Solved

PGP WDE 9.6 periodically won't boot

Posted on 2011-03-10
9
619 Views
Last Modified: 2012-05-11
We have a bunch of laptops that are using PGP WDE 9.6.  The last batch of laptops we purchased were Dell Latitude E6410s and when we load WDE on these, in about 85% of cases it works fine, in 10% of cases, after entering the password into PGP BootGuard it periodically does not boot but works fine after rebooting and trying again, and in about 5% of cases it refuses to proceed past BootGuard no matter what we do (normal boot, recovery CD, etc).  The only way I have found to boot a system when it gets to this point is to use the recovery CD to decrypt the hard drive.

The problem with this approach is it takes all day, and the employee is meanwhile without a computer.  I've had this problem with 2 out of 30 systems, and both times it worked fine long enough to get deployed to the user, but then stopped booting completely a few days later.

I no longer have support from PGP, and they've told me that if I want to renew my support I would need to purchase all new licenses ($20k+), which is not an option.  I looked through the support forums, but most of the threads there don't end up with any sort of resolution.
0
Comment
Question by:FWeston
  • 3
  • 3
9 Comments
 
LVL 61

Expert Comment

by:btan
ID: 35119821
Saw this in PGP help list @ https://pgp.custhelp.com/app/answers/detail/a_id/470

ideally the data should be backup (https://pgp.custhelp.com/app/answers/detail/a_id/693) as often since we know WDE is not sure 100% guarantee esp when h/w or s/w (not necessarily PGP) can unexpectedly not performed as expected.

sometimes, h/w provider may have specific recovery partition that may hinders WDE providers and even BIOS support for the smartcard/token stack support at preboot can be another consideration. for s/w, there can be third party defragment solution that shifted critical files (stored in the HDD Sector) and that can contribute to further damage - https://pgp.custhelp.com/app/answers/detail/a_id/495

nonetheless, they should already be sorted out before deployment....for the long process to recover the systems, this is expected risk to take if all the above is taken into consideration. Minimally if we stay with this approach we will want to avoid h/w failure (e.g. use new (or recent) HDD and not "over-reused" and data is constantly backup by users. Or maybe think of SSD but cna be quite expensive

I am thinking to speed up the process it would be faster to clone back (assume no h/w failure) the system partition and mbr while leaving the data partition intact (which typically is the culprit for delay). the challenge is if using cloning we are assuming the protected of the key file are the same but it may changed if using different password but it may be ok since it is the data which we are concerned and should be unique to each user - probably had to seek vendor advice how that can be done - not familiar with PGP capability for customisation.

in all, have separate partition (System and data) and protect them independently as I see that recovering a system partition may be faster.
I do not see changing WDE s/w will help operationally though ... just some thoughts

0
 
LVL 61

Expert Comment

by:btan
ID: 35119867
or maybe we do not want full HDD encryption but only data partition or even go for file container type such as Truecrypt (it does not have enterprise support such as central mgmt though) but user need to store working data in that store. Tough though if we cannot eliminate the remanence totally when using third party application for processing e.g. they can dump to temp application folder normally installed in the system drive (maybe installed it in data partition etc). not full proof solution but depends on risk appetite
0
 
LVL 3

Author Comment

by:FWeston
ID: 35122113
I don't think this could be a hardware problem because all of the systems are brand new.  Likewise I don't think it could be software because only 2 out of the 30 systems are affected and they are all identical.

When I decrypt the systems that have trouble booting using a recovery disk, they boot and work just fine once the drive is no longer encrypted.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 35220184
if the hdd from the alright machine is swopped with the failing machine, would it still boot up successfully. If it can't, the machine would be suspect else the original hdd would be the suspect.

The assumption is that they are identical but hdd may have different? bios of machine is different? what would be the error for bootguard on the screen e.g. blue screen? memory error dump can be created for offline analysis but that is like troubleshooting for PGP, should not be the case....if it cannot bootup, are there logs available?

For the case of able to boot up without enabling encrypted hdd, this would be the software issue. either the intercept of disk call is not well handled or crypto key is not able to retrieve or firmware is causing the bootguard to fail in setting up for (or during) decryption process. if there are there ome hidden partition from manufacturer, the bootguard should take that into consideration.

it is not going to be straightforward though if come down to troubleshoot. recovery is inevitable else go for file level encryption. If truecrypt can do hdd full encryption successfully on those faulty machine as compared to PGP then the latter's advice need to be consulted. this is the software issue.
0
 
LVL 3

Author Comment

by:FWeston
ID: 35315354
When the issue occurs after entering the passphrase the machine just sits at the bootguard screen and doesn't do anything else.  I do not know if there are logs stored anywhere.  Next time it occurs I will try swapping to another machine to see if it boots.  For now I will award points since I no longer have a faulty machine available to try any of the troubleshooting steps.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 35315359
Unable to test at this time.
0
 

Expert Comment

by:GreenwayCross
ID: 35441816
I have ran into the exact same problem with some new Dell E6410 laptops and PGP 9.6. 2 out of 11 had a problem.  I found updating the BIOS from version 4 to version 7 fixed the problem.  Might be worth a try before doing further troubleshooting of the hard drives.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now