tech-man83 Absent Member.
Absent Member.
7983 views

Boot Error during initial PBA Setup

Hi All,

Just doing some testing of FDE with Pre-Boot authentication and get the following error:

SNBL Loading Bootcode ...
ERR: SNB partition (type 95h) not found


I'm not actually sure where next to trouble shoot, it does look an issue with the MBR. It's a Full Disk Encruption policy for all local fixed volumes, AES/256, Encrypt only used sectors, User ID/password auth with Single Signon and User Capturing.

Going to give it another shot without the PBA in the meantime. Just playing around in Dev at the moment and wanting to test the feasibility of the different options for the road warriors.

Thanks,

Leon
Tags (1)
0 Likes
12 Replies
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

This is a problem with the PBA (hardened linux) settings in combination with your BIOS (hard-drive) settings. You will need to change the settings in the DMICONFIG portion of the FDE Policy (the last step in the policy).
1) First you'll need to reset the MBR back to the standard Windows MBR. Right now you're set to boot to the PBA instead of your normal Windows OS partition.
2) Once Windows is booted, you'll need to remove the FDE policy assignment in ZCC.
3) Then delete the ~100 MB partition created after the main System Volume (this is the PBA partition)
4) Open an Administrative command prompt and browse to the folder: C:\Windows\NAC\SBS
5) In this directory, type: dmiconfig.exe export --force
6) This will create 2 files (dmi.default.ini and dmi.ini)
7) Open the dmi.ini file in some editor (like notepad.exe)
😎 From the Administrative command prompt above, type the following: dmiconifg.exe dump > current_info.txt
9) Open the current_info.txt in some editor (like notepad.exe)
10) In "current_info.txt" the last line will most likely be ";KICKSTART=FAST" ... This needs to be changed. Most likely to "KICKSTART=KEXE"
11) COPY all 4 lines in "current_info.txt" inot the "dmi.ini" file at the bottom.
12) Then in the FDE policy, copy the new contents of DMI.INI into the DMICONFIG section of the FDE Policy (last step). Now all NEW FDE policy assignments will included this new parameter change for your computer.

This is in online documentation as well.
tech-man83 Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Yes, I should have RTFM 🙂

Novell Documentation

There is even an example for the T420s:

[LENOVO, 417152U]
DMI_SYS_VENDOR=LENOVO
DMI_PRODUCT_NAME=417152U
KICKSTART=KEXEC
KERNEL=/boot/bzImage-acpi


Considering I'm targeting a Lenovo T420, which is almost the same hardware wise, I'd assume that is the problem.

Thanks for the detailed response and I will do some reading. I had planned to before running it on production equipment!
0 Likes
tech-man83 Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Yep, that worked. It's amazing what happens when you follow the doco!

[LENOVO, 418062M]
DMI_SYS_VENDOR=LENOVO
DMI_PRODUCT_NAME=418062M
KICKSTART=KEXEC
KERNEL=/boot/bzImage-acpi
0 Likes
dain1 Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Hi just after finding out if you got this working i am having same issues with my T420 machines but no matter what i set they splash a preboot screen but then try to boot and fail with the same errors that yours did. Any advice.

CHEERS
0 Likes
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

@dain
Can you please provide the settings you've tried? Just cut/paste the sections you've added to the DMI.INI file for this machine. Usually, the following two lines work for the Lenovo models:
KICKSTART=KEXEC
KERNEL=/boot/bzImage-acpi

Additionally, can you check if your system has the Intel "Turbo memory hard drive cache card"?
0 Likes
jamesramos Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

@bbeachem
Hi, Im also having issues with getting past the "loading bootcode" error. Im not able to get past this at all to boot in to windows to change.

I have taken the hdd out of the laptop and manually modified the dmi.ini file and added the boot for the T410's. This still has not let me boot though to windows.

The settings have been changed as per the thread in ZCC for the full disk encryption.

Any ideas on how to get though to windows from here other than formatting the drive?

