Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PGP WDE 9.6 periodically won't boot

Posted on 2011-03-10
9
Medium Priority
?
676 Views
Last Modified: 2012-05-11
We have a bunch of laptops that are using PGP WDE 9.6.  The last batch of laptops we purchased were Dell Latitude E6410s and when we load WDE on these, in about 85% of cases it works fine, in 10% of cases, after entering the password into PGP BootGuard it periodically does not boot but works fine after rebooting and trying again, and in about 5% of cases it refuses to proceed past BootGuard no matter what we do (normal boot, recovery CD, etc).  The only way I have found to boot a system when it gets to this point is to use the recovery CD to decrypt the hard drive.

The problem with this approach is it takes all day, and the employee is meanwhile without a computer.  I've had this problem with 2 out of 30 systems, and both times it worked fine long enough to get deployed to the user, but then stopped booting completely a few days later.

I no longer have support from PGP, and they've told me that if I want to renew my support I would need to purchase all new licenses ($20k+), which is not an option.  I looked through the support forums, but most of the threads there don't end up with any sort of resolution.
0
Comment
Question by:FWeston
  • 3
  • 3
7 Comments
 
LVL 65

Expert Comment

by:btan
ID: 35119821
Saw this in PGP help list @ https://pgp.custhelp.com/app/answers/detail/a_id/470

ideally the data should be backup (https://pgp.custhelp.com/app/answers/detail/a_id/693) as often since we know WDE is not sure 100% guarantee esp when h/w or s/w (not necessarily PGP) can unexpectedly not performed as expected.

sometimes, h/w provider may have specific recovery partition that may hinders WDE providers and even BIOS support for the smartcard/token stack support at preboot can be another consideration. for s/w, there can be third party defragment solution that shifted critical files (stored in the HDD Sector) and that can contribute to further damage - https://pgp.custhelp.com/app/answers/detail/a_id/495

nonetheless, they should already be sorted out before deployment....for the long process to recover the systems, this is expected risk to take if all the above is taken into consideration. Minimally if we stay with this approach we will want to avoid h/w failure (e.g. use new (or recent) HDD and not "over-reused" and data is constantly backup by users. Or maybe think of SSD but cna be quite expensive

I am thinking to speed up the process it would be faster to clone back (assume no h/w failure) the system partition and mbr while leaving the data partition intact (which typically is the culprit for delay). the challenge is if using cloning we are assuming the protected of the key file are the same but it may changed if using different password but it may be ok since it is the data which we are concerned and should be unique to each user - probably had to seek vendor advice how that can be done - not familiar with PGP capability for customisation.

in all, have separate partition (System and data) and protect them independently as I see that recovering a system partition may be faster.
I do not see changing WDE s/w will help operationally though ... just some thoughts

0
 
LVL 65

Expert Comment

by:btan
ID: 35119867
or maybe we do not want full HDD encryption but only data partition or even go for file container type such as Truecrypt (it does not have enterprise support such as central mgmt though) but user need to store working data in that store. Tough though if we cannot eliminate the remanence totally when using third party application for processing e.g. they can dump to temp application folder normally installed in the system drive (maybe installed it in data partition etc). not full proof solution but depends on risk appetite
0
 
LVL 3

Author Comment

by:FWeston
ID: 35122113
I don't think this could be a hardware problem because all of the systems are brand new.  Likewise I don't think it could be software because only 2 out of the 30 systems are affected and they are all identical.

When I decrypt the systems that have trouble booting using a recovery disk, they boot and work just fine once the drive is no longer encrypted.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 35220184
if the hdd from the alright machine is swopped with the failing machine, would it still boot up successfully. If it can't, the machine would be suspect else the original hdd would be the suspect.

The assumption is that they are identical but hdd may have different? bios of machine is different? what would be the error for bootguard on the screen e.g. blue screen? memory error dump can be created for offline analysis but that is like troubleshooting for PGP, should not be the case....if it cannot bootup, are there logs available?

For the case of able to boot up without enabling encrypted hdd, this would be the software issue. either the intercept of disk call is not well handled or crypto key is not able to retrieve or firmware is causing the bootguard to fail in setting up for (or during) decryption process. if there are there ome hidden partition from manufacturer, the bootguard should take that into consideration.

it is not going to be straightforward though if come down to troubleshoot. recovery is inevitable else go for file level encryption. If truecrypt can do hdd full encryption successfully on those faulty machine as compared to PGP then the latter's advice need to be consulted. this is the software issue.
0
 
LVL 3

Author Comment

by:FWeston
ID: 35315354
When the issue occurs after entering the passphrase the machine just sits at the bootguard screen and doesn't do anything else.  I do not know if there are logs stored anywhere.  Next time it occurs I will try swapping to another machine to see if it boots.  For now I will award points since I no longer have a faulty machine available to try any of the troubleshooting steps.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 35315359
Unable to test at this time.
0
 

Expert Comment

by:GreenwayCross
ID: 35441816
I have ran into the exact same problem with some new Dell E6410 laptops and PGP 9.6. 2 out of 11 had a problem.  I found updating the BIOS from version 4 to version 7 fixed the problem.  Might be worth a try before doing further troubleshooting of the hard drives.
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question