Columbus Endpoint Management User Group

 View Only
  • 1.  PGP upgrade unable to unlock disk

    Posted Aug 29, 2013 11:40 AM

     

    Friday of last week we started a client upgrade of Windows XP machines that had version 9.12.0.1035 of PGP WDE.  This was pushed out via Altiris and was a standard MSI with a transform (with our customizations) of version 10.3.0.9060 (10.3 MP1).  This package combination was tested extensively, however a new issue has cropped up that I have never seen before on any upgrade (we have been using PGP since late 2008).

     

    Environment:

    • PGP Universal Server version 3.2.1.4869 (cluster with 2 servers different data centers)
    • Clients ranging from 9.12.0.1035 up to 10.3.0.9060
    • Windows XP 32bit up to Windows 7 64bit
    • Altiris 7.1

    Sequence of events:

    1. Client is upgraded (silent install)
    2. Client reboots (on their own)
    3. Client cannot authenticate to the BootGuard screen with their password
    4. Client calls the help desk
    5. Token from the server will not work on the BootGuard screen
    6. case is sent to me
    7. Backdoor password set on policy will not work

    I have also tried the recover command without any success and cannot unlock the drive.  The oddity with this issue is that on the BootGuard screen, the client ID shows all "0's" (screen shot attached).  Also when I slave the disk and run the list users command PGP reports back "no users found!" (screen shot attached).

     As of right now I have halted our Altiris deployment until I can find out what has happened here.  I also have a case opened with Symantec (05002808) and have escalated as there have been at least 2 instances confirmed and possibly 3 more.  I'm hoping someone from the community can assist on this one.



  • 2.  RE: PGP upgrade unable to unlock disk

    Posted Sep 30, 2013 03:00 AM

    I'm not sure what is causing this but If you have an affected machine that you can test on, try this:

    1.Boot using PGP WinPE Recovery CD

    2. Run pgpwde --recover -d <disk number> -p <passphrase>

    try the --recover command without -p tag if the command does not work.

    Let me know what happens.