1 2 Previous Next 10 Replies Latest reply on Apr 12, 2013 8:06 AM by mmjlz

    Rebuilding a decrypted machine

    resourcegroup

      We've had a machine back into our IT office which was having non boot issues, after the PBFS, but before Windows.

      I used the BartPE based tool to decrypt the machine, and following some investigation and repair, primarily using checkdisk and sfc, the machine would boot, but would promptly BSOD with an error that implied there were pending rename operations. So i ran loaded the registry hive, and checked, and couldn't find a solution, so eventually ran a repair install of the OS, which resolved my issues.

       

      However, since the repair, the EEPC Agent / Software is not behaving as intended. Although the agent retrieves and updates policies, the software is not running, though it is installed, and the laptop will not encrypt. The machine is tagged to install the correct software, and the tag works as expected for other machines, and has done in the past. I have applied the tag to remove the EEPC software, however the removal fails, and attempting to manually unistall the software fails as it claims the agent is already installed, even if i remove the agent. Manual removal leaves me with the message McAfee Endpoint Encryption is Currently Active. Please De-activate before Uninstalling.

       

      Can anyone assist me in getting this laptop re-encrypted so i can deploy it back to its user

       

      Regards

       

      Rob Hundley

       

      Resource Group

        • 1. Re: Rebuilding a decrypted machine

          Did you capture the eepc log file? Anything revealing in it?

          • 2. Re: Rebuilding a decrypted machine
            resourcegroup

            2012-07-12 07:06:41,653 INFO    LoggingService                       ===========================

            2012-07-12 07:06:41,653 INFO    LoggingService                       ===== Service Started =====

            2012-07-12 07:06:41,653 INFO    LoggingService                       Running EEAgent version: 1.1.3.7409862

            2012-07-12 07:06:41,653 INFO    LoggingService                       Operating system reported as: Windows 5.1

            2012-07-12 07:06:41,653 INFO    LoggingService                       BIOS reported as: DELL   - 27d70a0b

            2012-07-12 07:06:41,653 INFO    MfeEpeDiscoveryService               Initialized successfully

            2012-07-12 07:06:41,653 INFO    MfeEpeDiscoveryService               Service started successfully

            2012-07-12 07:06:41,653 INFO    MfeEpeStatusService                  Initialized successfully

            2012-07-12 07:06:41,653 INFO    MfeEpePluginInformationService       Initialized successfully

            2012-07-12 07:06:41,653 INFO    MfeEpePluginInformationService       Service started successfully

            2012-07-12 07:06:41,668 INFO    MfeEpeStatusService                  Service Started successfully

            2012-07-12 07:06:41,684 INFO    MfeEpeCoreEncryptionPlugin           MfeEpeEncryptionService initialized successfully

            2012-07-12 07:06:41,684 INFO    MfeEpeEsEncryptionInformationService MfeEpeEncryptionInformationService initialized successfully

            2012-07-12 07:06:41,778 INFO    MfeEpeProductDetectionPlugin         MfeEpeProductDetectionService initialized successfully

            2012-07-12 07:06:41,809 INFO    EpoPlugin                            MfeEpeServiceDCServer initialized successfully

            2012-07-12 07:06:41,824 INFO    MfeEpeServiceLPCServer               Initialized successfully

            2012-07-12 07:06:41,824 INFO    MfeEpeCoreEncryptionPlugin           Service Started Successfully

            2012-07-12 07:06:41,824 INFO    MfeEpeEsEncryptionInformationService Service Started Successfully

            2012-07-12 07:06:41,824 INFO    MfeEpeProductDetectionPlugin         Service Started Successfully

            2012-07-12 07:06:41,824 INFO    EpoPlugin                            Service Started Successfully

            2012-07-12 07:06:41,840 INFO    MfeEpeServiceLPCServer               Service Started Successfully

            2012-07-12 07:06:42,012 INFO    MfeEpeServiceLPCServer               LPC state initialized.

            2012-07-12 07:06:42,012 INFO    MfeEpeServiceLPCServer               Initial LPC state created.

            2012-07-12 07:06:42,012 INFO    MfeEpeServiceLPCServer               LPC services started.

            2012-07-12 07:06:42,043 INFO    MfeEpeServiceLPCServer               Service initialized.

