PGP WDE 9.6 periodically won't boot

We have a bunch of laptops that are using PGP WDE 9.6.  The last batch of laptops we purchased were Dell Latitude E6410s and when we load WDE on these, in about 85% of cases it works fine, in 10% of cases, after entering the password into PGP BootGuard it periodically does not boot but works fine after rebooting and trying again, and in about 5% of cases it refuses to proceed past BootGuard no matter what we do (normal boot, recovery CD, etc).  The only way I have found to boot a system when it gets to this point is to use the recovery CD to decrypt the hard drive.

The problem with this approach is it takes all day, and the employee is meanwhile without a computer.  I've had this problem with 2 out of 30 systems, and both times it worked fine long enough to get deployed to the user, but then stopped booting completely a few days later.

I no longer have support from PGP, and they've told me that if I want to renew my support I would need to purchase all new licenses ($20k+), which is not an option.  I looked through the support forums, but most of the threads there don't end up with any sort of resolution.
LVL 3
FWestonAsked:
Who is Participating?
 
btanExec ConsultantCommented:
if the hdd from the alright machine is swopped with the failing machine, would it still boot up successfully. If it can't, the machine would be suspect else the original hdd would be the suspect.

The assumption is that they are identical but hdd may have different? bios of machine is different? what would be the error for bootguard on the screen e.g. blue screen? memory error dump can be created for offline analysis but that is like troubleshooting for PGP, should not be the case....if it cannot bootup, are there logs available?

For the case of able to boot up without enabling encrypted hdd, this would be the software issue. either the intercept of disk call is not well handled or crypto key is not able to retrieve or firmware is causing the bootguard to fail in setting up for (or during) decryption process. if there are there ome hidden partition from manufacturer, the bootguard should take that into consideration.

it is not going to be straightforward though if come down to troubleshoot. recovery is inevitable else go for file level encryption. If truecrypt can do hdd full encryption successfully on those faulty machine as compared to PGP then the latter's advice need to be consulted. this is the software issue.
0
 
btanExec ConsultantCommented:
Saw this in PGP help list @ https://pgp.custhelp.com/app/answers/detail/a_id/470

ideally the data should be backup (https://pgp.custhelp.com/app/answers/detail/a_id/693) as often since we know WDE is not sure 100% guarantee esp when h/w or s/w (not necessarily PGP) can unexpectedly not performed as expected.

sometimes, h/w provider may have specific recovery partition that may hinders WDE providers and even BIOS support for the smartcard/token stack support at preboot can be another consideration. for s/w, there can be third party defragment solution that shifted critical files (stored in the HDD Sector) and that can contribute to further damage - https://pgp.custhelp.com/app/answers/detail/a_id/495

nonetheless, they should already be sorted out before deployment....for the long process to recover the systems, this is expected risk to take if all the above is taken into consideration. Minimally if we stay with this approach we will want to avoid h/w failure (e.g. use new (or recent) HDD and not "over-reused" and data is constantly backup by users. Or maybe think of SSD but cna be quite expensive

I am thinking to speed up the process it would be faster to clone back (assume no h/w failure) the system partition and mbr while leaving the data partition intact (which typically is the culprit for delay). the challenge is if using cloning we are assuming the protected of the key file are the same but it may changed if using different password but it may be ok since it is the data which we are concerned and should be unique to each user - probably had to seek vendor advice how that can be done - not familiar with PGP capability for customisation.

in all, have separate partition (System and data) and protect them independently as I see that recovering a system partition may be faster.
I do not see changing WDE s/w will help operationally though ... just some thoughts

0
 
btanExec ConsultantCommented:
or maybe we do not want full HDD encryption but only data partition or even go for file container type such as Truecrypt (it does not have enterprise support such as central mgmt though) but user need to store working data in that store. Tough though if we cannot eliminate the remanence totally when using third party application for processing e.g. they can dump to temp application folder normally installed in the system drive (maybe installed it in data partition etc). not full proof solution but depends on risk appetite
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
FWestonAuthor Commented:
I don't think this could be a hardware problem because all of the systems are brand new.  Likewise I don't think it could be software because only 2 out of the 30 systems are affected and they are all identical.

When I decrypt the systems that have trouble booting using a recovery disk, they boot and work just fine once the drive is no longer encrypted.
0
 
FWestonAuthor Commented:
When the issue occurs after entering the passphrase the machine just sits at the bootguard screen and doesn't do anything else.  I do not know if there are logs stored anywhere.  Next time it occurs I will try swapping to another machine to see if it boots.  For now I will award points since I no longer have a faulty machine available to try any of the troubleshooting steps.
0
 
FWestonAuthor Commented:
Unable to test at this time.
0
 
GreenwayCrossCommented:
I have ran into the exact same problem with some new Dell E6410 laptops and PGP 9.6. 2 out of 11 had a problem.  I found updating the BIOS from version 4 to version 7 fixed the problem.  Might be worth a try before doing further troubleshooting of the hard drives.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.