Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 18314 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sector-based initial encryption of drive C: failed, reason: 1354

Vanilla_Gorilla

Has anyone seen this message before?

I have been getting this on a batch of Lenovo T520's.

I have also successfully got safe guard encrpytion working on some of these as well.

Basically the client installs, the PoA is active, the macine receives the policy from the enterprise console, but the necryption process wont start.

Some of the clients are not even reporting an error to the console.

I have opened a ticket with SOPHOS....

Anyone seen this before, or ran into this?

We are using safeguard 5.61.0.25 in conjunction with the enterprise management console (not the encrpytion management console)...

:27689


This thread was automatically locked due to age.
  • 0

    Hi Vanilla_Gorilla,

    I have seen this error before and a common cause for this can be incorrect /not matching information about the physical and logical harddisk parameters (i.e. if you created a base image on a machine and restored the image to a new machine with a different harddisk size).
    For security and data integrity reasons, SafeGuard Enterprise / Sophos Disk Encryption Client does not start the encryption in this case.

    To verify if that is the exact issue, I'd suggest to enable the Tracing (logging) mechanism of the product, reboot the machine and provide support with the logfile.

    How to Activate the tracefile? > http://www.sophos.com/en-us/support/knowledgebase/108081.aspx   [Edit: link has been corrected]

    Regards,

    ChrisD

    :28255
  • 0

    'scuse me for chiming in - nothing to add other than a small correction: SafeGuard Enterprise: How to enable tracing functionality

    Christian

    :28257
  • 0

    Thanks QC, I've updated the link above :)

    Regards,

    ChrisD

    :28259
  • 0

    Hi everyone, thanks for the responses. Sorry I could not get back to everyone quickly. I have opened a support case, but I am still not sure how to fix this or what to do. The error appears to be because of a different volume size.

    Below is the resonse I got form support: I don't know what link

    Sorry for the delay in getting back to you. The tracefile shows the following errors: BDC_ERR_WRONGVOLUMESIZE
    Can you please follow the article below on the laptop in question.
    ----------------------------------------- Sophos Internal Only Article Article ID:113028 Linked Article:Error "The kernel volume couldn't be opened" -----------------------------------------

    Issue
    Initial encryption doesn't start. Symptomps (not always all are present)
    • SGN user state = pending
    • application event log shows: kernel initialization has failed. Internal code: 0x00007562
    • SGN trace log: Error occured: code=[1351], text=[The kernel volume couldn't be opened]
    if SGN trace log shows: EncryptVolume]=reason=[48]-  Description0[BDC_ERR_WRONGVOLUMESIZE],result=[0x54a] - please follow the KBA 112906
    Known to apply to the following Sophos product(s) and version(s) SafeGuard Enterprise Device Encryption
    All supported operating systems All supported OS
    What to do
    This issue is known to be caused by several factors, here is the summary:
     
     
    Possible causeWhat to do
    Disk ErrorsIf the preinstall steps were not executed:
    • remove SGN Client and SGN Client Configuration
    • reboot
    • run chkdsk %systemdrive% /f /x /v /r
    • 4. reinstall SGN Client and SGN Client Configuration
    BIOS hard drive protection
    • Check BIOS settings - disable relevant settings if exist
    • reinstall SGN Client and SGN Client Configuration
    AntiVirus/endpoint security software, software deployment solutions, backup/imaging software
    • Disable the software in question
    • reinstall SGN Client and SGN Client Configuration

    -----------------------------------------

    Unfortunately none of these seem to apply to my case. I do a check disk and a bootrec /fixmbr on all the machines before I install SGN. I don't know of any bios setting that would fix this. I have encrpyted my pc (same model and type of T520), but it was installed from scratch. So, I already made a new image, but there are some laptops that have already been imaged and I am trying to avoid re-imaging them.

    Any suggestions on what I could do would be greatly appreciated.

    :33003
Unfiltered HTML