Solved

PGP WDE 9.6 periodically won't boot

Posted on 2011-03-10
9
659 Views
Last Modified: 2012-05-11
We have a bunch of laptops that are using PGP WDE 9.6.  The last batch of laptops we purchased were Dell Latitude E6410s and when we load WDE on these, in about 85% of cases it works fine, in 10% of cases, after entering the password into PGP BootGuard it periodically does not boot but works fine after rebooting and trying again, and in about 5% of cases it refuses to proceed past BootGuard no matter what we do (normal boot, recovery CD, etc).  The only way I have found to boot a system when it gets to this point is to use the recovery CD to decrypt the hard drive.

The problem with this approach is it takes all day, and the employee is meanwhile without a computer.  I've had this problem with 2 out of 30 systems, and both times it worked fine long enough to get deployed to the user, but then stopped booting completely a few days later.

I no longer have support from PGP, and they've told me that if I want to renew my support I would need to purchase all new licenses ($20k+), which is not an option.  I looked through the support forums, but most of the threads there don't end up with any sort of resolution.
0
Comment
Question by:FWeston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
9 Comments
 
LVL 64

Expert Comment

by:btan
ID: 35119821
Saw this in PGP help list @ https://pgp.custhelp.com/app/answers/detail/a_id/470

ideally the data should be backup (https://pgp.custhelp.com/app/answers/detail/a_id/693) as often since we know WDE is not sure 100% guarantee esp when h/w or s/w (not necessarily PGP) can unexpectedly not performed as expected.

sometimes, h/w provider may have specific recovery partition that may hinders WDE providers and even BIOS support for the smartcard/token stack support at preboot can be another consideration. for s/w, there can be third party defragment solution that shifted critical files (stored in the HDD Sector) and that can contribute to further damage - https://pgp.custhelp.com/app/answers/detail/a_id/495

nonetheless, they should already be sorted out before deployment....for the long process to recover the systems, this is expected risk to take if all the above is taken into consideration. Minimally if we stay with this approach we will want to avoid h/w failure (e.g. use new (or recent) HDD and not "over-reused" and data is constantly backup by users. Or maybe think of SSD but cna be quite expensive

I am thinking to speed up the process it would be faster to clone back (assume no h/w failure) the system partition and mbr while leaving the data partition intact (which typically is the culprit for delay). the challenge is if using cloning we are assuming the protected of the key file are the same but it may changed if using different password but it may be ok since it is the data which we are concerned and should be unique to each user - probably had to seek vendor advice how that can be done - not familiar with PGP capability for customisation.

in all, have separate partition (System and data) and protect them independently as I see that recovering a system partition may be faster.
I do not see changing WDE s/w will help operationally though ... just some thoughts

0
 
LVL 64

Expert Comment

by:btan
ID: 35119867
or maybe we do not want full HDD encryption but only data partition or even go for file container type such as Truecrypt (it does not have enterprise support such as central mgmt though) but user need to store working data in that store. Tough though if we cannot eliminate the remanence totally when using third party application for processing e.g. they can dump to temp application folder normally installed in the system drive (maybe installed it in data partition etc). not full proof solution but depends on risk appetite
0
 
LVL 3

Author Comment

by:FWeston
ID: 35122113
I don't think this could be a hardware problem because all of the systems are brand new.  Likewise I don't think it could be software because only 2 out of the 30 systems are affected and they are all identical.

When I decrypt the systems that have trouble booting using a recovery disk, they boot and work just fine once the drive is no longer encrypted.
0
WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 35220184
if the hdd from the alright machine is swopped with the failing machine, would it still boot up successfully. If it can't, the machine would be suspect else the original hdd would be the suspect.

The assumption is that they are identical but hdd may have different? bios of machine is different? what would be the error for bootguard on the screen e.g. blue screen? memory error dump can be created for offline analysis but that is like troubleshooting for PGP, should not be the case....if it cannot bootup, are there logs available?

For the case of able to boot up without enabling encrypted hdd, this would be the software issue. either the intercept of disk call is not well handled or crypto key is not able to retrieve or firmware is causing the bootguard to fail in setting up for (or during) decryption process. if there are there ome hidden partition from manufacturer, the bootguard should take that into consideration.

it is not going to be straightforward though if come down to troubleshoot. recovery is inevitable else go for file level encryption. If truecrypt can do hdd full encryption successfully on those faulty machine as compared to PGP then the latter's advice need to be consulted. this is the software issue.
0
 
LVL 3

Author Comment

by:FWeston
ID: 35315354
When the issue occurs after entering the passphrase the machine just sits at the bootguard screen and doesn't do anything else.  I do not know if there are logs stored anywhere.  Next time it occurs I will try swapping to another machine to see if it boots.  For now I will award points since I no longer have a faulty machine available to try any of the troubleshooting steps.
0
 
LVL 3

Author Closing Comment

by:FWeston
ID: 35315359
Unable to test at this time.
0
 

Expert Comment

by:GreenwayCross
ID: 35441816
I have ran into the exact same problem with some new Dell E6410 laptops and PGP 9.6. 2 out of 11 had a problem.  I found updating the BIOS from version 4 to version 7 fixed the problem.  Might be worth a try before doing further troubleshooting of the hard drives.
0

Featured Post

Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question