2 Replies Latest reply on Mar 17, 2017 3:48 PM by jabil-rob

    MBR on encrypted boot disk changed by backup tool

    jabil-rob

      I don't know if we use EEM or ePO, but I think my question might be general enough to get an idea on how to proceed with this issue.

       

      I have two SSD drives in a laptop encrypted with McAfee. I've never had issues with the encryption. I just installed a backup tool, not realizing that it was going to modify the MBR to facilitate its recovery methodology.

       

      Now the drive will not boot to the McAfee splash screen nor anything past that. I have the option to pick an alternate boot method and I can get into the MEBx (the Management Engine) menu, but I don't think that's going to help.

       

      I didn't do any MBR fixing since this issue started.

       

      I'm just wondering if I should try to figure out some way to recover the MBR, or if I should first try to decrypt the drive. We have the tools to decrypt the drives, but I'm not sure if that will help, ultimately, with the MBR issue. The backup tool vendor recommended doing the "standard" Microsoft steps to "reset" the MBR. If I was going to do that, with my limited understanding of this McAfee product, I'd assume that I would first need to decrypt the drives prior to fixing the MBR.

       

      I would appreciate any guidance!!  I don't want to further mess up my hard drive.

       

      p.s. - I would have called McAfee support but I don't have the "grant number" and neither does my local IT support folks, and our SME for this product is out.

       

      Thanks!

       

       

      -- Rob --

        • 1. Re: MBR on encrypted boot disk changed by backup tool
          jhall2
          1. Download the EZPE utility from here: The EZPE Builder for Data Recovery
          2. Select the option to build a DETech stand alone with Emergency boot (for MBR) using a USB drive
          3. Select the version of MDE you are using
          4. Export the XML file from ePO:
            1. Login to ePO and navigate to the system tree
            2. Select the system and click Actions | Drive Encryption | Export Recovery Information
            3. Save the XML file to a USB drive
          5. From Software manager, Search for McAfee Drive Encryption and download the "Code of the Day tool"
          6. Launch the Code of the Day tool and get the code of the day
          7. Boot to the DETech disk
          8. Click Enable USB
          9. Authenticate using the XML file
          10. Remove all USBs from the system
          11. Click Select Boot Disk and select the disk
          12. Click restore MBR and click the option to restore MDE MBR

           

          More information can be found in the DETech User Guide (PD24871)

          • 2. Re: MBR on encrypted boot disk changed by backup tool
            jabil-rob

            Thanks for the detailed response. Unfortunately, the bootable disc doesn't recognize USB3 ports and that's all that this laptop has.

             

            Since I don't understand how the specific drive, the software, and the TPM all tie together, I am not sure how to proceed. The options to load the XML seem limited to the "A" and "B" drives, of which I have neither.

             

            I guess I will try to plug in an mSATA drive that is not encrypted in the other slot and see if that gets recognized. Otherwise, it looks like I lose days of data and work hours.

             

            I have backups, but it appears that there's no way to restore the MBR from those. I can image to another drive, but that doesn't seem to work in this case: when I use that drive, the system just says the MBR is corrupted and never gets to the McAfee splash screen for credentials.

             

            It shouldn't be this hard to recover a system that I own that has my data.