Technical support

Knowledgebase
How do I recover an OPAL encrypted Workstation that is unable to boot Windows?
Article ID: KB533 email a link to this article
Please note, this article only applies to OPAL encrypted disks.

 

This article will guide you through the process of recovering an OPAL encrypted Workstation that is unable to boot Windows. If you can boot Windows normally and you wish to decrypt the Workstation, then you can simply send a decrypt command from your ESET Endpoint Encryption Server by following this article: KB361 - How to decrypt a managed client

Alternatively, if you have an encrypted Workstation that is unable to boot Windows normally and is not using OPAL encryption, then please follow the relevant article here: KB346 - Full Disk Encryption Recovery Overview

Decrypting an OPAL encrypted disk using the FDE Admin credentials.

Step 1: Creating a bootable OPAL recovery USB device

  • You will require a blank USB device formatted as FAT32. Ensure any important data is moved off the USB device before formatting it as FAT32.
  • Download the following file: https://download.deslock.com/download/recovery/OPAL/efi.zip
  • Unzip the file and copy the efi folder to the root of the formatted USB drive. You USB device should look like this:

Step 2: Booting the USB device on the workstation

  • On the machine experiencing the problem, enter the system BIOS settings and turn off Secure Boot. Please note, this is temporary.
  • Save and exit the BIOS and turn the machine off.
  • Insert the USB device and boot the machine holding the necessary key to access the boot menu. Consult the machine's manual for guidance on how to access the boot menu.
  • Select the USB device from the boot menu and press Enter to boot from it.
  • If the device has booted correctly, you will see the image below.
ESET Endpoint Encryption OPAL Recovery Utility v1.04
------------------------------------------------------------
Copyright (c) ESET, spol. s r.o. 1992-2019. All rights reserved.

Enumerating Disks...
Found disk: MTFDDAV256TBN-1AR15ABHA                     -OPAL
Enumeration complete.
 
 
Please select the disk you would like to recover
-------------------------------
[1] : MTFDDAV256TBN-1AR15ABHA                    (Serial:UGXVR01J7AK9HZ)
-------------------------------
 
Enter the number next to the disk :
  • Enter the number of the disk you wish to decrypt and press Enter.
  • The utility will then present the list of available processes, like so:
Available processes
--------------------------------
[1] : Attempt recovery from incomplete setup
[2] : Decrypt using admin credentials
[3] : Erase disk completely! (PSID revert)
[0] : Quit
--------------------------------
 
Please select process to perform on the disk: _

Step 3. Decrypt using admin password

1. Select Decrypt using admin credentials by typing and pressing Enter.

2. When prompted, enter the FDE admin username and password for this Workstation:

Selected decrypt using admin credentials (Serial : UGXVR01J7AK9HZ)
Please enter admin user details (Press F5 to toggle display of password) :
Username:

3. Enter the admin username and press Enter.

4. Enter the admin password and press Enter.

Note: if the FDE admin username or password is incorrect, then the system will shut down and the process must be repeated.

5. Once the disk has decrypted successfully, follow the on-screen instructions to shut down the machine.

6. Remove the USB device and boot into the BIOS and turn Secure Boot back on. Save and exit the BIOS.

7. Boot the Workstation normally.

If you wish to encrypt the disk again, then you will need to update the Workstation details and resolve the encryption discrepancy, marking the system as no longer encrypted. Please follow the steps here to update the Workstation details:

KB182 - I made changes to my client workstation, how do I update the ESET Endpoint Server of this?

If you are unable to decrypt the disk following the steps above, then please contact ESET support for further assistance.


We use cookies on our website to enhance your browsing experience. Read more