Scanning and Repairing a Disk

If you are unable to open Windows or the Full Disk Encryption preboot on a device, use the Full Disk Encryption Recovery Tool to detect problems on that device and potentially repair those issues. The following task assumes that you have already created a bootable disk of the Recovery Tool.

  1. Start the endpoint that requires repairs, and set the boot priority to boot from the type of device that the Recovery Tool has been prepared on.

    For example, if your system uses BIOS, open the BIOS screen, and select the Boot tab. If you used a USB storage device for the Recovery Tool, set Removeable Devices as the first boot priority.

  2. Shut down the endpoint.
  3. Attach the Recovery Tool device to the endpoint or put the Recovery Tool CD or DVD in the disk drive.
  4. Start the endpoint.

    The Recovery Tool boots the device.

    At system startup, the Recovery Tool automatically opens the Recovery utility, and begins scanning the hard disk. If scanning successfully detects a problem with the device, the Recovery Tool will attempt to repair the issue. If repairing is successful, no further action needs to be taken.

  5. If the Recovery Tool notifies you that authentication is required to continue repairs, log on PolicyServer with the following credentials:



    User name

    Specify an Administrator account. Authenticator and normal user accounts may not access the Recovery Tool, regardless of policy configuration.


    Specify the password for that user name.


    Specify the PolicyServer IP address or host name.

    Device ID

    Specify the device ID. For Full Disk Encryption 5.0 patch 4 or later devices, the Recovery Tool attempts to automatically generate this field. If the MBR or Full Disk Encryption database is corrupted, the Recovery Tool may be unable to retrieve this information.

    If the Recovery Tool is unable to retrieve this information, or the device is Full Disk Encryption 5.0 patch 3 or earlier, find and copy the device ID from PolicyServer MMC or Control Manager. In Control Manager, you can access the device ID from the Full Disk Encryption Status Report widget. See Full Disk Encryption Status.


    If the Recovery Tool is unable to connect to PolicyServer, a message appears requesting that you configure your network. In that case, click Network Status and Configuration to view your current network status. Click Configure to specify the endpoint IP address settings. Click Reconnect to attempt to connect to PolicyServer again and refresh your network information.

    The Recovery Tool attempts to perform additional scanning and repairs. Regardless of whether recovery is successful or unsuccessful, a completion screen appears with the options Shut Down and Advanced Functions. For more information about the available advanced functions, see Advanced Functions.

  6. Click Shut Down to shut down the endpoint.
  7. Remove the Recovery Tool from the endpoint.
  8. Start the endpoint.

    If repairs were successful, the endpoint starts at the Full Disk Encryption preboot.