4 Replies Latest reply on Aug 19, 2011 7:56 AM by SafeBoot

    EEPC 6.10 (6.1.0.248) - FUBAR and recovery options missing

      I have an XP machine with EEPC installed, the same as 9 others.

       

      2 days ago this machine decided to install the pre-boot agent and ask for login credientials. (the other 9 are on the same policy, that is only set to encrypt the HDD)

       

      there are 2 user accounts associated with this machine (via AD).

       

      The usernames are being accepted but it says the passwords are wrong (tried both the default 12345 (which was not specified in policy) nor will accept the know and confirmed AD password set for the accounts.

       

      Error EE0F0001 - Token Authentication parameters are incorrect.

       

      I know has to wait 30 mins between attempts too (about the only policy that it seems to have picked up correctly :/)

       

      Further the machine has the option for Admin recovery disabled (greyed out - despite it being enabled in policy).

       

      I created a Bart PE recovery boot CD with v 6.0 v 6.1 and v 6.1.1 version of EETech. (I had to switch the HP 620 laptop SATA(intel) mode off AHCI to get it to boot) - I wont go into the issues of trying to find a non-OEM XP disk,

       

      this allowed me to use the recovery xml file for the machine. this was accepted however none of the recovery options are available...

       

      Status: Authenticated with Token

       

      The option for Remove EE is greyed out, the option for Emegeny boot is simply not there...

       

      under Disk operations it recognises the disk Alg: AES-256-CBC

       

      This PC has very important Wage information on it (hence the requirement for encryption) that urgently needs to be recovered...

       

      WTF is going on that this has happened out of the blue and none of the avialable recovery options seem to work?

       

      I have this deployed to some pretty important people in our org, if this same things happens to them the fall out will not be worth living.

       

      Using EPO - 4.5.4 HF 1 (build 937)

      EEPC is reporting 6.10 and EEAgent (1.1.0)

      Pre-boot Env 6.1.0.248

       

      Endpoint Encryption 1.1.0.248, McAfee Agent 4.5.0.1810, Product Coverage Reports 4.5.0.1810, VirusScan Enterprise 8.7.0.570.Wrk, AntiSpyware 8.7.0.129

       

      It's all gone Pete Tong!!!! Help!

       

      Spent 2 calls and an hour on hold to support and so far not got any helpful information other than.... try default password 12345

       

      Message was edited by: Insane_homer on 8/17/11 5:04:23 AM CDT

       

      Message was edited by: Insane_homer on 8/17/11 5:07:47 AM CDT
        • 1. Re: EEPC 6.10 (6.1.0.248) - FUBAR and recovery options missing

          OK, this makes a little bit of sense but was not clear from the EETech Documentation.

           

          To enable the Remove EE option via the BATPE EETech Boot CD requires both the .xml File for Authentication and the Daily Authorisation Code.

           

          Currently at 2% in the decryption process - eta 2-3 hours.

           

          holding thumbs.

          • 2. Re: EEPC 6.10 (6.1.0.248) - FUBAR and recovery options missing

            actually, all write functions with EETech require you to authenticate with the daily access code - this is to stop people tinkering and messing up.

             

            You also need to get the key from somewhere - you can get it out of PBFS, or from the XML export - you need one or the other though. In your case since you don't know the users password, the XML is the place to go.

            • 3. Re: EEPC 6.10 (6.1.0.248) - FUBAR and recovery options missing

              Safeboot, thanks.

               

              Pitty that that information was not forthcoming from MCafee. It's certainly not clear in the EETech documentation (pdf). Was not mentioned in either telephone conversations with Mcafee 'technical' support nor was it mentioned in the first 3 emails received from Mcafee while trying to get around this problem, eventually when they sent me the Daily Auth code some 24 hrs after the initial request did the instructions detail the need to use those functions in combination.

               

              It was not a case of not 'knowing' the user passwords. They were known, but were simply not being accepted by the Preboot Auth Screen, which as I mentioned initialised on this machine only (against the set policy) and when installed ignore the stipulation that admin recover be an option (against in contradiction to the stated deployed policy).

               

              How ironic that on the same day I get an email from Mcafee, "Reminder: Delight the Customer - 2011 Customer Feedback Initiative". The timing could not be better, damn right I'm delighted to fill out the survey now.

               

              I should also mention that the e-mail password reset I did just before posting here was finally received in my inbox last night, nearly 48 hrs late.

               

              On the + side the encryption has been removed and normal function of the PC resumed, however I now have 0% faith that this solution is viable for my other 9 users (out of 20 licenses bought). I cannot afford for this software to go rogue like this on any of the other machines, it's deployed to the most important people in our or working on org. If this had happened to anyone on the other slightly more important people, I'd be unemployed right now.

               

              Message was edited by: Insane_homer on 8/19/11 3:03:31 AM CDT
              • 4. Re: EEPC 6.10 (6.1.0.248) - FUBAR and recovery options missing

                Not sure what to say, other than someone changed the password, either by actually changing the password, or by changing their Windows password (which would in return change the pre-boot password).

                 

                They don't change on their own.

                 

                Instead of using BartPE to recover, you could have just used the built in password recovery system (hit recover on the pre-boot screen and the same in EPO. You didnt have to go in with EETech.  (page 79  of the product guide https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23083/en_US/ee_100_product_guide_en-us.pdf )

                 

                As forgotten passwords are something the system is built to handle quickly and simply.

                 

                I agree your support experience seems to have sucked though - post the ticket number and I'll notifiy the right support team mananger.

                 

                Simon.