Symantec Drive Encryption Incompatible with Systems that have a Windows 7 System Reserved Partition on a Secondary Drive
Last Updated March 20, 2013
If more than one HDD or SSD drive is present in a computer when Windows 7 is installed, a System Reserved partition may be installed on a different drive other than the Windows boot files. For example, Windows Disk Management shows a System Reserved partition on Disk 0 with the attributes System and Active. It shows a C drive partition on Disk 1 with the Boot attribute.
The system boots correctly when Symantec Drive Encryption is not installed.
After encrypting the C drive partition, BootGuard fails to load and Windows fails to start with the error:
"The boot selection failed because a required device is inaccessible."
Symantec Drive Encryption is not designed to work with systems that have a Windows 7 System Reserved partition on a secondary drive.
Use one of the following
Decrypt the C drive by slaving to another computer with PGP Desktop or Symantec Encryption Desktop installed and then using WinPE disk or a PGP recovery disk.
After backing up the system, reinstall Windows 7 with the secondary disk disconnected. This will force Windows 7 to place the System Reserved partition on the same disk as the Windows boot files.
Encrypt the C drive partition using Symantec Drive Encryption. BootGuard will load successfully and the system will boot as expected.
The following workaround avoids reinstalling Windows 7 on a system with 2 drives with the System Reserved partition on a different disk to the C partition. However, it will make the System Reserved partition redundant:
Run the following command as a local administrator to copy critical boot files to the C drive. The C drive will later become the system partition:
C:\Windows\system32>bcdboot c:\windows /s c:
Boot files successfully created.
Shutdown the computer and enter the BIOS. Change the Boot settings in the BIOS so that the C drive (Disk 1) is first in the boot order.
Reboot and check in Disk Management that the C partition now has the System attribute in addition to the Active attribute. Note that the System Reserved partition will be assigned a drive letter and will no longer have the System attribute.
Encrypt the C drive.
Then reboot the computer. BootGuard appears as normal and the system boots correctly.
Symantec Drive Encryption or PGP Whole Disk Encryption
Imported Document ID: TECH203929
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe