ham Absent Member.
Absent Member.
2348 views

Zenworks FDE 17.2 Windows 10 PBA partition

We just started implementing Zenworks Full Disk Encryption but we have some problems to get it working with Windows 10. On the same HP Pro x2 612 G1 laptop, installed with Windows 8.1 it works perfectly.
When we enable the FDE policy with PBA and SSO enabled, we get the message that we have to reboot to enable FDE. After the first reboot we see that a extra partition is created from 502 MB. When we reboot the laptop for the second time it should normally boot into the Linux partition and give you the option to boot into windows. When you boot into windows and login, the credentials are saved and the next time you boot into Linux you have to authenticate there.
With Windows 10 it is not booting into the Linux partition, but instead it is booting to Windows again. When we login to windows , it does not boot into Windows but it restarts the laptop. Next time login the same thing happens, so it is in a continious loop.
We have booted with a windows 10 usb stick and saved the log files from c:\program data\novell\zes\logs\fde. The following is what we see in the logfiles :

10:14:18, 20.03.2018 ERROR LOG: GetNACPartitionData: failed to get NAC partition data (error = -19)
10:14:18, 20.03.2018 ERROR LOG: GetNACBlockStatus: cannot get NAC partition end (error = -19)
10:14:18, 20.03.2018 INFO LOG: Detect disk type
10:14:18, 20.03.2018 INFO LOG: ***Enter function IsSBSExist***
10:14:18, 20.03.2018 ERROR LOG: SecTDCommunicate failed with error -24 !
10:14:18, 20.03.2018 ERROR LOG: GetNACPartitionData: failed to get NAC partition data (error = -19)
10:14:18, 20.03.2018 ERROR LOG: GetNACBlockStatus: cannot get NAC partition end (error = -19)
10:14:18, 20.03.2018 ERROR LOG: DALSendMessageToDriver: failed to do DeviceIoControl to disk (io_func: 0x900, error: 1)
10:14:18, 20.03.2018 ERROR LOG: HDD base: OpenDisk failed to open disk (number: 129, error: 0x2)
10:14:18, 20.03.2018 ERROR LOG: DALSendMessageToDriver: failed to open disk '129' (error: 183)
10:14:18, 20.03.2018 ERROR LOG: HDD base: OpenDisk failed to open disk (number: 130, error: 0x2)
10:14:18, 20.03.2018 ERROR LOG: DALSendMessageToDriver: failed to open disk '130' (error: 183)
10:14:18, 20.03.2018 ERROR LOG: GetNACPartitionData: failed to get NAC partition data (error = -19)
10:14:18, 20.03.2018 ERROR LOG: GetNACBlockStatus: cannot get NAC partition end (error = -19)
10:14:18, 20.03.2018 ERROR LOG: DALSendMessageToDriver: failed to do DeviceIoControl to disk (io_func: 0x900, error: 1)

It seems to us it cannot boot from the Linux partition. We have tried different DMI settings but without any result.
Any suggestions what we can do to solve this problem ?
0 Likes
5 Replies
Micro Focus Expert
Micro Focus Expert

Re: Zenworks FDE 17.2 Windows 10 PBA partition

I'd recommend an SR, can't say I've seen this particular issue prior............

However, I'd be curious if the system worked fine if you did not enable a PBA.........
Regardless, I would recommend a ticket but I'm sure they would be curious what would happen w/o a PBA.
0 Likes
ham Absent Member.
Absent Member.

Re: Zenworks FDE 17.2 Windows 10 PBA partition

We have disabled PBA en started over with a new image. After the first reboot it created the partition but unfortunately the encryption is not set. Because we have disabled PBA and there is no second reboot to enable PBA, we can login to windows and there is no loop.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Zenworks FDE 17.2 Windows 10 PBA partition

That does not mean the drive is not encrypted and secured.....
A PBA will prevent Windows from loading w/o providing the PBA Password.

W/o a PBA, Windows loads but you cannot logon locally or access it remotely w/o a User ID and Password which is normally the same as the PBA User.....
Furthermore, if you pull the drive and stick in another machine....it will not be readable at all.


There is something called a DMI.INI file that can be used to pass Linux Kernel Settings that can handle device specific issues.
Most likely, this device will need to have this device updated so the PBA Window Autostarts.

See - https://www.novell.com/documentation/zenworks2017/pdfdoc/zen_troubleshooting_zfde/zen_troubleshooting_zfde.pdf

I would recommend an SR so you can work with Development to figure out some good settings as well as ensure those settings are included as defaults in the future for that hardware w/o requiring customization....
0 Likes
ham Absent Member.
Absent Member.

Re: Zenworks FDE 17.2 Windows 10 PBA partition

We started the laptop with a bootable usb drive and it was still readable. So encryption is not set for sure.
Also we tried different settings in the DMI file without any result.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Zenworks FDE 17.2 Windows 10 PBA partition

Probably need an SR with development to figure out which settings are needed to allow the PBA to come up on those devices.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.