3 Replies Latest reply on Feb 8, 2011 6:57 AM by nyeshoda

    McAfee Encrypted USB - Invalid Workstation State


      We are in the process of demo'ing a McAfee Encrypted USB device--specifically a McAfee Encrypted USB Standard version 2, 1GB (USB-ST02-1GBPF).  I have installed the "Encrypted USB 1.3" (v1.3.0.6) extension in the ePO and have the following packages in Master Repository:  "Encrypted USB Administrator" (v1.3.0 mv6); "Encrypted USB Client" (v1.3.0 mv6); "Encrypted USB FW Package GenI" (v4.21.0); "Encrypted USB FW Package GenII" (v1.4.0); "Encrypted USB SW Package SanDisk" (v2.7.10.45 mv1); "Encrypted USB SW Package Standard Driverless" (v3.2.0 mv1); and "Encrypted USB SW Package Standard v2" (v3.2.0 mv1).  I also have configured two policy groups--one for Admin and another for Client.


      I am able to initialize the device on a computer with Admin & Client but whenever I try to personalize it on a PC with just the Client, I encounter the following error:


      McAfee Encrypted USB -- Encrypted USB Client

      McAfee Encrypted USB--Managed

      Encrypted USB Client

      Invalid Workstation State

      This device has not yet been personalized.  Personalization must be performed on an ePO managed workstation.

      Contact your administrator for more information.

      [Exit] [Help]


      This error is encountered on an ePO managed client and I've confirmed that the policy is applied.  If I do an "About", I can also see the McAfee Encrypted USB Client v1.3.0.0 on the client.  I've tried recycling the device (several times) to no avail.  It does function properly if I initialize the device on an admin computer with the client installed--but I can only personalize it for myself.  I just haven't figured out how to personalize it for a user on their client.   Has anyone seen this error before and can anyone offer any suggestions on a solution?  In this case, the client is a Windows XP/SP3 Professional desktop machine.  If more information is necessary, please let me know.  Thanks!

        • 1. Re: McAfee Encrypted USB - Invalid Workstation State

          Both Initialization and persoanlization happens on a single machine. You cant initialize in one machine and personalize in other.


          So when ever you want to manage the device through ePO then, select a client system deploy both intialization and authentication policy for the perticular device onto the client system.


          Insert the device onto the client system where the both intialization and authentication policy are applied. Complete both initialization and personalization process on the same machine.


          If you want to manage a standalone device from ePO then the follwoing steps needs to be performed.


          1. Insert the standalone device.

          2. Go to system tary menu option of Encrypted USB and select the option "Manage Device".

          3. Select the option "Recycle" and recycle the device.

          4. Remove the device.

          5. Install Encrypted USB client 1.3 onto the client machine.

          6. Go to ePO and create Initialization and Authentication policy for the device recycled above.

          7. Apply the policy to the client system.

          8. Go to the client system and insert the recycled device.

          9. Complete the initialization and personalization process succesfully on the same machine.

          10. Login into the device.

          11. Send the events to ePO and check the device entry in ePO under Encrypted US Devices Tab.

          • 2. Re: McAfee Encrypted USB - Invalid Workstation State

            >> Both Initialization and persoanlization happens on a single machine. You cant initialize in one machine and personalize in other.


            Wow!  That's not what we've been told by our sales folk to-date--but that has been my experience to-date.  That's going to make these devices a management nightmare.  If I understand you correctly, the user who will be taking possession of the device must be logged onto the admin workstation and then he or she must initialize and personalize the device--at that same time and on the same computer.  There is no way to initialize a stack of them and hand them out to the user base.  Ouch!

            • 3. Re: McAfee Encrypted USB - Invalid Workstation State

              User who is logged into the client system will be used as the user for the device during the management process, When the Encrypted USB is managed from ePO it will be assigned like one user for one device.

              Actually Initialization+Personalization is one complete process. This can be called as device managing process Once this is completed then you can change the policy and get the device updated.