8 Replies Latest reply on Dec 6, 2012 7:18 AM by mmjlz

    need help - bootdevice inaccessible after encryption

    mmjlz

      Hi everyone,

       

      I encrypted a notebook with 2 disks, the encryption was finished in the evening. Next morning the employee wanted to boot his machine at it only gives this error:

       

      Status: 0xc0000225

      Info: The boot selection failed because a required device is inaccessible

       

      The EEPC PBA isn't showing too, only this windows error message.

       

      What can I do now, and why did the encryption corrupt the windows installation? The other machines that I encrypted are working well.

       

      The eepc versions are these: Endpoint Encryption 1.2.1.315, Endpoint Encryption for PC 6.2.1.315, McAfee Agent 4.6.0.2935

       

      Thanks in advance

        • 1. Re: need help - bootdevice inaccessible after encryption
          mmjlz

          mmmk I did an emergency boot and the preboot stuff got fixed by the agent. Now the missing PBA is showing up. But next problem appeared....

           

          On the system I'm always getting this error now: EE0F0001 Token authentication parameters are incorrect

           

          It accepts my username but not my PIN. The owner of the computer is getting the same error.

          His token is new and never been used. The PBA accepts his username but denies also the default password.

           

          The only user which can authenticate is a backdoor admin account with password which is enforced with UBP rules etc.

          1 of 1 people found this helpful
          • 2. Re: need help - bootdevice inaccessible after encryption

            If one user works, but others don't, there's really nothing more than either you're typing the wrong password or your user is not assigned to the machine.

            • 3. Re: need help - bootdevice inaccessible after encryption
              dwebb

              Also, you could try (privately) typing the password into the username box so that you can see it.....it could be that you have the wrong keyboard layout selected, so the password actually being typed is not the one you think you are typing, so typing it in privately into the username box will confirm you have the correct keyboard layout selected.

               

              HTH

              • 4. Re: need help - bootdevice inaccessible after encryption
                mmjlz

                ok but if the users wouldn't be assigned to the system, the PBA would throw an unknown user error,...... at least I thought so.

                 

                I can see the employee's account is listed in the encryption users for this system. My account isn't listed, but it is assigned as group user, just like my backdoor admin, which is working.

                On my own machine, I can't authenticate too. My PIN is only of numbers, so the keyboard layout shouldn't matter.

                 

                I tried an administrator recovery to change my PIN or register my token new, but when it gets to the point where it says 'register your token'  I can enter what I want, my old PIN, a new PIN, the default 12345, it won't accept.

                And why won't it accept the default PIN for the new user who never used his token before?

                And how can I reset my token so that I can use it again?

                 

                But thanks so far for your suggestions

                • 5. Re: need help - bootdevice inaccessible after encryption

                  it might not throw "unknown user" - that's an option AFAIK to make sure an attacker does not know if they got a username or password wrong. Try it and see if you get a different response with a garbage user.

                   

                  As for the keyboad layout - a French keyboard has the numbers behind the shift key, so pressing "1" returns "!" unless you have shift pressed - so as David said, it's worth trying.

                   

                  Remember that if you have used EEPC before, your password will have been sent to EPO, it won't be the default. Password changes are replicated between machines.

                   

                  Did you set any password rules? Maybe what you are typing is just not conforming to the rules you set?

                  • 6. Re: need help - bootdevice inaccessible after encryption
                    mmjlz

                    Ok I just checked the keyboard stuff....should be ok, no shift, no caps.

                    When I enter a random usernames, it says "unknown user"

                     

                    My password rules are almost default....

                    - Password history 5 changes

                    - timeout after 3 attempts, invalidate after 10 attempts

                    - min 3, max. 40 characters

                    - at least 1 alpha, 1 numeric

                    - can't be username, no palindromes

                     

                    So what can be the issue....I just checked step for step for my employee colleague:

                    - enter his username

                    - asks for password

                    - then enter 12345

                    - accepted

                    - please register your token

                    - I plug it in and enter something like this az1k28 as PIN for him.

                    - it directly throws incorrect token blablabla

                     

                    this drives me crazy ^^

                    • 7. Re: need help - bootdevice inaccessible after encryption

                      Ah, you are using Tokens - well that adds a whole range of complexity. Maybe the token is locked out? The password rules are for password tokens, your hard token will apply its own set of rules to the pin etc.

                       

                      What token are you using? It would seem like the token you assigned to the user via UBP is not the same as the one being plugged in - EEPC does not consider it the right model of token.

                      1 of 1 people found this helpful
                      • 8. Re: need help - bootdevice inaccessible after encryption
                        mmjlz

                        Hehe don't know where I left my brain yesterday

                         

                        We're using RSA SID800 and caused by my endless authentication attempts the smart cards got blocked. I unblocked them with RSA PIN Unblock Wizard and changed the PINs with Control Center.

                        After some time the token were finally able to register with EEPC at PBA.

                         

                        But thank you sooo much for your help seems my brain just needed a reboot too ^^