Endpoint Encryption

 View Only

  • 1.  Opal drive issues after Windows 1909 upgrade

    Posted Oct 28, 2020 06:34 AM
    I messed up.

    I upgraded a machine (11.3 5887 HF2) with an Opal compliant drive to Windows 10 1909 (from 1809) without decrypting/uninstalling first as is recommended.

    Now, the computer boots fine with no preboot but the Symantec Drive Encryption Service will not start.  I cannot get the SEE Client Administrator to open which fails with a .NET error on SEEaAdminUIApp.exe.

    If I boot to recovery, it says it cannot initialize the drive but when I do a --recover-disk it says the disk is already instrumented and recovery is not necessary.

    The client does check into the console, although I don't seem to be able to issue a successful decrypt command to it.

    I tried to roll back to 1809 which was successful but no change in behavior.

    So three questions:

    1.  How do I get out of this? :)

    2.  Is it typically a hard and fast rule to decrypt/uninstall with Opal drives?

    3.  I see Windows 10 1909 support is "officially" enabled with 11.3 MP1 HF2.  Does anything think this is the actual problem and *not* the fact that I upgraded an encrypted Opal?

    This is just a test machine so at least that's something ...

    Thanks in advance!

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------


  • 2.  RE: Opal drive issues after Windows 1909 upgrade

    Broadcom Employee
    Posted Oct 28, 2020 11:59 AM
    Hi Mark,

    Are you sure the drive is actually Opal encrypted? Generally, if you would see some kind of message on the interface or in 'eedadmincli --status' about it being Hardware Encrypted:

    I would imagine you would have run into bigger problems if it was Opal and an upgrade occurred, so I'm just doublechecking. It will be helpful to confirm what type of encryption we're dealing with.

    I'm not quite sure why your admin UI would decide to stop functioning after an attempted Windows 10 upgrade but the problem might correct itself if you do upgrade your client to 11.3.0 MP1. I would try that first and foremost. If that doesn't work, do a repair or upgrade your .NET 4.x installation. 

    Original Message


  • 3.  RE: Opal drive issues after Windows 1909 upgrade

    Posted Oct 29, 2020 06:27 AM
    Hi Blake,

    Yes, it shows on the Opal report in the SEE console and shows Hardware Encrypted.

    I asked our systems people to do the MP1 HF2 upgrade so that may be helpful.  I'll give the .NET repair tool a whirl.  I didn't think of that.

    Thanks.

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------

    Original Message


  • 4.  RE: Opal drive issues after Windows 1909 upgrade

    Posted Oct 30, 2020 06:38 AM
    Hello again Blake,

    Well I'm not exactly sure why but the .NET repair tool absolutely worked.  The Admin tool opens again and I was able to get everything uninstalled.

    Thanks for the suggestion!

    I'm on a support case with Symantec about why in the world we have to decrypt and uninstall SEE completely on a hardware encrypted drive. :)

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------

    Original Message