            2012-07-12 07:06:42,043 INFO    MfeEpeKeyServerService               Initialized successfully

            2012-07-12 07:06:42,043 INFO    MfeEpeKeyServerService               Service Started Successfully

            2012-07-12 07:06:42,479 INFO    MfeEpeServiceLPCServer               LPC channels subscribed.

            2012-07-12 07:11:25,245 INFO    MfeEpeDiscoveryService               Service stopped

            2012-07-12 07:11:25,261 INFO    MfeEpePluginInformationService       Service stopped

            2012-07-12 07:11:25,276 INFO    MfeEpeEsEncryptionInformationService Service Stopped Successfully

            2012-07-12 07:11:25,292 INFO    MfeEpeCoreEncryptionPlugin           Service Stopped Successfully

            2012-07-12 07:11:25,308 INFO    MfeEpeProductDetectionPlugin         Service Stopped Successfully

            2012-07-12 07:11:25,308 INFO    MfeEpeKeyServerService               Service Stopped Successfully

            2012-07-12 07:13:18,125 INFO    LoggingService                       ===========================

            2012-07-12 07:13:18,156 INFO    LoggingService                       ===== Service Started =====

            2012-07-12 07:13:18,156 INFO    LoggingService                       Running EEAgent version: 1.1.3.7409862

            2012-07-12 07:13:18,156 INFO    LoggingService                       Operating system reported as: Windows 5.1

            2012-07-12 07:13:18,156 INFO    LoggingService                       BIOS reported as: DELL   - 27d70a0b

            2012-07-12 07:13:18,156 INFO    MfeEpeDiscoveryService               Initialized successfully

            2012-07-12 07:13:18,156 INFO    MfeEpeDiscoveryService               Service started successfully

            2012-07-12 07:13:18,156 INFO    MfeEpeStatusService                  Initialized successfully

            2012-07-12 07:13:18,171 INFO    MfeEpePluginInformationService       Initialized successfully

            2012-07-12 07:13:18,171 INFO    MfeEpePluginInformationService       Service started successfully

            2012-07-12 07:13:18,171 INFO    MfeEpeStatusService                  Service Started successfully

            2012-07-12 07:13:18,171 INFO    MfeEpeCoreEncryptionPlugin           MfeEpeEncryptionService initialized successfully

            2012-07-12 07:13:18,171 INFO    MfeEpeEsEncryptionInformationService MfeEpeEncryptionInformationService initialized successfully

            2012-07-12 07:13:18,218 INFO    MfeEpeProductDetectionPlugin         MfeEpeProductDetectionService initialized successfully

            2012-07-12 07:13:30,671 INFO    EpoPlugin                            MfeEpeServiceDCServer initialized successfully

            2012-07-12 07:13:30,687 INFO    MfeEpeServiceLPCServer               Initialized successfully

            2012-07-12 07:13:30,703 INFO    MfeEpeCoreEncryptionPlugin           Service Started Successfully

            2012-07-12 07:13:30,734 INFO    MfeEpeEsEncryptionInformationService Service Started Successfully

            2012-07-12 07:13:30,734 INFO    MfeEpeProductDetectionPlugin         Service Started Successfully

            2012-07-12 07:13:30,734 INFO    EpoPlugin                            Service Started Successfully

            2012-07-12 07:13:30,734 INFO    MfeEpeServiceLPCServer               Service Started Successfully

            2012-07-12 07:13:36,895 INFO    MfeEpeServiceLPCServer               LPC state initialized.

            2012-07-12 07:13:36,989 INFO    MfeEpeServiceLPCServer               Initial LPC state created.

            2012-07-12 07:13:36,989 INFO    MfeEpeServiceLPCServer               LPC services started.

            2012-07-12 07:13:36,989 INFO    MfeEpeServiceLPCServer               Service initialized.

            2012-07-12 07:13:36,989 INFO    MfeEpeKeyServerService               Initialized successfully

            2012-07-12 07:13:36,989 INFO    MfeEpeKeyServerService               Service Started Successfully

            2012-07-12 07:13:39,654 INFO    MfeEpeServiceLPCServer               LPC channels subscribed.

            2012-07-12 07:14:51,647 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

            2012-07-12 07:15:52,488 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1342077216).

            2012-07-12 07:15:54,584 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users (i.e. non-default UBP users) before enforcing policy.

            2012-07-12 07:15:54,678 INFO    EpoState                             == Start of policy enforcement ==

            2012-07-12 07:15:54,694 INFO    MfeEpeStatusService                  Policy enforcement has started

            2012-07-12 07:15:54,882 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

            2012-07-12 07:15:54,882 INFO    EpoPlugin                            policyHandler: handling EnforcePolicy event

            2012-07-12 07:15:54,897 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers event

            2012-07-12 07:15:55,148 INFO    DomainUsers                          Found new (unprocessed) local domain user: \\resourcegroup\lansweeperservices

            2012-07-12 07:15:55,163 INFO    DomainUsers                          Found new (unprocessed) local domain user: \\resourcegroup\dylan.llewellyn

            2012-07-12 07:15:55,163 INFO    DomainUsers                          Found new (unprocessed) local domain user: \\resourcegroup\stephen.tovey

            2012-07-12 07:15:55,163 INFO    DomainUsers                          Found new (unprocessed) local domain user: \\resourcegroup\robert.hundley

            2012-07-12 07:15:55,163 INFO    DomainUsers                          Found new (unprocessed) local domain user: \\resourcegroup\chris.harvey

            2012-07-12 07:15:55,163 INFO    EpoPlugin                            userHandler: dispatching EPOAddDomainUsers event to McAfee Agent

            2012-07-12 07:15:55,163 INFO    EpoPlugin                            userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB78165).

            2012-07-12 07:15:55,367 INFO    MfeEpeStatusService                  Creating Event to request data for local domain users

            2012-07-12 07:19:00,609 WARNING EpoMaLpcLog                          Service not available

            2012-07-12 07:19:00,796 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers response

            2012-07-12 07:19:00,796 INFO    MfeEpeStatusService                  Received data for local domain users

            2012-07-12 07:19:00,812 INFO    EpoPlugin                            userHandler: local user (C4898127D532C2449F7671D7F4E5A2B8) already assigned.

            2012-07-12 07:19:00,921 INFO    EpoPlugin                            userHandler: local user (D9A3D460A8B10E4D9757D639B11E497A) already assigned.

            2012-07-12 07:19:00,921 INFO    EpoPlugin                            userHandler: local user (14C934721BA41249A240EB176092B7F5) already assigned.

            2012-07-12 07:19:00,921 INFO    EpoPlugin                            userHandler: local user (F1A427AA79B33C4FB2948C2852B6DA69) already assigned.

            2012-07-12 07:19:00,937 INFO    EpoPlugin                            userHandler: local user (274A4EF08A602C4C99E742B8DD381DED) already assigned.

            2012-07-12 07:19:00,937 INFO    EpoPlugin                            userHandler: dispatching GetAllUsers event to AgentHandler

            2012-07-12 07:19:00,937 INFO    EpoPlugin                            userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB78165).

            2012-07-12 07:19:01,938 INFO    MfeEpeStatusService                  Creating Event to request data for assigned users

            2012-07-12 07:21:36,879 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

            2012-07-12 07:21:37,067 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

            2012-07-12 07:23:45,306 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

            2012-07-12 07:23:45,353 INFO    MfeEpeStatusService                  Received data for assigned users

            2012-07-12 07:23:45,728 INFO    MfeEpeCoreEncryptionPlugin           --- Activation Begins ---

            2012-07-12 07:23:45,759 INFO    MfeEpeStatusService                  Activation has started

            2012-07-12 07:23:45,759 INFO    MfeEpeStatusService                  Searching available Encryption Providers

            2012-07-12 07:23:45,759 WARNING MfeEpeCoreEncryptionPlugin           [0xEE010001] No providers installed

            2012-07-12 07:23:45,759 WARNING MfeEpeCoreEncryptionPlugin           [0xEE010001] No providers installed

            2012-07-12 07:23:45,759 ERROR   EpoPlugin                            userHandler: failed to process batched user data response: [0xEE010001] [0xEE010001] No providers installed

            2012-07-12 07:23:45,790 ERROR   MfeEpeStatusService                  Failed to process a batch of user data received

            2012-07-12 07:23:45,790 INFO    EpoState                             == End of policy enforcement ==

            2012-07-12 07:23:45,790 INFO    MfeEpeStatusService                  Policy enforcement has completed

            2012-07-12 07:23:47,994 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

            2012-07-12 07:23:48,025 INFO    MfeEpeStatusService                  Received data for assigned users

