Resolved Issues in Endpoint Encryption 5.0 Patch 4 Update 1

This section describes the previous Endpoint Encryption issues that have been resolved.

Resolved Issues in Endpoint Encryption 5.0 Patch 4 Update 1

Issue

Solution

1

When a Full Disk Encryption agent installs on an endpoint, Endpoint Encryption uses part of the disk space as a database that stores vital Full Disk Encryption information. In high-stress environments, this database my become corrupted, and Full Disk Encryption may be unable to authenticate or connect to PolicyServer, and the endpoint may be unable to restart.

This update modifies the driver to protect against high-stress database corruption.

2

When an Endpoint Encryption agent installs on a non-English operating system, the Windows application log repeatedly displays the following error message:

"X9.31: Collected entropy matched prior entropy"

This update fixes the anomaly in the Endpoint Encryption agents that triggers this error message. Additionally, this update enhances the agent health check mechanism.

3

The Full Disk Encryption Preboot detects the Spanish (Mexico) keyboard layout as the Spanish (Spain) layout. Users are unable to input certain special characters with this layout.

This update adds support for Spanish (Mexico) keyboard layouts.

4

When Full Disk Encryption installs on a Windows XP endpoint, after Preboot authentication and Windows startup, Full Disk Encryption displays an error regarding a database corruption. The following error displays in the PolicyServer event logs:

"907001 Scratchspace corruption"

After this event, Full Disk Encryption automatically repairs that database corruption, so no actual damage occurs.

This update fixes the root cause of the initial database corruption, so the database never becomes corrupted and no error messages display.

Resolved Issues in Endpoint Encryption 5.0 Patch 4

Issue

Solution

1

When a Full Disk Encryption agent installs on an endpoint, Endpoint Encryption uses part of the disk space as a database that stores vital Full Disk Encryption information. If parts of this database becomes corrupted, Full Disk Encryption may not be unable to authenticate or connect to PolicyServer, and the endpoint may be unable to start.

In this version Endpoint Encryption makes a backup database when Full Disk Encryption is installed or the agent is upgraded. If Endpoint Encryption detects that one of the databases is corrupted, Endpoint Encryption reports the status to PolicyServer, and attempts to repair the corrupted database using the remaining uncorrupted database.

2

The Full Disk Encryption preboot odes not include an option for Swiss German keyboard mappings.

This patch adds support for Swiss German keyboard input.

3

The Full Disk Encryption preboot is unable to connect to PolicyServer over a wireless connection for Dell Venue 11 Pro 7140 laptops.

This patch adds support for Dell Venue 11 Pro 7140 drivers.

4

The Full Disk Encryption preboot dies not support touchpads for Fujitsu Lifebook U745 laptops.

This patch adds loaders to support touchpads for Fujitsu Lifebook U745 laptops.

5

The Full Disk Encryption preboot is unable to detect the wireless network cards on certain models of Lenovo ThinkPad X1 Carbon laptops. For these models, the preboot disables the Wi-Fi settings icon.

This patch expands the Wi-Fi scan buffer size and scan protocols to support a higher frequency range. This allows Full Disk Encryption to support the wireless cards in Generation 1 and Generation 2 Lenovo ThinkPad X1 Carbon models.

6

The keyboard input language automatically changes back to English (US) with external keyboards in the Full Disk Encryption preboot and after upgrading Full Disk Encryption.

This patch adds external keyboard checking and error handlers throughout Full Disk Encryption to ensure that keyboard input settings are preserved.

7

On VMware vSphere instances, the Full Disk Encryption preboot is unable to detect the wireless network cards so the preboot disables the Wi-Fi settings icon.

This patch opens port 546 over the UMP protocol to listen to IPv6 traffic. Additionally, this patch adjusts the initialization sequence to improve the the performance of DNS environments. With these improvements, the Full Disk Encryption preboot does not time out when detecting wireless network cards in vSphere instances.

8

The server endpoint with PolicyServer encounters the following exception in Diagnostic Monitor from TMEEService: "The given key was not present in the dictionary."

