After upgrading from Symantec Endpoint Encryption 11.2.0 to 11.2.0 MP1 or 11.2.0 MP1HF1, the SEE Drive Encryption Service no longer starts
Last Updated January 04, 2019
Symantec has discovered a condition in which the SEE Drive Encryption service (eedService.exe) is no longer running after an upgrade from SEE 11.2.0 to another version of 11.2.0. As a result, Symantec recommends upgrading to only SEE 11.2.1 from SEE 11.2.0 builds. Upgrading to SEE 11.2.0 from SEE 11.1.x has not observed this issue.
Symptom A - Password Change Scenarios: Upon changing the Windows password manually using Ctrl + Alt + Delete, the user may be presented with an infinite loading screen. If this is encountered, upon rebooting the client machine, the user will be able to authenticate at preboot with an old preboot password, however, SSO won’t function properly and won’t allow the user to login successfully after successfully authenticating at preboot.
Possible Workarounds: 1. Login as any local user account on client machine, and then rename the eedPasswordFilter.dll file (such as eedPasswordFilter.dll.old). 2. Use WinPE and disable the eedPasswordFilter.dll file by renaming it and then authenticate again at preboot with the old password. At the Windows login screen, login using the new Windows password.
The eedPasswordFilter.dll file is located in c:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption
Note: When Windows Password Reset is present on the client machine and is not connected to the domain, SSO should work properly using Drive Encryption Self Recovery or Drive Encryption Helpdesk Recovery at preboot.
Symptom B – Drive Encryption Self Recovery & Drive Encryption Help Desk Recovery Drive Encryption Help Desk recovery will work, however, since the SEE service is not running properly, the same Recovery Key will continue to work until the SEE Services can successfully start, and the SEE Client can communicate with the SEE Management Server again. Drive Encryption Self Recovery via the SEE Client UI may also not work.
Symptom C – SEE Client Policy Synchronization: If this issue has been encountered, SEE Clients may not receive policy updates, either via SEE Native Policy, or GPO Policy. As a result, policy-related settings, such as splash screen for Drive Encryption may not be updated once deployed via the SEE Management Server.
Symptom D – Administrative Operations may be limited If this issue is encountered, Some eedadmincli.exe and Client Admin UI options may not work beyond the basic commands (--status, --enum, --info, --encrypt, --decrypt, --stop, --resume command).
It may not be possible to extend the client lockout duration when this is encountered, via the user or eedadmincli.exe commands. As a result, a Client Admin or Drive Encryption Helpdesk Recovery key would be needed to authenticate the machine.
It may not be possible to enable/disable Autologon via eedadmincli.exe
All of these issues are resolved in Symantec Endpoint Encryption 11.2.1, released December 3, 2018 and available via the Symantec Software Download page.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe