4 Replies Latest reply on Apr 10, 2015 10:32 AM by lantuin

    Drive Encryption 7.1.1 status inactive

    lantuin

      Dear community,

       

      I've a problem with the activation of drive encryption in one single endpoint of my environment.

       

      It is a notebook with the following features:

       

      CPU TypeAMD E-450 APU with Radeon(tm) HD Graphics
      Installed ProductsDrive Encryption 7.1.1.454, Drive Encryption Go 7.1.1.454, Drive Encryption: Windows 7.1.1.454, McAfee Agent 4.8.0.1938, Product Coverage Reports 4.8.0.1938, VirusScan Enterprise 8.8.0.1247
      Operating SystemOS Type:Windows 8.1 Workstation,OS Platform:Workstation,OS Version:6.3

       

      ePolicy Orchestrator is version 5.1.1

       

      When I install Drive Encryption and Drive Encryption Agent and reboot the computer, activating process started (I can see also the correct tag in ePO "EE:ALDU") but the status remains inactive.

       

      In mfeepe.log I can see:

       

      2015-04-03 10:53:23,402 INFO    DRIVER                               Session notification: EPEPC_DRIVER_SESSION_STANDBY

      2015-04-03 10:56:52,839 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 10:56:52,842 WARNING MfeEpeEsEncryptionInformationService ..\..\..\Src\EpeFsmHostErrorHandler.cpp: EPE_fsm_host_error_handler::handle: 71: Received service unavailable exception: The service MfeEpeEncryptionInformationServiceClient is currently unavailable

      2015-04-03 10:57:39,398 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 10:57:46,430 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1428057442).

      2015-04-03 10:57:47,935 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users (i.e. non-default UBP users) before enforcing policy.

      2015-04-03 10:57:48,039 INFO    EpoState                             == Start of policy enforcement ==

      2015-04-03 10:57:48,044 INFO    StatusService                        Applicazione delle policy avviata

      2015-04-03 10:57:48,045 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

      2015-04-03 10:57:48,046 INFO    EpoPlugin                            policyHandler: handling EnforcePolicy event

      2015-04-03 10:57:48,060 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers event

      2015-04-03 10:57:48,068 INFO    DomainUsers                          Searching for any local domain users.

      2015-04-03 10:57:48,219 INFO    DomainUsers                          Found new (unprocessed in this session) local domain user: \xxxxxxxx\xxxxxxxx

      2015-04-03 10:57:48,229 INFO    DomainUsers                          Found new (unprocessed in this session) local domain user: \\xxxxxxxx\xxxxxxxxx

      2015-04-03 10:57:48,230 INFO    EpoPlugin                            userHandler: dispatching EPOAddDomainUsers event to McAfee Agent

      2015-04-03 10:57:48,230 INFO    EpoPlugin                            userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB71865).

      2015-04-03 10:57:48,257 INFO    StatusService                        Creazione evento per richiesta dati per utenti di dominio locale

      2015-04-03 11:02:46,545 WARNING EpoMaLpcLog                          Service not available

      2015-04-03 11:02:46,591 INFO    EpoPlugin                            userHandler: handling AddLocalDomainUsers response

      2015-04-03 11:02:46,592 INFO    StatusService                        Dati per utenti di dominio locale ricevuti

      2015-04-03 11:02:46,595 INFO    EpoPlugin                            userHandler: local user (83B8837049DFC34AB69C22E045EDF12F) already assigned.

      2015-04-03 11:02:46,596 INFO    EpoPlugin                            userHandler: local user (D6C4ED69EDDA684BA6B42B6E3E255C85) already assigned.

      2015-04-03 11:02:46,597 INFO    EpoPlugin                            userHandler: dispatching GetAllUsers event to AgentHandler

      2015-04-03 11:02:46,609 INFO    EpoPlugin                            userHandler: Note, press Send Events button in McAfee Agent to hasten delivery (see KB71865).

      2015-04-03 11:02:46,639 INFO    StatusService                        Creazione di evento per richiesta dati per utenti assegnati

      2015-04-03 11:07:45,923 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 11:07:48,659 INFO    EpoPlugin                            userHandler: handling GetAllUsers response

      2015-04-03 11:07:48,660 INFO    StatusService                        Dati per utenti assegnati ricevuti

      2015-04-03 11:07:48,741 INFO    MfeEpeCoreEncryptionPlugin           --- Activation Begins ---

      2015-04-03 11:07:48,747 INFO    StatusService                        Attivazione avviata

      2015-04-03 11:07:48,748 INFO    StatusService                        Ricerca di provider di cifratura disponibili

      2015-04-03 11:07:48,750 INFO    MfeEpeCoreEncryptionPlugin           Size of provider order list in policy is 2

      2015-04-03 11:07:50,811 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:07:50,907 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:17:47,530 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 11:18:49,592 INFO    DRIVER                               Session notification: EPEPC_DRIVER_SESSION_UNLOCK

      2015-04-03 11:19:58,933 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 11:20:05,324 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:20:05,371 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:30:03,374 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 11:30:05,444 INFO    EpoPlugin                            enforcePolicy: Timed out waiting for activation from a previous policy enforcement.

      2015-04-03 11:30:05,444 INFO    EpoState                             == End of policy enforcement ==

      2015-04-03 11:30:05,444 INFO    StatusService                        Applicazione delle policy completata

      2015-04-03 11:30:05,476 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1428057443).

      2015-04-03 11:30:06,804 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users (i.e. non-default UBP users) before enforcing policy.

