Question

Locked

Credant disk encryption causes Windows 7 to not be able to boot after SP1?

By danekan ·
In the process of upgrading Windows 7 (64 bit, Professional) systems, we discovered that the presense of Credant Disk Encryption (enterprise Credant's CMG Shield for Windows 6.8, 64 bit) will cause all systems to indefinitely hang on the "Starting Windows" option after the reboot when SP1 is trying to be finalized. There is no recovery from this that I've found, we have to reimage a new disk, and recover old to it, after this takes place.

The restore points are somehow all deleted, running wusa uninstall with the correct KB returns a "catastrophic error," I've tried manually editing the winsxs\profile.xml to remove some suggested file moves/deletes (that just makes the error different--a Bad_System_Config BSOD), I've tried some suggestions of deleting/readding a registry key ('Reg add "HKLM\BaseSystem\CurrentControlSet\Control\Session Manager" /v SetupExecute /t REG_MULTI_SZ')

Credant will install fine on a system that already has Win7 SP1.

My initial hunch was there were update install files being written to that are being encrypted, and upon reboot those files are not decryptable and thus a big problem... but after running wsscan on a system I don't see too much that's being encrypted outside of user specific items.... not much in the c:\windows\ directory is being encrypted, for example. So now I wonder if the service pack just broke the software installation so badly it's not knowing what to do.

Credant support has been useless, saying I'm not on my company's authorized user list to talk to them, so they've only responded with a canned e-mail message to any inquiries I've sent. They won't even respond via e-mail with a "yes" or "no" to the very simple question as to whether they're aware of any issues related to Win7 SP1 and their product; they know I'm an IT member supporting a legitimately licensed version of their product, but they won't grant access to their online KB. Not very impressive on their part.

Is there any way via recovery console command line to access anything that might be logged at that initial point of startup? Sys event log? etc?... I don't think these have even started up by the point it's failing, but I don't really know what else there might be.

Is there a 'best practice' with regards to installing SP1 on a non-bitlocker-encrypted disk system? Or is this just a known issue with this version of Credant? Has anyone else encountered this, and have you been able to get the system to boot up by doing anything other than re-imaging and recovering the hard drive by putting it into another system?

Has anyone successfully installed SP1 onto a system that already has Credant, and if so what versions?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Sounds like fun

by robo_dev In reply to Credant disk encryption c ...

Not that this helps, but you're not alone

http://isc.sans.edu/diary.html?storyid=10453

- Disk Encryption: In particular full disk encryption that modifies the boot process may find that some of the changes it did are undone by the SP install

The Win7 and Vista startup processes are nearly identical
http://en.wikipedia.org/wiki/Windows_Vista_startup_process

Maybe make a boot-trace?
http://www.msfn.org/board/topic/140247-trace-windows-7-bootshutdownhibernatestandbyresume-issues/

Collapse -

I'd find out...

by cmiller5400 In reply to Credant disk encryption c ...

I'd find out who is on that list and ask one of them to add you to the list. If there is no one, maybe a letter on company letterhead from the CEO or CIO would work?

Back to Software Forum
3 total posts (Page 1 of 1)  

Software Forums