Endpoint Encryption

 View Only

  • 1.  SCCM in-place upgrade task sequence fails because of Encryption software

    Posted Aug 31, 2021 10:55 PM
    Hello All,

    Could anyone assist. I want to upgrade computers in our area (Windows 10 Ent x64 v1809) to Windows 10 Ent x64 v1909). We are using Symantec Endpoint Encryption Client (11.3.0) and Symantec Endpoint Encryption Autologn Client (11.3.0). I created an in-place upgrade task sequence. The users will select it from the SCCM Software Center.

    What do I need to make this work? Do I need to copy Symantec files, run a script,etc? Your help is appreciated.

    Thanks,
    Claudio


  • 2.  RE: SCCM in-place upgrade task sequence fails because of Encryption software
    Best Answer

    Posted Sep 01, 2021 06:29 AM
    Hello.

    Broadcom has a good article here:
    https://knowledge.broadcom.com/external/article/213890

    I would start there.

    I do two things in my own task sequence and I've upgraded Windows 10 twice now.  I actually don't use the "Feature update" entries under "Windows Servicing"  I make an upgrade package and my own task sequence.

    1.  I have a step to set a Task Sequence Variable OSDSetupAdditionalUpgradeOptions with Value /reflectdrivers "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files".

    2.  I've also created a package that enables Autologon for 10 reboots eedAdminCli --Enable-Autologon --count 10 and then I disable Autologon at the end.  I'm not 100% sure if this is really necessary anymore but I leave it in as it's a good check to make sure my devices are configured properly.  If the enable step fails, I'll see it and correct whatever is wrong (SEE is not installed, Autologon is not installed, there are no registered users, etc)

    Hope this is helpful.

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------

    Original Message


  • 3.  RE: SCCM in-place upgrade task sequence fails because of Encryption software

    Posted Sep 02, 2021 03:04 PM
    Mark - Thanks for your input. I'm fairly new to SCCM ( about 1 year in), forgive me, if I ask basic questions. I a have few more.

    TS

    1) I created the step "Set Task Sequence Variable" above the Upgrade Operating System step. Is that okay or should I move it else where?

    2) You only put /reflectdrivers "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files"

    and not the info from below (I saw it in another article on this site).

    setup.exe /Auto Upgrade /DynamicUpdate disable /reflectdrivers  "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files" /Postoobe "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files\setupcomplete.cmd
    Original Message


  • 4.  RE: SCCM in-place upgrade task sequence fails because of Encryption software

    Posted Sep 03, 2021 06:34 AM
    I'll tell you what I know ...

    1.  It should be above the Upgrade step.

    2.  Right, you only put the /reflect drivers part.  This gets added to the actual setup string the upgrade process will use.  If you look through the SMTS log you can find the command the client actually executes with all the switches, including options you select in the Upgrade step and variables like the one you make here.

    Hope this helps.

    ------------------------------
    Best regards!

    Mark Housler
    Help Desk Manager
    GD NASSCO-Norfolk
    mhousler@nassconorfolk.com
    ------------------------------

    Original Message