      2015-04-03 11:30:06,835 INFO    EpoState                             == Start of policy enforcement ==

      2015-04-03 11:30:06,835 INFO    StatusService                        Applicazione delle policy avviata

      2015-04-03 11:30:06,835 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

      2015-04-03 11:33:05,890 INFO    DRIVER                               Session notification: EPEPC_DRIVER_SESSION_STANDBY

      2015-04-03 11:34:20,742 INFO    DRIVER                               Session notification: EPEPC_DRIVER_SESSION_UNLOCK

      2015-04-03 11:40:05,088 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 11:40:07,431 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:40:07,478 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 11:50:07,266 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:00:08,943 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:10:10,463 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:18:51,825 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:19:42,062 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:21:00,015 INFO    StatusService                        Applicazione delle policy completata

      2015-04-03 12:21:00,015 INFO    EpoPlugin                            enforcePolicy: Timed out waiting for activation from a previous policy enforcement.

      2015-04-03 12:21:00,015 INFO    EpoState                             == End of policy enforcement ==

      2015-04-03 12:21:00,046 INFO    EpoPlugin                            enforcePolicy: new policy store created (session 1428057444).

      2015-04-03 12:21:01,421 INFO    EpoPlugin                            enforcePolicy: Waiting for OptIn users (i.e. non-default UBP users) before enforcing policy.

      2015-04-03 12:21:01,453 INFO    EpoState                             == Start of policy enforcement ==

      2015-04-03 12:21:01,453 INFO    StatusService                        Applicazione delle policy avviata

      2015-04-03 12:21:01,453 INFO    EpoPlugin                            enforceUserPolicy: Dispatching enforce policy event.

      2015-04-03 12:21:48,956 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

      2015-04-03 12:22:01,644 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 12:22:01,706 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

      2015-04-03 12:25:37,875 INFO    MfeEpeCredentialProviderServiceV2    MfeEpeCredentialProviderServiceV2858f3dd1-d9fc-11e4-8271-7ce9d3b73e82 initialized successfully

      2015-04-03 12:25:37,876 INFO    MfeEpeCredentialProviderServiceV2    Service Started Successfully

      2015-04-03 12:25:37,897 WARNING MfeEpeCredentialProviderServiceV2    ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::init: 79: [0xEE120008] no system policy set

      2015-04-03 12:25:37,903 WARNING MfeEpeCredentialProviderServiceV2    ..\..\..\Src\Helper\EpePcCredentialProviderServiceHandler.cpp: EPEPC_credential_provider_service_handler::init: 84: [0xEE120008] no system policy set

      2015-04-03 12:25:37,904 INFO    MfeEpeCredentialProviderServiceV2    Service Stopped Successfully

       

       

      I don't know why it says "NO SYSTEM POLICY SET". To the computer, from ePO, are assigned the correct policies (the same as the other endpoints).

       

      Have you any idea?

       

      Thanks

      Best Regards

        • 1. Re: Drive Encryption 7.1.1 status inactive
          Sathish L

          I guess agent to server communication (policy enforcement) is failing, verify the mcafee agent logs to get the more information.

          • 2. Re: Drive Encryption 7.1.1 status inactive
            lantuin

            Thanks Sathish.

             

            Other products are correctly installed on the client machine (like VirusScan Enterprise) and correctly agent communicates with the server.

            There is one particular log to inspect?

             

             

            UPDATE

            --------------

             

            I see this in Client Events Details from Queries and Reports (DE: Product Client Events):

             

             

            Event ID:2422
            Severity:Major
            Host Name:
            User Name:
            IP Address:
            Product Code:Endpoint Encryption
            Version:
            SP HotFix:
            Extra DAT Names:
            Event Type:Policy Enforcement
            Error Code :Policy retrieval from datastore failed
            Locale:1033
            Site Name:
            Initiator ID:EPOAGENT3000

             

            2ND UPDATE

            ---------------------

             

            From EEGO:

             

            Results

             

            Data Channel Delay (ms)1800000
            Data Channel PingSuccess
            Data Channel ResponseFailed
            Disk StatusSuccess
            Incompatible ProductsSuccess
            S.M.A.R.T.Success
            Supported DriveSuccess

             

            3RD UPDATE

            ---------------------

             

            I removed EEGO and reinstalled it. Now results are:

             

            Data Channel Delay (ms)10000
            Data Channel PingSuccess
            Data Channel ResponseSuccess
            Disk StatusSuccess
            Incompatible ProductsSuccess
            S.M.A.R.T.Success
            Supported DriveSuccess
            • 3. Re: Re: Drive Encryption 7.1.1 status inactive
              jhall2

              After the providers are identified, MDE will query them. It appears that while querying them one of the providers has locked up. Generally this is caused by either the Storage Driver not being installed or the SATA mode not being set to AHCI for an OPAL drive (regardless if OPAL or Software Encryption, the SATA mode must be set to AHCI if the drive is OPAL).

               

              2015-04-03 11:07:48,741 INFO    MfeEpeCoreEncryptionPlugin          --- Activation Begins ---

              2015-04-03 11:07:48,747 INFO    StatusService                        Attivazione avviata

              2015-04-03 11:07:48,748 INFO    StatusService                        Ricerca di provider di cifratura disponibili

              2015-04-03 11:07:48,750 INFO    MfeEpeCoreEncryptionPlugin          Size of provider order list in policy is 2

              2015-04-03 11:07:50,811 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

              2015-04-03 11:07:50,907 INFO    EpoPlugin                            enforcePolicy: Policy Enforcement is already in progress, skipping this one.

              2015-04-03 11:17:47,530 INFO    EpoPlugin                            collectProperties: dispatching disk list to AgentHandler

              • 4. Re: Re: Drive Encryption 7.1.1 status inactive
                lantuin

                I think Storage Driver are correctly installed (no oddities in device manager) and SATA mode is set to AHCI.