Can't boot anymore after Activating Full Disk encryption

Leon Roese · August 23, 2023

Hi,

I 've got the problem that I activate the full disk encryption and then the computer requires a reboot to set the password and so on. The problem is that the window to set the password does not shows up but also I am not able to boot from the windows boot manager anymore.

AAndrejko · August 23, 2023

19 minutes ago, Leon Roese said:

Hi,

I 've got the problem that I activate the full disk encryption and then the computer requires a reboot to set the password and so on. The problem is that the window to set the password does not shows up but also I am not able to boot from the windows boot manager anymore.

Hello Leon,

It sounds like your system has rebooted to do SafeStart however the system is having some kind of issue loading SafeStart or accessing the files to boot back to the OS.

In order to properly diagnose this is the issue please can you use the Recovery Utility to grab the disk information of affected system, steps on that can be viewed here, the process will only take a few minutes - https://support.eset.com/en/kb7894-eset-encryption-recovery-utility-diagnostics#DisplayDiskInfo

Once you have done that, please can you submit a support ticket with the log files from the USB device attached, if we need further logs then we can communicate via the ticket - https://www.eset.com/de/support/kontakt/

Leon Roese · August 23, 2023

Hello AAndrejko,

thanks for your quick reply. Unfortunatly I can't do that because I cannot generate a Restoration file in the protect center, which is required for the encryption recovery utility. The status of the computer in the protect center is that the encryption is not active.

Shall I open a support ticket anyways?

best regards

Leon

AAndrejko · August 23, 2023

Just now, Leon Roese said:

Hello AAndrejko,

thanks for your quick reply. Unfortunatly I can't do that because I cannot generate a Restoration file in the protect center, which is required for the encryption recovery utility. The status of the computer in the protect center is that the encryption is not active.

Shall I open a support ticket anyways?

best regards

Leon

Hello Leon

For this process you don't need the recovery file at all. It's merely at a diagnostics stage at the moment so you'll still be able to get the disk information without the recovery file. Within the media creation tool feel free to select diagnostics only when selecting the product type.

If it's stuck on SafeStart somehow, it usually only requires a couple commands to boot Windows as nothing has been encrypted yet.

Leon Roese · August 24, 2023

Hello AAndrejko,

I' ve booted with the stick now and it tells me, there was an error at the enumeration of the drives. I still cannot boot.

So what is the way to go now?

best regards
Leon

AAndrejko · August 24, 2023

55 minutes ago, Leon Roese said:

Hello AAndrejko,

I' ve booted with the stick now and it tells me, there was an error at the enumeration of the drives. I still cannot boot.

So what is the way to go now?

best regards
Leon

Hi Leon

The case with that is usually the system is using a RAID bus, which we cannot read. The solution to this would be to temporarily go into the BIOS and turn the disk operation mode to AHCI instead of RAID. More info on that here - https://support.eset.com/en/kb8338-error-disk-enumeration-failed-in-eset-endpoint-encryption-or-eset-full-disk-encryption

If that still doesn't work then I'd urge you to submit a ticket straight away with what info you have.

Leon Roese · August 24, 2023

Hello AANdrejko,

Actually I don't think that thinkpad has the bios option because it has not even a raid controller. I opened a ticket already two days ago but no one has contacted me. I opened a new one today also. Shouldn't I get normaly a mail that a new ticket has opened? Because I got no.

Best regards and thanks for everything!

AAndrejko · August 24, 2023

21 minutes ago, Leon Roese said:

Hello AANdrejko,

Actually I don't think that thinkpad has the bios option because it has not even a raid controller. I opened a ticket already two days ago but no one has contacted me. I opened a new one today also. Shouldn't I get normaly a mail that a new ticket has opened? Because I got no.

Best regards and thanks for everything!

Hi Leon,

You may find the switch within the BIOS under Config -> Storage -> Controller Mode. Although I'm unsure what Thinkpad device you have in particular, the emulator has lots listed, so I'm unable to say for sure where it would be.

I can see you've submitted a ticket and it looks like it's being looked at now. I've given the assignee a message now too so hopefully they will be in contact soon, I'll give them all the info we've discussed on here but hopefully with a little more digging into the BIOS you should be able to find that switch to get the drive to detect in the recovery software.

I would also like to mention though if this device is a brand new device, or one where you've got a backup you can restore from, it may be worthwhile to simply wipe and re-install Windows, restore from the backup if you have one. Then before you attempt the process again, grab a diagnostic log from the machine in question and send that to support, steps on that can be viewed here - https://support.eset.com/en/kb7123-eset-encryption-diagnostics-tool .

I do apologise for the issues you've faced with the software, some hardware and certain configurations can cause issues which we can't always detect or work around.

Kind regards,

Ashley

AAndrejko · August 24, 2023

51 minutes ago, Leon Roese said:

Hello AANdrejko,

Actually I don't think that thinkpad has the bios option because it has not even a raid controller. I opened a ticket already two days ago but no one has contacted me. I opened a new one today also. Shouldn't I get normaly a mail that a new ticket has opened? Because I got no.

Best regards and thanks for everything!

Another point that has popped into my mind about this - If you go into the BIOS and go to the security section, then SecureBoot, you may have an option called "Allow Microsoft 3rd party UEFI CA", this option needs to be enabled for our bootloader to function. This is a relatively new thing on certain devices, our bootloader is still signed by Microsoft though. The system may just boot after enabling this if it's disabled.

Leon Roese · August 24, 2023

Hello AANdrejko,

thanks very much for your help it has been the 3rd party UEFI CA. Unfortunatly Lenovo has it deactivated by default so we have to touch every Laptop that we want to encrypt. But now it is working fine.

Thanks A Lot again!

With best regards.
Leon

AAndrejko · August 24, 2023

8 minutes ago, Leon Roese said:

Hello AANdrejko,

thanks very much for your help it has been the 3rd party UEFI CA. Unfortunatly Lenovo has it deactivated by default so we have to touch every Laptop that we want to encrypt. But now it is working fine.

Thanks A Lot again!

With best regards.
Leon

I'm very glad to hear that it has been resolved!

In a future version of our software we do detect whether this has been enabled or not and allow/deny encryption starting when necessary so hopefully you wont run into a non-booting system in the future.

All the best, have a good day.

Sign In

Can't boot anymore after Activating Full Disk encryption

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics