore Original MBR" to get rid of the Safe Boot logon screen. This step merely resulted in the message "unable to load operating system" at next boot attempt.

      :eek:
      Now i became incresingly desperate and used the Windows repair console and typed "fixmbr" to get a fresh mbr. Still I got "unable to load operating system" at next boot attempt.

      What now???
      Clearly it was stupid of me to replace the mbr before I had checked the access to my files on the c: and d: partition.
      Is there any possible way to recover my operating system on c: and all of my extremely important files on d:?

      Hoping all the best... wink
        • 1. RE: Corrupted safeboot and MBR
          The login screen will appear as soon as encryption starts - it may not have finished though.

          toasting the MBR was the worst thing you could do - now finding out how much encryption has gone on is really difficult. If the MBR was still there we could simply have done a SBFS remove (even while encryption was part way through). Now it's very difficult indeed.

          You'll need to use SBFS.exe to find the EPTs (encryption progress tables), then work out where encryption got to. Then you'll need to check the in-progress block to see if it's been written or not.

          Once you know how far encryption got, you can then manually decrypt that sector range with SafeTech.

          If encryption had only just started, the likelyhood is that it's not got to D: yet so you may be able to boot of a WinPE/BartPE CD and get the files off the D: Drive pretty easily.

          decrypting C: is entirely possible though (as long as you have the new install entry in the SafeBoot Management Center), but it could take some time, and if none of the above makes any sense, could cost you some professional services.

          next time (you know what I'm going to say..) DON'T TINKER! wink
          • 2. RE: Corrupted safeboot and MBR
            Hi again

            Yep I know exactly what you are thinking... :rolleyes:

            However when I use "Authenticate From SBFS" in SafeTech I get: "SafeBoot Error code 0xe0050001 - Description: SafeBoot Client not Activated"

            I guess I need professional help here. Can you please provide me contact details for whom to contact in Denmark regarding this?
            • 3. RE: Corrupted safeboot and MBR
              you toasted the MBR, so you're not going to be able to do a standard removal now. SBFS.exe though will search the disk for the EPT's which is what we need to work out what's encrypted and what isn't.

              Best route forward is to contact whoever sold the product to you, or log a ticket in the McAfee support system.