File Share Encryption

 View Only
Expand all | Collapse all

Encryption does not go past 0%

Migration User

Migration UserAug 30, 2012 11:50 AM

  • 1.  Encryption does not go past 0%

    Posted Aug 29, 2012 06:13 PM

    PGP Desktop encryption shows the status as paused at 0.0% complete. It has not progressed in several weeks. The message at the bottom says Encryption has been paused but the disk is fully functional. The disk is partially encrypted and is not secure. Click resume to finish the encryption process.

    When I click Resume it sometimes will prompt for the PGP password, but then nothing happens after it's entered.

    I tried running the command: pgpwde --resume -d 0 --passphrase "your passphrase" and it says the resume command was sent successfully, but it still does not progress. I cannot uninstall PGP Desktop because it says the disk is partially encrypted.

    The laptop has Windows 7 64 bit.



  • 2.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 05:15 AM

    Assuming the disk in question is disk 0 (you can check by running pgpwde --enum check the following:

    pgpwde --status --disk 0. Take a note of the number of sectors and the highwatermark figures.  The highwatermark is the number of sectors that have been encrypted.  It will also tell you if bootguard is actually enabled or not.

     

    You might be better off seeing if you can decrypt too, then try again:

     

    pgpwde --decrypt --disk <number> --passphrase <phrase> --all 

     



  • 3.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 08:42 AM

    Ok, it looks like the drive is listed as Disk 0. Here is the output from the enum command:

    Total number of installed fixed/removable storage device: 1

    Disk 0 has 1 online volumes:

    volume C is on partition 2 with offset 206848


    Then I tried the decrypt command and got error code -12287: WDE: Operation not allowed by administrative policy.

    I am logged in as an administrator.



  • 4.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 09:12 AM

    Is this a stand-alone environment?  You might want to look at the policy, its not allowing you to decrypt.



  • 5.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 10:03 AM

    This is an enterprise environment but there are other laptops able to encrypt just fine, so it seems to be a problem on this machine.



  • 6.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 10:49 AM

    was the number of sectors and the highwatermark the same? 

    Has bootguard actually enabled yet? 



  • 7.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 10:56 AM

    I'm not sure what you mean by checking the highwatermark. Bootguard is enabled. I do have to log into the laptop with a PGP passphrase.



  • 8.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 11:50 AM

    what does pgpwde --status --disk 0 give you?



  • 9.  RE: Encryption does not go past 0%

    Posted Aug 30, 2012 04:58 PM

    This is what pgpwde --status should look like if it's fully encrypted:


    "c:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde.
    exe" --status --disk 0
    Disk 0 is instrumented by bootguard.
      Current key is valid.
    Whole disk encrypted
      Total sectors: 250069680 highwatermark: 250069618 reserved start sectors: 62
    Failed login attempt lockout enabled. Max failures=5
    Request sent to Disk status was successful

    The "watermark" that weevil describes is the total sectors vs highwatermark. You should always have total sectors - start sectors for your high watermark if it's complete. If highwtaermark is at a much lower number, encryption is still in progress. The watermark is a number that is incrimentally updated based on the encryption progress.

    BTW:

    Many issues with encryption pausing or not completing can be resolved by following our WDE best practices KBA here:

    http://www.symantec.com/docs/TECH149543



  • 10.  RE: Encryption does not go past 0%

    Posted Sep 04, 2012 11:55 AM

    When I run the status command, I get the following output:

    _____

    Disk 0 is instrumented by bootguard.

    Encryption process interrupted by user request.

    Current key is valid

    Whole disk encrypted

    Total sectors: 488397101

    Request sent to disk was successful.

    ____

    In the PGP Desktop program window, it says encryption is paused at 0% and if I hit Resume nothing happens. Running the resume command in command prompt also does not trigger it to start encrypting. Is there a way to clear that error that encryption process was interrupted by user request?



  • 11.  RE: Encryption does not go past 0%

    Posted Sep 04, 2012 06:42 PM

    You can try:

     

    pgpwde --stop --disk 0 -p "passphrase here"

    Then

    pgpwde --decrypt --disk 0 - p "passphrase here"

    Then

    Let decryption finish (uninstrumenting)

    THen re-encrypt

    pgpwde --secure --disk 0 -p "passphrase here"

     

    If that does not work,I would suggest reading the KB article that I posted on the 30th and making sure that you are following all the best practices for encryption.

     

    One of the number on contributors that comes to mind is if you are using a software RAID of any kind or else dynamic volumes for your partioning. This can cause problems with encrypting the drive and is not supported.

     



  • 12.  RE: Encryption does not go past 0%

    Posted Sep 04, 2012 09:42 PM

    by the way, you might want to see if the following KB article may apply:

     

    http://www.symantec.com/docs/TECH165872



  • 13.  RE: Encryption does not go past 0%

    Posted Sep 05, 2012 06:21 AM

    Have you tried booting from a PGP recovering CD and trying to decrypt the small amount that was encrypted from that?



  • 14.  RE: Encryption does not go past 0%

    Posted Sep 07, 2012 02:30 AM

    you might want to check https://www-secure.symantec.com/connect/forums/pgp-dektop-not-starting-encrypt  for similar case we are still suffering and its current status.

     



  • 15.  RE: Encryption does not go past 0%
    Best Answer

    Posted Sep 08, 2012 10:24 AM

    Unfortunately since so much time had been spent on this one, I went ahead and reformatted the drive and started over. After that, encryption went through with no problems.