This exception was caused by the fact that TMEEService was unable to access the communication key. This exception did not impact PolicyServer functionality. This patch removes this exception.

9

PolicyServer consistently times out while generating reports.

When the audit log and PolicyServer database sizes increase to a certain size, normal report generation exceeded the report generation threshold. This patch increases the report generation threshold to allow for larger report generation.

10

The Diagnostic Monitor tool is unable to open.

This issue occurred due to improper storage of diagnostic files. This patch reworks the diagnostic storage process, and enhances the error handlers to ensure that users can open the Diagnostic Tool.

11

If the Endpoint Encryption Proxy is installed on a 64-bit Windows Server endpoint with 32-bit applications enabled, the Endpoint Encryption Proxy is unable to complete installation or synchronize with PolicyServer.

This issue occurred due to an issue with port autodetection through Windows Registry. This patch adds support for enabling 32-bit applications in 64-bit Windows Server environments.

12

If Full Disk Encryption and File Encryption are installed on the same endpoint, Windows displays duplicated accounts on the account logon screen.

This patch corrects the account handlers for Full Disk Encryption so the same user account will not display multiple times.

Resolved Issues in Endpoint Encryption 5.0 Patch 3

Issue

Solution

1

The Full Disk Encryption does not have driver support for the Intel Dual Band AC 7265 adapter.

This version fixes network connections on the Lenovo X250.

This issue was first resolved in Hot Fix 3817.

2

Windows may display partitions and unallocated disk space incorrectly on devices encrypted by Full Disk Encryption. This issue occurs if you add a partition using unallocated disk space, and then restart Windows.

This version resolves the issue by allowing users to recover the MBR and to keep the partition table.

This issue was first resolved in Hot Fix 3817.

3

The widget content on the Control Manager console does not display the Endpoint Encryption devices and users.

This version resolves the Control Manager display issue.

This issue was first resolved in Hot Fix 2705.

4

The service TMEEProxyWindowsService is unable to communicate with PolicyServer when the IIS setting Enable32BitAppOnWin64 is set to true.

This issue occurred because TMEEProxyWindowsService was unable to read the registry key port value. This version resolves the issue by adding a registry key port value for 32-bit applications.

5

The service TMEEService occasionally crashes which prevents PolicyServer MMC from being able to open.

This version updates the version of the file TMFIP.dll to prevent TMEEService crashes.

6

Endpoint Encryption produces unnecessary duplicate logs in Windows Event Center. Windows Event Center becomes flooded with too many Endpoint Encryption logs.

The duplicate logs were caused by events regarding PolicyServer communication with inaccessible administrator users. Duplicate logs from this event type have been removed.

Resolved Issues in Endpoint Encryption 5.0 Patch 2

Issue

Solution

1

Endpoints encrypted by Endpoint Encryption version 5.0 or later may be unable to detect an internal Alcor Micro USB Smart Card Reader.

This version ensures that encrypted endpoints are able to detect an internal Alcor Micro USB Smart Card Reader if it exists on the endpoint.

This issue was first resolved in Hot Fix 3580.

2

After installing Full Disk Encryption 5.0 on a laptop, during startup, the following error displays:

BOOTMGR is missing
Press Ctrl+Alt+Del to restart

This issue occurs because of incompatibility with some Windows Recovery Environment (Windows RE) partitions. This version ensures that Endpoint Encryption supports previously unsupported Windows RE partitions.

3

Windows Update does not function properly on Windows 7 (32-bit) devices with Full Disk Encryption 5.0 or earlier installed.

When running Windows Update, the operating system can provision too much memory to Windows Update. This may cause the kernel to reduce to 0 available memory. With no available memory, Endpoint Encryption aborts the decryption process. From this point, Windows will be unable to read the correct Registry data.

This version forces the kernel to re-allocate memory to Full Disk Encryption in high-pressure situations. With sufficient memory, Endpoint Encryption no longer causes Registry issues, so Windows Update continues to function properly.

Resolved Issues in Endpoint Encryption 5.0 Patch 1

Issue

Solution

1

When users install Full Disk Encryption and enable the preboot function, a blank screen appears after the computer restarts.

