9 Replies Latest reply on Jul 28, 2011 4:28 AM by derwick

    Some PC missing in Safeboot Encryption Manager

      Hi all,

       

      Really appreciate some help on this.

       

      Recently, i've discovered that some PCs are missing in the Encryption Manager. These PCs are usually freshly installed with safeboot (some autoboot, some preboot).

       

      From the sbclientlog, i can see these PC has been created in EEM: 

       

      2011/07/25 13:28:30        Starting Endpoint Encryption for PC Client Manager (v5.2.4)

      2011/07/25 13:28:30        Starting synchronization

      2011/07/25 13:28:30        Connecting to database: "fde-master"

      2011/07/25 13:28:30        Address= xxxxx

      2011/07/25 13:28:30        Port=5555

      2011/07/25 13:28:30        Authenticate=Yes

      2011/07/25 13:28:34        Starting boot protection installation

      2011/07/25 13:29:11        Machine name = XYZPC

      2011/07/25 13:29:17        Machine is already in the database

      2011/07/25 13:29:20        Machine ID=00004341

      2011/07/25 13:30:48        Checking for user updates

      2011/07/25 13:31:00        Adding user (ID=00000006) $autoboot$

      2011/07/25 13:31:17        Checking for token data updates

      2011/07/25 13:31:18        Checking for SSO updates

      2011/07/25 13:31:18        Checking for Local Recovery updates

       

      But when i serach for XYZPC in EEM, the result is empty. Therefore i cannot add user to the allow user to login Preboot!!!!

       

      I have also try to use the movemachine command, it gives me an error:

       

      Command = MoveMachine

      ResultCode = 0xdb020000

      ResultDescription = Attribute not found

       

      Have also trie to reinstall (did not decrypt HDD, just simply install .exe again)

       

      I am runnign out of ideas.

       

      Please HELP!!!!!

       

        • 1. Re: Some PC missing in Safeboot Encryption Manager

          did you try doing a group scan to see if the machines are simply orphans?

           

          Are the machines still syncronizing now? No errors in the logs? If so then they MUST exist in the database - get the machine ID off the pre-boot recovery screen and search for that in EEM instead of the name

          • 2. Re: Some PC missing in Safeboot Encryption Manager

            i have already done that too....i do not see the PC is the orphaned group either...

             

            search by object ID, also return empty result...

             

            i think they should be in database too, because when i do sync from the client, no error in the log at all.

             

            here is one sample of the log:

             

            07/2011 8:47:29 AM Starting Endpoint Encryption for PC Client Manager (v5.2.5)
            26/07/2011 8:47:31 AM Starting remote access server on port 5556
            26/07/2011 8:47:31 AM Delaying initial sync for 39 minutes
            26/07/2011 8:47:31 AM Applying cryption changes
            26/07/2011 9:27:29 AM Starting synchronization
            26/07/2011 9:27:29 AM SbFs total space = 20879360 bytes (19.91 MB)
            26/07/2011 9:27:29 AM SbFs free space = 18307072 bytes (17.46 MB)
            26/07/2011 9:27:29 AM Connecting to database: "fde-master"
            26/07/2011 9:27:29 AM Address=fde-master
            26/07/2011 9:27:29 AM Port=5555
            26/07/2011 9:27:29 AM Authenticate=Yes
            26/07/2011 9:27:33 AM Checking pre-boot file system for errors
            26/07/2011 9:27:33 AM Volume Serial Number is 84BE-2329

            26/07/2011 9:27:33 AM Windows is verifying files and folders...

            26/07/2011 9:27:34 AM File and folder verification is complete.

            26/07/2011 9:27:34 AM Windows has checked the file system and found no problems.

            26/07/2011 9:27:34 AM
            26/07/2011 9:27:34 AM    20,879,360 bytes total disk space.

            26/07/2011 9:27:34 AM        75,776 bytes in 37 folders.

            26/07/2011 9:27:34 AM     2,496,512 bytes in 82 files.

            26/07/2011 9:27:34 AM    18,307,072 bytes available on disk.

            26/07/2011 9:27:34 AM
            26/07/2011 9:27:34 AM         2,048 bytes in each allocation unit.

            26/07/2011 9:27:34 AM        10,195 total allocation units on disk.

            26/07/2011 9:27:34 AM         8,939 allocation units available on disk.

