The first recovery option to try, is to do an emergency boot on an encrypted systems that is having problems booting up. To be able to do an emergency boot, the Crypt List information should bee present. This option will bypass preboot (PBFS) and go straight into to the OS. Once the OS loads, Drive Encryption will go into recovery mode and fix any issue related to preboot.
Start your computer with the bootable EETech/DETech USB or CD, after authenticated and authorized, follow the next steps:
- Once authorize and authenticated all the options should be available. Click on “Emergency Boot”.
- A pop-up will open letting you know that EETech/DETech will try to do an emergency boot, click “OK”.
- On the next screen, it will ask if your doing an emergency boot to a Windows XP system. For this example I am using Windows 7, click no, unless you are trying to recover a Windows XP system.
- EETech/DETech will try to boot the system. If the OS is corrupted and cannot start, there are other recovery options. Once the system has booted to the OS right click on the McAfee Agent icon, select “Quick Setting>Show Drive Encryption Status”.
- When Drive Encryption monitor is open, you should see the system state in “Recovery”. At this point no user interaction is needed.
- Shortly after you will see some text scrolling, MDE will check with ePO for users assign.
- Once the users are added, it will start creating Preboot File system and start the activation.
- Once PBFS is complete, they system key is backup.
- Then the policy enforcement will be completed and they system state will change to “Active”.
This option is only use to try to recover from a corrupted PBFS, or some minor changes. If there are any issue changing the system state to active, its a good time to do a backup. Check disk for any health issue or look for errors on the mfeepe.log, the log can be found at “C:\Program Files\McAfee\Endpoint Encryption Agent\“.
This concludes the Emergency Boot process for MDE, if you have any question or comments please let me know in the comment area.