Repairing the 'Full Disk Encryption MBR' using the recovery tool
In some circumstances the Master Boot Record (MBR) can be overwitten, this will cause a Full Disk Encrypted (FDE) system to not display the pre-boot login screen and therefore stop the system from booting.
To restore the system to a working state, the FDE MBR must be rebuilt. The Recovery Tool includes the ability to repair the FDE MBR, if it has been removed.
How to restore the MBR
Please Note: These steps should only be used to repair a Full Disk Encrypted system that no longer boots and does not present the pre-boot login screen. If you have decrypted the system and the pre-boot screen is still being shown, do NOT repair the MBR, please see the section Restoring the Microsoft MBR below.
The Recovery Tool can be obtained from the following articles:
Note: For Managed systems using the Enterprise Server version 2.6.2 or earlier, please use the Standalone ISO to repair the MBR.
Follow the instructions in the relevant article and boot the system with Recovery Tool.
Note: Recovery Tool Version 1.7.0 (Build 30) is required to repair the MBR on systems encrypted with client version 4.8 or later.
ESET Endpoint Encryption FDE Recovery Tool
Version 1.10.0 (Build 42)
Copyright (c) ESET, spol. s r.o.
This software is bound by the standard Licence Agreement terms
Press Return to continue
If the MBR is not present, the tool will offer to search for the boot files.
No encrypted disks have been found.
You may need to repair the boot files used by FDE.
This operation searches the available disks for the boot files and may
take a long time to complete.
Would you like to do this now? (Y/N)
Choose 'Y' and the tool will begin to search for the boot files.
Number of disks : 1
Checking disk host: 0, did: 0 (/dev/sda)
Searching for encryption data
Sectors remaining 268900727
When the tool finds the boot files, it will offer to repair the MBR.
Meta-data boot files have been found at sector 2097689
A new MBR (Master Boot Record) needs to be created
Would you like to do this and attempt to repair the system (Y/N)?
Choose 'Y' and the MBR will be repaired.
FDE Loader reports version 2.85
Using New MBR
MBR updated, please Reboot
If you need to decrypt the machine, please leave the disc in and let it reboot.
If you wish to use the recovery tool to decrypt the disk, then restart this system and boot the recovery tool again. See the relevant article detailed above for more information on decrypting using the reovery tool.
Restoring the Microsoft MBR
In some rare circumstances the pre-boot screen can still be presented even though the system has been decrypted. In this case, you can simply restore the Microsoft MBR using the FixMbr. See http://support.microsoft.com/en-us/kb/927392 for more details.