            2012-07-12 07:23:48,572 ERROR   EpoPlugin                            userHandler: failed to process batched user data response: [0xEE000006] No policy store

            2012-07-12 07:23:48,572 ERROR   MfeEpeStatusService                  Failed to process a batch of user data received

            2012-07-12 07:23:48,572 INFO    EpoState                             == End of policy enforcement ==

            2012-07-12 07:23:48,572 INFO    MfeEpeStatusService                  Policy enforcement has completed

            2012-07-12 07:23:48,604 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

            2012-07-12 07:23:48,604 INFO    MfeEpeStatusService                  Received data for assigned users

            2012-07-12 07:23:48,619 ERROR   EpoPlugin                            userHandler: failed to process batched user data response: [0xEE000006] No policy store

            2012-07-12 07:23:48,635 INFO    EpoState                             == End of policy enforcement ==

            2012-07-12 07:23:48,682 ERROR   MfeEpeStatusService                  Failed to process a batch of user data received

            2012-07-12 07:23:48,682 INFO    MfeEpeStatusService                  Policy enforcement has completed

            2012-07-12 07:27:25,348 INFO    EpoPlugin                            enforcePolicy: No policy enforcement required (nothing has changed), waiting until next ASCI.

             

            I wasnt aware of this log until you raised this point admittedly, so have reinstalled the agent and ran a policy update, which has produced the following log

            • 3. Re: Rebuilding a decrypted machine

              looks like you're missing an encryption provider?

               

              2012-07-12 07:23:45,759 INFO    MfeEpeStatusService                  Searching available Encryption Providers

              2012-07-12 07:23:45,759 WARNING MfeEpeCoreEncryptionPlugin           [0xEE010001] No providers installed

              2012-07-12 07:23:45,759 WARNING MfeEpeCoreEncryptionPlugin           [0xEE010001] No providers installed

              • 4. Re: Rebuilding a decrypted machine
                resourcegroup

                Is there any reason this should occur following a decrpytion? Previously, i have decrypted laptops fine using the exact same method, and they have re-encrypted fine upon boot, and, although a repair install was completed, the system is, at the centre, the same system, so should be able to connect to EPo for anything its missing surely? Would this be something distributed by EPo, or is this something managed by the software which has been corrupted, and, in either case, is there a known fix for this issue?

                • 5. Re: Rebuilding a decrypted machine
                  jmushet

                  Im seeing the exact thing happening with some new PC'S.  So im new to this.  How to you fix the Encryption provider when you have previously had the HDD Encrypted?

                  • 6. Re: Rebuilding a decrypted machine
                    mmjlz

                    Hi,

                     

                    I have a similar problem.

                    I decrypted a system today using EETech 7 BartPE. Now Windows is repaired and can start up but many Windows DLLs are missing and EEPC is strange too. It cannot communicate with ePO, McTray can't run and the plugins can't load or something.

                    Here's the log file, maybe can somebody help?

                     

                    2013-04-12 10:22:54,332 INFO    LoggingService                       ===========================

                    2013-04-12 10:22:54,332 INFO    LoggingService                       ===== Service Started =====

                    2013-04-12 10:22:54,332 INFO    LoggingService                       Running EEAgent version: 7.0.0.311

                    2013-04-12 10:22:54,332 INFO    LoggingService                       Operating system reported as: Windows 6.1

                    2013-04-12 10:22:54,332 INFO    LoggingService                       BIOS reported as: Dell Inc., A06 (07/11/2011)

                    2013-04-12 10:22:54,342 INFO    MfeEpeDiscoveryService               Initialized successfully

                    2013-04-12 10:22:54,342 INFO    AuditService                         Service Started successfully

                    2013-04-12 10:22:54,342 INFO    StatusService                        Service Started successfully

                    2013-04-12 10:22:54,342 INFO    MfeEpeDiscoveryService               Service started successfully

                    2013-04-12 10:22:54,342 INFO    MfeEpePluginInformationService       Initialized successfully

                    2013-04-12 10:22:54,342 INFO    MfeEpePluginInformationService       Service started successfully

                    2013-04-12 10:22:54,352 INFO    MfeEpeCoreEncryptionPlugin           MfeEpeEncryptionService initialized successfully

