Knowledge Base

DDP|E: Encrypted Endpoint May Crash or BSOD When KB2506143 Is Installed


Table of Contents:

  1. Issue Description
  2. Error Message Received
  3. Workaround

This article provides information on encrypted endpoints with Microsoft KB2506143 installed that may not load the operating system, blue screen (BSOD) and the user may not be able to access their data.




Issue Description

Customers that have the default System Data Encryption (SDE) Policy enabled may experience a system crash when they install the Microsoft update KB2506143. After installing the Microsoft Windows Management Framework 3.0, update KB2506143, a SDE key load and unlock failure has been known to occur. The update alters the Windows Operating System (OS) environment in a way that triggers the built in OS attack prevention. At this point, the OS cannot load the registry and allow Windows to load properly.

Note:
About System Data Encryption (SDE): SDE must be able to open its key while the operating system is booting, without intervention of a password by the user. The SDE Policy's intent is to prevent alteration or offline attacks on the operating system by an attacker. SDE is not intended for user data. Common and User key encryption are intended for sensitive user data because they require a user password in order to unlock encryption keys.

Error Message Received

After installing the Microsoft update KB2506143 the system may display error:
SESSION_INITIALIZATION_FAILURE BSOD.


Workaround

To workaround this issue complete a SDE Recovery following the steps below:


Enterprise Edition:

1. Locate the recovery bundle downloaded from the Remote Management Console.

2. Copy the recovery bundle to the target computer, and double-click the file to launch it.

3. A dialog displays prompting you to select the scenario that best describes your problem will display on the screen.

4. Select the option My system fails to boot and displays a message asking me to perform SDE recovery and click Next.

5. Click Next at the Backup\Recovery Information screen.

6. Select the volumes to recover and click Next.

7. Enter the recovery password associated with this file. This is the Recovery Password defined when the recovery bundle was retrieved from the Remote Management Console.

8. A dialog displays notifying you of the volumes that are being recovered. Click Recover.

9. A dialog displays notifying you that recovery was completed successfully. Click Finish.

10. Restart the computer when prompted and re-authenticate to Windows.


Personal Edition:

1. Locate the recovery program named LSARecovery_[hostname].exe. This file was stored on a network drive or External storage when you were requested to do so by the Setup Wizard at the initial DDP| Personal Edition software install.

2. Copy the recovery program to the target computer and double-click the file to launch it.

3. A dialog displays asking you to select the scenario that best describes your problem:

4. Select the option My system fails to boot and displays a message asking me to perform SDE recovery and click Next.

5. Click Next at the Backup\Recovery Information screen.

6. Select the volumes to recover and click Next.

7. Enter the password associated with this file. The password for this file is the "Encryption Administrator Password" which you configured during the system set-up.

8. A dialog displays notifying you which volumes are being recovered. Click Recover.

9. A dialog displays notifying you that recovery was completed successfully. Click Finish.

10. Restart the computer when prompted and re-authenticate to Windows.


RESOLVED

DDP|E 8.2.1.5927


Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN288687

Last Date Modified: 07/22/2014 09:35 AM


Rate this content

Accurate
Useful
Easy to understand
Did this article solve your problem?
Yes
No
Send us feedback
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter Captcha Code
There is an error with an entry. Please try again entering your CAPTCHA code.
Feedback shows invalid character, not accepted special characters are <> () \
Sorry, our feedback system is currently down. Please try again later.

Thank you. Your feedback has been sent.