            26/07/2011 9:27:34 AM Checking for machine configuration updates
            26/07/2011 9:27:43 AM Checking for user updates
            26/07/2011 9:27:47 AM Checking for token data updates
            26/07/2011 9:27:47 AM Checking for SSO updates
            26/07/2011 9:27:48 AM Checking for Local Recovery updates
            26/07/2011 9:27:48 AM Checking for hashes updates
            26/07/2011 9:27:48 AM Transferring local audit information to database
            26/07/2011 9:27:51 AM Checking for file updates
            26/07/2011 9:28:11 AM Downloading update for file "0809.STR"
            26/07/2011 9:28:20 AM Downloading update for file "0809_E.MAP"
            26/07/2011 9:28:29 AM Downloading update for file "0809_OSK.XML"
            26/07/2011 9:28:39 AM Downloading update for file "20409_E.MAP"
            26/07/2011 9:28:48 AM Downloading update for file "20409_OSK.XML"
            26/07/2011 9:28:57 AM Downloading update for file "11009_E.MAP"
            26/07/2011 9:29:07 AM Downloading update for file "11009_OSK.XML"
            26/07/2011 9:29:16 AM Downloading update for file "0452_OSK.XML"
            26/07/2011 9:29:25 AM Downloading update for file "0452_E.MAP"
            26/07/2011 9:29:34 AM Downloading update for file "10409_E.MAP"
            26/07/2011 9:29:44 AM Downloading update for file "10409_OSK.XML"
            26/07/2011 9:29:53 AM Downloading update for file "11809_E.MAP"
            26/07/2011 9:30:03 AM Downloading update for file "11809_OSK.XML"
            26/07/2011 9:30:12 AM Downloading update for file "1809_E.MAP"
            26/07/2011 9:30:22 AM Downloading update for file "1809_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "0809.STR"
            26/07/2011 9:30:23 AM Updating file "0809_E.MAP"
            26/07/2011 9:30:23 AM Updating file "0809_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "20409_E.MAP"
            26/07/2011 9:30:23 AM Updating file "20409_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "11009_E.MAP"
            26/07/2011 9:30:23 AM Updating file "11009_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "0452_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "0452_E.MAP"
            26/07/2011 9:30:23 AM Updating file "10409_E.MAP"
            26/07/2011 9:30:23 AM Updating file "10409_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "11809_E.MAP"
            26/07/2011 9:30:23 AM Updating file "11809_OSK.XML"
            26/07/2011 9:30:23 AM Updating file "1809_E.MAP"
            26/07/2011 9:30:23 AM Updating file "1809_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "0452_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "0452_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "0809.STR"
            26/07/2011 9:30:24 AM Updating SBFS file "0809_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "0809_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "10409_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "10409_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "11009_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "11009_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "11809_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "11809_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "1809_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "1809_OSK.XML"
            26/07/2011 9:30:24 AM Updating SBFS file "20409_E.MAP"
            26/07/2011 9:30:24 AM Updating SBFS file "20409_OSK.XML"
            26/07/2011 9:30:25 AM Applying configuration
            26/07/2011 9:30:25 AM Synchronization complete
            26/07/2011 9:30:25 AM Automatically synchronizing again in 180 minute(s)
            26/07/2011 9:30:25 AM Applying cryption changes

            • 3. Re: Some PC missing in Safeboot Encryption Manager

              please attach a complete log.

               

              Did you search for the machine ID like I suggested? If the machine is syncronizing, it MUST exist.

              • 4. Re: Some PC missing in Safeboot Encryption Manager

                Redo your find in the db, but using one of these alternate strategies:

                 

                Look for either Network Name = xyz

                or

                Search for Object Name, using machinename*

                 

                Duplicate objects get created regularly, and are named "computername"0001 (and the counter may increment, depending on how many times the machine registers as a duplicate)

                • 5. Re: Some PC missing in Safeboot Encryption Manager

                  after rerun group scan again, i am able to pick up those PCs again.

                  But i got a new problem.

                   

                  Some PC that installed with Safeboot, they are not able to boot up, they are displaying the error

                  Windows could not start because the following file is missing or corrupt: System32\Drivers\SBAlg.sys

                   

                  we are able to use bartpe to decyrpt the hdd. but still get the same error.

                   

                  Then we try to remove some registry

                   

                  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1- 08002BE10318}]

                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SafeBoot]

                   

                  by reading from another thread

                   

                  there's a registry im not abot to locate:

                   

                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\...your path to disk instance...\4&3a739529&0&000\Control]

                   

                   

                  i am still getting the same error when boot up some machines..i have no idea what went wrong and how to resolve it..

                  • 6. Re: Some PC missing in Safeboot Encryption Manager

                    some update on the current status:

                     

                    we still failed to reboot PC even after HDD is decrypted (we use safetech and remove EEPC).

                    still get the missing sbalg.sys error

                    boot into c:\ with bartpe and replace the sbalg.sys which i got from another normal PC.

                    when reboot PC again, get a new error saying

                    Unknown hard error c000021a

                     

                    i am running out of ideas...please help

                     

                    my thought on this is even the HDD is decrypted, there are some safeboot remained in the C:\

                    you think running sbsetup.exe -uninstall will help?

                     

                    please kindly advise...

                    • 7. Re: Some PC missing in Safeboot Encryption Manager

                      the error has nothing to do with encryption, it's because the driver is missing (or corrupt).

                       

                      You need to remove safeboot and sbalg from currentcontrolset, controlset001 is not used unless you pick "last known good configuration" - currentcontrolset is the only one used live.

                       

                      Usually you don't have to mess with the registry though, just make a copy of serial.sys and call it safeboot.sys or sbalg.sys - that should be enough. Often you can't just copy the file back because other files are also missing.

                       

                      But, how did you get into this position of having these driver files removed from your machine(s)?

                      • 8. Re: Some PC missing in Safeboot Encryption Manager

                        that's a good question, i wonder why it's not able to read the sbalg.sys as well...

                        all i did was install autoboot on those PCs, out of those 150 PCs i installed, most of them were OK. only 11 of them had this problem after their HDD were encrypted. And out of those 11 PCs, most of them are Dell E4200 laptop. wondering if there's a compatibility issue (they are running on ATA)?

                         

                        I will try to copy the serial.sys from another PC to paste to the problem PC through bartpe, will update you how it goes later.

                        • 9. Re: Some PC missing in Safeboot Encryption Manager

                          some update on this:

                           

                          no avil after replace with serial.sys, giving another error after:

                          Bluescreen error : "STOP 0x0000007B"

                           

                          E4200 is running on SSD, think that maybe the recent...some E4200 are ok, but some are dead, corrupted many registry after the encryption...i read an article that safeboot will causing performance problem on some SSD. that really giving us a hardtime here as we cannot confirm which e4200 will die and which will not.

                           

                          we have around 70 E4200 in one of our offices, confirmed 11 of them cannot be booted up after encrypted, and 2 has application problem (registry corrupted), believe those 2 will die as well after first reboot. Believe the casuality number will increase soon..

                           

                          only hoping that safeboot has not corrupted the entire SSD, and it still workable after reimage...