6 Replies Latest reply on Jan 12, 2012 2:08 AM by pierce

    [0xEE000008]

      We just updated Mcafee and as users reboot there machines some work fine, but we had a couple of users receive a Fatal Error saying "Mcafee Endpoint Encryption Fatal Error: [0xEE000008] Failed to load Cryptographic Module. Any Idea why they would get this Fatal Error?

        • 1. Re: [0xEE000008]

          I am in the process of doing a staged roll out of 6.0.2 to 6.1.2 upgrades. First group was fine. Second rollout group had one user with this error this morning. The machine installed the software and rebooted as expected. Then the user is stuck at this error before the pre-boot even shows. we have limited tech support at the remote site, using the EEtech cd not easy for them. probably just going to reinstall the OS. would be nice if i could get access to the logs on the system,

          • 2. Re: [0xEE000008]

            I have a dell laptop with the same problem/

             

            Emergency Boot and EE removal Doesn't work.

             

             

            Message was edited by: dyerby on 12/8/11 9:46:30 AM CST

             

            Message was edited by: dyerby on 12/8/11 9:56:02 AM CST
            • 3. Re: [0xEE000008]

              Can you explain more about "doesn't work" - as it's not possible to get this error during an eBoot process (afaik), as the machine is booted from an alternate system - you might get this from Windows though, if the driver had been deleted.

               

              Perhaps you can describe exactly what you did, and where the error appeared?

              • 4. Re: [0xEE000008]

                Ok let me add a little more detail to my comment.

                 

                When I tried to remove EE through the Etech Boot disk the Laptop Locks up and I get no removal progress bar.

                 

                I was able to do a emergency boot after all but it took about 10 minutes for windows to load. This is good news because now I can decrypt using the EPO console.

                 

                Thanks.

                 

                Message was edited by: dyerby on 12/8/11 11:10:48 AM CST
                • 5. Re: [0xEE000008]

                  We experienced this problems when we ramped up our deployments of EEPC v6.1.2. It hit a lot of systems and consumed nearly every working hour for a few weeks. Are you using McAfee HIPS?

                   

                  We are on HIPS 7 and there is a KB article about this error being resolved by deploying HIPS 8. However, we weren't ready to do that. We had to roll out an updated McAfee HIPS policy because the root cause was that HIPS was blocking installation of one of the encryption modules/components.

                   

                  A system would fully encrypt and then instead of getting the standard PBA, the affected users would immediately get the 0xEE000008 error after the Dell logo disappeared. Removal's failed on every system - I'm still trying to figure why removals go badly so often - but there is a way to work around it.

                   

                  After we rolled out the HIPS update, I was able to resolve almost all of my cases with one of two methods:

                   

                  Method 1 (Easy):

                  * Tag the system as an EEPC Uninstall in ePO

                  * Emergency Boot from EETech CD

                  * Login to Windows as the user

                  * Use McAfee Agent Status Monitor on the machine to pull the updated policies and start the decryption.

                  * Wait to make sure the updated HIPS policy has propagated to the system - then encrypt it again

                   

                  Method 2 (Use McAfee support until you are comfortable with the force crypt feature):

                  * Tag the system as an EEPC Uninstall in ePO

                  * Use a Win7PE tool we developed with the EETech module (you could use BartPE if you have that)

                  * Authenticate, authorize, write down all the disk info (start sector, total sector for each partition), use the workspace tool to try decrypting the start sector on screen, and if that was successful I used the force crypt tool. It's more complicated if you have multiple partitions like many of our images. My understanding is that you should always use force crypt on a partition by partition basis rather than try decrypting the entire drive. It is also recommended that you make a sector level copy of the drive because if force crypt fails or you make a mistake, the data will be gone.

                  * Reboot to test and if necessary restore MBR from the EETech tool.

                  * Use McAfee Agent Status Monitor on the machine to pull the updated policies

                  * Wait to make sure the updated HIPS policy has propagated to the system - then encrypt it again

                   

                  As a result of this error we've halted further automated deployments for the time being. We are waiting to update to HIPS 8 and the next EEPC patch level. The problem with the HIPS policies is that they didn't filter out globally as fast as we would have hoped. So there were some users who got hit even after the fix had rolled out.

                  • 6. Re: [0xEE000008]
                    pierce

                    Thanks zeitgeist,

                    just came across the exact same issue with HIPS7 and Eepc 6.1.2.

                     

                    think it's time to bite the bullet and upgrade everyone to HIPS8 as there are just too many issues with the older versions.

                    Thanks

                    Pierce