Jump to content

Unable to encrypt second drive on client computer


Mr.Gains
 Share

Recommended Posts

We're experiencing an issue where a client installed another drive on their machine, and it's not recognizing the disk for encryption. If we disable this disk we can do the encryption. I made sure it was unencrypted, and it's empty and tested with a test file (to have some sort of size to recognize it's unencrypted). Disk with issue: SHGP31-1000GM-2

ESET products: 

ESET Management Agent 8.0.1238.0

ESET Endpoint Security 8.0.2028.0     ESET Full Disk Encryption 1.2.4.12

Errors: When turning back on the Disk after installing EFDE : "Unable to start the system due to a problem accessing vital encryption data. Reason Code: 2 Meta Data is incorrect"

When enable all drives then install EFDE, the system just sits there "not encrypted, data is not protected" after the first restart (before setting password which is where we're trying to get to). Only error I see is the recovery data is not in sync with server in the status, which I uninstall/install EFDE and the error shows up after (I waited for alerts to clear before the first restart). Logs show that it retrieve the license and that all disks are supported.

Did I miss something or is the new disk not compatible with EFDE?

Thanks,

 

Link to comment
Share on other sites

  • ESET Staff

Hi @Mr.Gains,

Thank you for getting in touch, may I suggest you contact your local ESET Support office via the following link: https://www.eset.com/us/about/contact/ as this will need investigating further, which I cannot provide over our forum due to the complexity behind some of these issues. When getting in touch with your local ESET Support office, could you provide the following logs from your machine: https://support.eset.com/en/kb7123-eset-endpoint-encryption-diagnostics-utility

Thank you,

Kieran

Link to comment
Share on other sites

Turns out we had to manually clear the TPM on the device, which then we're able to start the encryption. Something I have to note next time I go through the process, but I thought EFDE clear the TPM when taking over?

Link to comment
Share on other sites

Posted (edited)
2 hours ago, Mr.Gains said:

Turns out we had to manually clear the TPM on the device, which then we're able to start the encryption. Something I have to note next time I go through the process, but I thought EFDE clear the TPM when taking over?

Hum .........

Had no idea that SSD's are now including a TPM chip.

However, I did read that drive manufacturers are starting to include anti-ransomware protection at the firmware level. I don't know if clearing the TPM was a wise move. It may have also erased the built-in anti-ransomware; i.e. anti-encryption, protection.

Edited by itman
Link to comment
Share on other sites

  • ESET Staff
Posted (edited)
12 hours ago, Mr.Gains said:

Turns out we had to manually clear the TPM on the device, which then we're able to start the encryption. Something I have to note next time I go through the process, but I thought EFDE clear the TPM when taking over?

I am glad you managed to resolve the issue :D  

However, I am afraid I can't provide any definitive answers about what could have caused this now it is resolved. As it would all be theoretical at this point, without logging etc. to assist beforehand.

Edited by Kstainton
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...