This version resolves a driver incompatibility issue to ensure that the XHCI module loads properly while the computer restarts. This ensures that the computer can restart successfully after users install Full Disk Encryption.

This issue was first resolved in Hot Fix 330.

2

Full Disk Encryption preboot process does not support Finnish or Swedish character sets when the keyboard layout is set to Finnish or Swedish.

This version enables support of Finnish or Swedish character sets for Full Disk Encryption preboot process when the keyboard layout is set to Finnish or Swedish.

This issue was first resolved in Hot Fix 1310.

3

Windows 7 operating system freezes and/or encounters poor performance after using File Encryption. Certain programs have not been updated to Windows 7, so these programs cause irregular behavior. In this case, when using File Encryption, junction points link recursively to the directories the junction points are inside, which causes an infinite loop.

This version bypasses the standard junction point creation process so that File Encryption can avoid junction point recursion.

This issue was first resolved in Hot Fix 478.

4

After Full Disk Encryption is installed, the computer stops at the preboot stage and the computer is unable to load the login console. The computer only displays the background image. Users are unable to use the device.

This version prevents the computer from loading unnecessary network drivers while starting. The computer only loads the specific driver detected on the device, so the computer no longer stops at the preboot stage.

This issue was first resolved in Hot Fix 336.

5

When users install Full Disk Encryption, during the preboot stage, Alcor Micro USB Smart Card Reader does not appear in the detected components.

This version enables support for Alcor Micro USB Smart Card Reader.

This issue was first resolved in Hot Fix 336.

6

The device is unable to connect to a network during preboot if the device contains a network adapter in the Intel Ethernet Connection l217 Family.

This version enables support for the Intel Ethernet Connection l217 Family.

This issue was first resolved in Hot Fix 336.

7

Synaptic Touchpad is hypersensitive during the Full Disk Encryption preboot stage.

This version adjusts the sensitivity for Synaptic Touchpad during the preboot stage.

This issue was first resolved in Hot Fix 336.

8

For some SSD devices that have SED functionality and are not manufactured by Seagate, Full Disk Encryption installation will be unsuccessful and will result in a blank screen after installation causes the endpoint to restart.

This version forces installation encryption for SSD drives not manufactured by Seagate which resolves the installation issue.

This issue was first resolved in Hot Fix 3025.

9

Certain Broadcom Wi-Fi chips do not function during the Full Disk Encryption preboot stage.

This version provides support for the following Broadcom Wi-Fi chips:

  • BCM4311

  • BCM4312

  • BCM4313

  • BCM4321

  • BCM4322

  • BCM43224

  • BCM43225

  • BCM43227

  • BCM43228

This issue was first resolved in Hot Fix 3025.

10

The user is unable to use USB pointers and keyboard during the Full Disk Encryption preboot on an HP EliteBook Folio 9470.

This version fixes this issue by changing the response mode during preboot.

This issue was first resolved in Hot Fix 3521.

11

When using Encryption Management for Microsoft BitLocker, if the user's network is unable to connect to the server after 10 seconds, the network times out.

This version extends the server connection time to 100 seconds instead of 10 seconds so that networks with high latency concerns time out less frequently.

This issue was first resolved in Hot Fix 3521.

12

The user is unable to select the password field with a pointer on the Full Disk Encryption preboot logon screen after setting up a wireless network.

This issue occurs because the display does not refresh after switching from wireless network configuration. This version fixes this issue by forcing the display to refresh after wireless network configuration.

13

In the Full Disk Encryption preboot environment, the wireless connection does not automatically switch to a wireless access point (AP) that it had connected to previously.

This version fixes this issue by redesigning the wireless connection process.

14

During decryption when using the Repair CD, the decryption program crashes shortly after starting.

This issue occurs because of a file handle leak during the decryption status update. This version fixes this issue by fixing the file handle leak.

15

When using the Repair CD on a self-encrypting drive (SED) for hardware encryption, the preboot uninstallation command does not work.

This version fixes this issue by redesigning the preboot uninstallation process, and then passing the preboot uninstallation command.