Technical support

Knowledgebase
Pre-boot authentication screen repeatedly prompts for credentials (VERSION 5.0.0 ONLY)
Article ID: KB530 email a link to this article
IMPORTANT: This problem ONLY affects systems which meet the following criteria:
ESET Endpoint Encryption version 5.0.0 is installed
Version 2.3.62 is displayed in bottom right-hand corner of the pre-boot authentication screen 
The system is UEFI
The system has a disk which supports OPAL encryption

Problem 

On a UEFI system Full Disk Encrypted (FDE) with ESET Endpoint Encryption version 5.0.0, despite entering the correct pre-boot authentication credentials (FDE username & password), the system prompts you to immediately enter them again, failing to boot Windows correctly. This appears as though the system is 'looping'.

This image shows the 'bootloader' version number displayed in the bottom right-hand corner of the screen. If your bootloader version does NOT match this image (v2.3.62, ignore US or UM) then do NOT follow the solution in this article. Instead, contact ESET support for further assistance.

Bootloader version 2.3.62

Cause

Either Windows or another software package has taken partial ownership of the OPAL disk in the machine, which causes ESET Endpoint Encryption to incorrectly assume that OPAL encryption is in use.

Solution

IMPORTANT

1. Ensure the system that requires recovery matches the criteria listed at the top of this article. Applying this solution inappropriately may cause further damage. If in doubt, create a support ticket HERE and a member of the support team will assist you.

2. As a precaution, ensure a sector-by-sector backup of the machine is taken before going any further. See this article for more details: KB70 - How do I perform a full sector by sector backup of my hard drive?

 

Follow the steps below to resolve the issue.

Step 1: Creating a bootable UEFI USB device on a different machine

We are providing a hotfix EFI script that will replace the v2.3.62 bootloader with the previous version. To apply this hotfix, please follow these steps:

  • You will require a blank USB device formatted as FAT32. Ensure any important data is moved off the USB device before formatting it as FAT32.
  • Download the following file: https://support.deslock.com/resources/KB530/efi_v1.02.zip
  • Unzip the file and copy the efi folder to the root of the formatted USB drive. You USB device should look like this:

USB efi folder

Step 2: Recovering the problematic machine with the USB Device

  • On the machine experiencing the problem, enter the system BIOS settings and turn off Secure Boot. Please note, this is temporary.
  • Save and exit the BIOS and turn the machine off.
  • Insert the USB device and boot the machine holding the necessary key to access the boot menu. Consult the machine's manual for guidance on how to access the boot menu.
  • Select the USB device from the boot menu and press Enter to boot from it.
  • The EFI script on the USB device will run automatically, replacing the v2.3.62 bootloader with v2.3.53.
  • If successful, the script will prompt you to restart your system. To do this, press any key on your keyboard. See:

EFI script success

  • Enter the sytem BIOS settings again and turn Secure Boot back on. Save and exit the BIOS to apply this change.

Step 3: Confirming the USB script has replaced the bootloader 

  • After restarting the machine, you should now see bootloader v2.3.53 in the bottom right-hand corner of the screen. Like so:

Bootloader v2.3.53

  • Login with your FDE username and password to boot Windows as normal.

 

This issue will be resolved in the next version of ESET Endpoint Encryption.

If this has not resolved your issue, please contact ESET support for further assistance.

 


We use cookies on our website to enhance your browsing experience. Read more