Solved

Truecrypt boots to black screen on server 2008 r2

Posted on 2013-11-08
6
686 Views
Last Modified: 2015-02-08
I'd thought i would take a chance by asking this question here as well as the truecrypt forum.

I have a medical business customer that wants the entire hdd drive on their server encrypted.  Easy enough right?  well so i encrypt using truecrypt.  everything works great.  about 3 weeks later though the server when it boots up stops at the truecrypt boot up screen wanting the password.  and once you put the password in, it begins booting up.  i see the windows logo with the scrolling from left to right at the bottom of the screen.  that logo then dissapears and a black screen shows up.  and it sits there never coming to the blue ctrl-alt-del screen.  
        so i decrypted the system and it boots fine now.  but this hdd needs to be encrypted so i went through the motions of re-encrypting the hdd and i reburned the rescue disc and truecrypt wants to do the pretest of rebooting.  when i reboot, again it stop at a black screen.  at the black screen the server hdd light is blinking to show activity, but i let it sit for 3 hrs and nothing.  I then reset the computer and let it reboot and press esc instead of typing the password and the server boots up to windows only to tell me that truecrypt failed the pretest.  Any suggestions?
0
Comment
Question by:BNCAdmin
6 Comments
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39635009
Server HDD's are not typically encrypted in this way. you have to understand that Full Disk Encryption only protects data at rest, when the OS is not running. When it's booted, the HDD looks no different to a networked attacker or a trojan than any other running windows OS.
Have a look at my article here:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html

If the encryption is to protect against physical theft, then you want full disk encryption. If it's to comply with HIPAA, then you've not encrypted anything at all when the OS is running.
-rich
0
 
LVL 54

Accepted Solution

by:
McKnife earned 250 total points
ID: 39638204
You can of course use truecrypt for servers if you want to protect against theft. If it does not work out, uninstall truecrypt, reboot and try disk cryptor, a truecrypt spin-off.
If that does not work, take the built-in bitlocker.
0
 
LVL 1

Author Closing Comment

by:BNCAdmin
ID: 39656302
After reviewing the replies, we researched the built-in bitlocker and decided to install this option.  This was completed this weekend and will be delivered to the customer today.  

Thanks for the replies.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 54

Expert Comment

by:McKnife
ID: 39656378
Ok.

Make your customer aware that with a fully encrypted system, any reboot will require the passphrase, so any automatic bluescreen-reboot, too! Unless you used a TPM without PIN.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39656409
And the encryption is only protecting the drives from theft :) The data is not safer when the OS is running.
-rich
0
 

Expert Comment

by:peteviti
ID: 40597565
I installed true crypt. I did not activate any encryption. But I rebooted and I now I have a black screen on all users. How do I turn off black screen? Please help pete.viti@gmail.com
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question