Workstation ID changes on computers installed with Full Disk Encryption (FDE). Password Recovery unavailable.

[Chelopher 0]

Hi Team,

We're experiencing a very strange problem with some of our laptops that are installed with FDE.

I should start by saying that these computers are brand new and they're being encrypted with FDE for the first time. The instalaltion and encryption process happens smoothly, as per AIS logs info a workstation ID is assigned correctly to the computer (that assigned workstation Id matches with the one listed for the computer in question on ESET Protect Console) and final user is able to setup his/her password.  During boot up, owners are shown with FDE credentials black screen so they enter their password and everything works as expected at that point.  Problems start to come up 48 hours later of the initial FDE setup, all of a sudden, owners report that their FDE password is not alonger ccepted and when we try to do a recovery via Console  we realize that the worksation ID listed at the bottom of the FDE credential screen does not match with the one listed in the console for that computer. If we search on console using the new Workstation ID (the one listed on the client's FDE black screen) no computer associated to it can be found. The discrepancy between workstation ID invalids all the recovery options available forcing the O.S  to be wiped out.

We've faced this problem around 5 times particularly with HP laptop model Laptop 15-dw3xxx, any ideas about what could be causing this?

Thanks in advanced.

 

 

[Kstainton 21]

Hi @Chelopher,

May I request you report this issue to your local ESET Support Office via the following link: https://www.eset.com/int/support/contact/

Please include a copy of the following logs: https://support.eset.com/en/kb7894-eset-encryption-recovery-utility-diagnostics#SearchForMeta along with all the other details you have provided. This will require more investigation than we are able to provide over the forum.

Also, please provide the version of ESET Full Disk Encryption that you use.

Thank you,

Kieran

Edited October 17, 2022 by Kstainton

[Chelopher 0]

Hi Kstainton,

We contacted them since last week.

Here's the log you requested:

 

14/10/2022-15:53:50 : Please select process to perform: 14/10/2022-15:53:58 : 1 14/10/2022-15:53:58 : Error flag set. (A00) 14/10/2022-15:53:58 : 14/10/2022-15:53:58 : Master Disk is missing data. 14/10/2022-15:53:58 : 14/10/2022-15:53:59 : System Data block 14/10/2022-15:53:59 : 14/10/2022-15:53:59 : 14/10/2022-15:53:59 : Decryption process can not begin. 14/10/2022-15:53:59 : ************** 14/10/2022-15:53:59 : ERROR 14/10/2022-15:53:59 : ************** 14/10/2022-15:53:59 : 14/10/2022-15:53:59 : Please contact support, providing the information above (0x8) 14/10/2022-15:53:59 : ************** 14/10/2022-15:54:02 : 14/10/2022-15:54:02 : --------------------------------------------------

That is happening with all of them.

 

[Kstainton 21]

Hi @Chelopher,

Do you have a Case Number or Contact Name? I will get in touch with them to escalate this to the correct team to handle this case for you properly as we will need to investigate this with the Developers of the product.

However, in regards to the issue you have just shown me.

What happens if you change the BIOS Disk Mode / SATA Mode from RAID to AHCI, does this allow the disks to enumerate using the ESET Recovery Utility?

If that option does not exist, or it is already set to AHCI, what happens if you setup the ESET Recovery Utility USB using the EFI USB option instead of the WIN RE option? Does it allow the disks to enumerate?

Thank you,

Kieran

Edited October 17, 2022 by Kstainton

[Chelopher 0]

Hi Kstainton,

This is what they provided to us:

[Ticket#1139121] - Sesión Rescue ID: 967123251.

We saw the steps you mentioned on a Forum however, this particular model does not have that option so we will experiment setting the recovery to EFI USB and let you know.