2 Replies Latest reply on Nov 4, 2016 1:15 AM by thinkgreenn

    Encrypting Laptops with Liteon SSD

    thinkgreenn

      Hello!

       

      Firstly my apologies if i am posting this in the wrong area.

      I'll explain what issues i'm facing.

       

      Our main McAfee guy (lets call him that) is usually the one that contact mcafee for issues we cannot resolve our self.

      But due to unforeseen private reasons he has taken some time off from work.

       

      The task has now been assigned to me, next to him i am the one deploying the products to the machine

       

      One of our departments recently purchase 10 laptops with all of them containing a liteon ssd.

      When i push the encryption (McAfee drive encryption for windows 7.0.3).

      The drive gets encrypted but with OPAL encryption instead McAfee encryption.

      As soon we we reboot we get an error: McAfee Drive Encryption Fatal Error: [0xEE7F001] Failed to connect.

      Since its OPAL encryption the drive is locked. We are able to remove the Opal encryption using OPAL DETECH boot.

       

      How do we prevent this from happening, OPAL needs to be put as secondary and McAfee needs to be primary.

       

      The other machines in the office and other departments are using Samsung and Hynix SSD.

      All of these work flawless.

       

      Attached is the liteon ssd

        • 1. Re: Encrypting Laptops with Liteon SSD
          jhall2

          First, I would recommend upgrading ePO and Drive Encryption. The EEPC 7.0.3 Extension, the "plugin" within ePO used enable the functionality to manage the point product (EEPC) on the cleint system, is no longer supported. The EEPC 7.0 extension was only supported on ePO 4.6 and 5.0. Both of those versions of ePO are end of life / end of support as of December 2015. EEPC 7.0.3 was released January 2014. To upgrade ePO and the EEPC extension, please follow KB81538.

           

          There is several KBs that cover this issue:

           

          • KB75817
          • KB75800
          • KB85606
          • KB82876

           

          Some notes about OPAL with Drive Encryption.

           

          • The systems SATA Operational Mode must be set to AHCI (KB81136). This also applies to all SSD drives.
          • If the system is in UEFI mode, it must be Windows 8 or above certified by Microsoft (KB81136)
          • If the system is in UEFI mode, the OPAL drive must be shipped in the system from the OEM (KB81136)
          • The drive must be a supported OPAL drive and listed in KB81136.
          • The correct storage driver must be installed. Typically this is the Intel Rapid Storage Technology (IRST) driver.

           

          If the system does not meet these requirements, the system can still be encrypted with the software encryption provider. To encrypt with software provider, edit the Product Settings policy, click the Encryption tab, and move "PC Software" to the top of the list by clicking "Move to top".

           

          To deactivate the system, you will need to use the DEOpalTech disk. First you must determine if this is a UEFI or Legacy BIOS system. Go to ePO and navigate to the system in the System Tree and click on the system. Select the Drive Encryption tab and select "More". You will see "Firmware Type" and next to it will show either EFI or BIOS. Based on this, follow PD24871 to build a DEOpalTech disk or use the EZPE tool to build the correct disk. Once the disk is created, you will need to authorize using the code of the day and deactivate by clicking the Remove EE.

          • 2. Re: Encrypting Laptops with Liteon SSD
            thinkgreenn

            Thank you this helped me solve it