UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
1831 views

Two new issues with FDE

Hi All,

just wondering if anyone else is seeing the same issues I am.

I have a ZENworks Zone with 3 Primaries and 3 Satellites all on SLES11 SP2 x64 with an Oracle DB. Recently upgraded from 11.2.3.a to 11.2.4.

Hopefully the Decryption issue is now resolved. At the moment it's too early to say. But unfortunatly I have issues now with Encryption!

First issue is that on newly installed devices with the 11.2.4 Agent once the FDE Policy is assigned it creates a partition for the Linux OS for PBA purposes I believe. However the partition has a smaller size than what is required.

e.g. The policy creates a 83MB unassigned partition and afterwards formats it with Linux to 87MB (dont ask me how that works!!). The ZFDE About Box is then requesting a reboot. But no matter how many times you reboot, the policy never completes and the disk never encrypts.

I noticed in the FDE Logs on the C: drive that it was having issues reading the partition. And when I checked Windows Disk Management I saw the sizes mentioned above. I then checked against a working laptop and noticed that the Partition was 94MB formatted with Linux. I went back to the not working system and resized the partition manually. To do that I first had to remove it, shrink the C: drive by a further 20MB to give a total unassigned partition of about 100MB. After a reboot the policy created the Linux part again, this time with 94MB and the rest of the policy completed and the drive encrypted. Actually I noticed this issue after we upgraded to 11.2.4 but was still installing the 11.2.3a agent during imaging. Thinking the 11.2.4 Agent would resolve the issue, I placed it in the image but it made no difference. It doesn't seem to be HW related either as it happens on different devices. All DELL's.

The second problem we just discovered today. Once the policy has succssfully applied and the drive has encrypted, it would seem that the device creates many ERI File entries. I have one device with 69 entries and another with 141 entries. Which just isn't normal!

I have an SR open for both. The first is open for a few days but a resolution isn't in sight yet. And for the second one I have just opened it.

If any Novell'ies read this please check into my SR's. They are # 10868423071 and # 10869891431

Regards

Robert
0 Likes
3 Replies
Absent Member.
Absent Member.

rchapman29,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
Absent Member.
Absent Member.

Robert,
Have you heard anything in reply? We're having a similar issue in our Test Environment (11.2.4)

Several devices are continually prompting for a reboot, in the ZFDE About Box the text is "Policy being applied. Computer will reboot in xx:xx"
Under the Agents Status we consistently see "Create ERI file" - failed - Error -13 (0x)

The PBA partition is being created and seems be be consistently sized at about 102MB so I don't think it's a size issue.

Thanks

Mike
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi Mike,

For us it definitely seems to be a partition size issue. Whenever the Policy is left to it's own devices to create the partition it is basically always under the required amount needed by FDE. Manually making the partition to be 100mb will allow the policy to do its thing correctly.

I did have an SR open on this. Right now I need to change our deployment method to make the partition automatically. Or at least until Novell have precurred the source code from Secude and can offer a fix more effectively.

The other issue with the ERI files, has potentially been found. I am just waiting on the FTF for it. But maybe again I have to wait until after they have the source code.

Regards

Robert
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.