Thanks

James

bbeachem;2194759 wrote:

Can you please provide the settings you've tried? Just cut/paste the sections you've added to the DMI.INI file for this machine. Usually, the following two lines work for the Lenovo models:
KICKSTART=KEXEC
KERNEL=/boot/bzImage-acpi

Additionally, can you check if your system has the Intel "Turbo memory hard drive cache card"?
0 Likes
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Glad this worked. I will add the information above to our default setting so it will also be "automated" going forward for this model when we do another release.
0 Likes
tech-man83 Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Is there a way to do wild cards with these? All the 4180XXX will be T420 Notebooks and will have the same issues.

I have a variety of Lenovo kit I plan to try this on, I can post up the settings for all the models we have in the lab if it would be helpful?
0 Likes
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Yes. You will see other wild card matches in the existing examples. Use the * for the wild card.
0 Likes
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

James,
So, just to be clear, I need to know what error symptoms or message you're getting and when. So, is the "loading bootcode" error shown AFTER you authenticate at the PBA? Or does the PBA Authentication screen not even show up at all? Does it give any type of error code value?
Additionally, I need to know the following:
1) What is the BIOS setting for the hard drive (ATA Compatiblity, Legacy, SATA, RAID, AHCI, Intel Rapid Recovery Technology (IRRT), etc)?
2) In the OS, do you recall which driver was used that corresponded to the BIOS Hard Drive setting? (Driver Mfg and version)
3) What options have you tried in the dmi.ini file?

If you need to just get past the PBA to boot windows to test more options, then use a WinPE disk with the FDE Plug-ins provided to boot to an emergency recovery disk and "restore original MBR" (you can also use other 3rd party tools or tools inside WinPE to do the same thing). At this point the hard drive is NOT encrypted, so bypassing the PBA won't have any issues (like an inaccessible drive due to encryption).

Worst case, open a SR and we can work through other options.
0 Likes
jamesramos Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Thanks for your reply,

Once the laptop is turned on, i enter the PBA username and password and it seems to log in. After this log in and before windows has a chance to log in, i get the "Loading bootcode.." error. The full error code is below.

SNB: Loading Boodtcode...
xERR: SNB partition (type 95h) not found

Answering your other questions, the Hdd is set to AHCI. I cant recall what driver was used for the bios hdd settings. For the dmi.ini file i have added the 2 laptops which are the t410 and t420 lenovos. I think that the t410 is not working hence why im getting this error.

Thanks
James


bbeachem;2215550 wrote:
James,
So, just to be clear, I need to know what error symptoms or message you're getting and when. So, is the "loading bootcode" error shown AFTER you authenticate at the PBA? Or does the PBA Authentication screen not even show up at all? Does it give any type of error code value?
Additionally, I need to know the following:
1) What is the BIOS setting for the hard drive (ATA Compatiblity, Legacy, SATA, RAID, AHCI, Intel Rapid Recovery Technology (IRRT), etc)?
2) In the OS, do you recall which driver was used that corresponded to the BIOS Hard Drive setting? (Driver Mfg and version)
3) What options have you tried in the dmi.ini file?

If you need to just get past the PBA to boot windows to test more options, then use a WinPE disk with the FDE Plug-ins provided to boot to an emergency recovery disk and "restore original MBR" (you can also use other 3rd party tools or tools inside WinPE to do the same thing). At this point the hard drive is NOT encrypted, so bypassing the PBA won't have any issues (like an inaccessible drive due to encryption).

Worst case, open a SR and we can work through other options.
0 Likes
bbeachem Absent Member.
Absent Member.

Re: Boot Error during initial PBA Setup

Would you mind posting the entries you added for the two laptops?

Also, if you open an administrative command prompt on the failing machine, then browse to the the c:\windows\nac\sbs folder and run: dmiconfig.exe dump > current_info.txt .... then cut/paste that info into the bug too.

thx
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.