                    2013-04-12 10:22:54,352 INFO    MfeEpeEsEncryptionInformationService MfeEpeEncryptionInformationService initialized successfully

                    2013-04-12 10:22:54,352 ERROR   PluginManager                        Failed to create plugin MfeEpeProductDetectionPlugin

                    2013-04-12 10:22:54,392 ERROR   PluginManager                        Failed to create plugin MfeEpoPlugin

                    2013-04-12 10:22:54,432 INFO    MfeEpeOpalEncryptionProviderPlugin   MfeEpeEncryptionService initialized successfully

                    2013-04-12 10:22:54,432 INFO    MfeEpeOpalEncryptionProviderPlugin   MfeEpeEncryptionProviderService initialized successfully

                    2013-04-12 10:22:54,432 INFO    MfeEpeEsEncryptionInformationService MfeEpeEncryptionInformationService initialized successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpePcEncryptionProviderPlugin     MfeEpeEncryptionService initialized successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpePcEncryptionProviderPlugin     MfeEpeEncryptionProviderService initialized successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeEsEncryptionInformationService MfeEpeEncryptionInformationService initialized successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeCoreEncryptionPlugin           Service Started Successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeEsEncryptionInformationService Service Started Successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeOpalEncryptionProviderPlugin   Service Started Successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeEsEncryptionInformationService Service Started Successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpePcEncryptionProviderPlugin     Service Started Successfully

                    2013-04-12 10:22:54,472 INFO    MfeEpeEsEncryptionInformationService Service Started Successfully

                    2013-04-12 10:22:54,492 INFO    PcSystem                             Starting (BIOS, inactive)

                    2013-04-12 10:22:54,502 INFO    PcSystem                             Started

                    2013-04-12 10:22:54,512 WARNING OpalProvider                         Disk configuration is unsupported for Opal. All disks must be Opal disks in order to activate with the Opal provider.

                    2013-04-12 10:25:54,475 ERROR   MfeEpeCoreEncryptionPlugin           ..\..\..\Src\EpeFsmDependencyValidator.cpp: EPE_fsm_dependency_validator::check_dependencies: 136: Time out waiting for service MfeEpeProductDetectionService[0xEE000004] Wait timed out

                    2013-04-12 10:25:54,475 ERROR   MfeEpeCoreEncryptionPlugin           ..\..\..\Src\EpeEsInitHandler.cpp: EPEES_init_handler::handle: 261: Failed to find dependency plugins

                    2013-04-12 10:31:33,714 INFO    MfeEpeCredentialProviderServiceV2    MfeEpeCredentialProviderServiceV21f85fb07-a35c-11e2-8b02-5407367b5e16 initialized successfully

                    2013-04-12 10:31:33,714 INFO    MfeEpeCredentialProviderServiceV2    Service Started Successfully

                    2013-04-12 10:31:33,730 WARNING MfeEpeCredentialProviderServiceV2    ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::init: 79: [0xEE120008] no system policy set

                    2013-04-12 10:31:33,730 WARNING MfeEpeCredentialProviderServiceV2    ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::init: 84: [0xEE120008] no system policy set

                    2013-04-12 10:31:33,730 INFO    MfeEpeCredentialProviderServiceV2    Service Stopped Successfully

                     

                    Thanks in advance,

                    Jessica

                    • 7. Re: Rebuilding a decrypted machine

                      What was the original problem which lead you to decrypt with EETech? That needs to be resolved first.

                      • 8. Re: Rebuilding a decrypted machine
                        mmjlz

                        Windows couldn't start, it was stuck in a loop of startup repair. I wanted to do this startup repair, so I used Remove EE. Then I ran the Windows startup repair and Windows can now boot, but it behaves as I described above.

                         

                        Additionally I have now another problem: the user who works with this notebook brought me an ESATA disk which got encrypted with the notebook. Now the notebook is decrypted but the eSATA drive isn't. Do you know a quick fix for this?

                        • 9. Re: Rebuilding a decrypted machine

                          there's no quick fix for the eSata drive - you can either copy the data off it by booting off an EETech disk and mounting it, or decrypt it from EETech, or you can plug it in the original machine and do the same.

                           

                          If the machine is booting to windows, but windows is broken, you should probably just copy the user data off and reimage the machine to save time. It sounds like your problems are all Windows, rather than EEPC related now?

                          1 2 Previous Next