locked
sccm 2012 mcafee encryption missing operating system RRS feed

  • Question

  • HI ALL

    i am trying to do a XP to windows 7 migration for a client with SCCM. 

    There desktops and laptops use McAfee endpoint encryption, devices not encrypted work fine.

    however devices with endpoint encryption enabled, failed with the error missing operating system. 

    has anyone run into this issue before and can direct me in a way to resolve. have been struggling with this for a few days now and its driving me mad.

    Regards

    Chris

    Wednesday, August 7, 2013 1:24 PM

Answers

  • Task sequences do that already automatically -- the key though is that you cannot start the TS from within the current OS because that uses the local disk to stage the WinPE image. You must start from boot media or PXE.

    Ahh, the joys of working with short-sighted third-party vendors.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Chris 2001 Wednesday, August 7, 2013 4:43 PM
    Wednesday, August 7, 2013 4:30 PM

All replies

  • In my experience you must first decrypt the laptops/desktops before you can migrate successfully.


    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson


    Wednesday, August 7, 2013 1:47 PM
  • unfortunately that is not an option for the client.

    does anyone know of any other ways maybe a script or something i can run to wipe the Hard disks before te TS starts.

    Wednesday, August 7, 2013 1:55 PM
  • Task sequences do that already automatically -- the key though is that you cannot start the TS from within the current OS because that uses the local disk to stage the WinPE image. You must start from boot media or PXE.

    Ahh, the joys of working with short-sighted third-party vendors.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Chris 2001 Wednesday, August 7, 2013 4:43 PM
    Wednesday, August 7, 2013 4:30 PM
  • thank you Jason

    not what my client wants to hear but at least draws a line under wasting more time finding a solution for that issue

    Chris

    Wednesday, August 7, 2013 4:43 PM
  • Bitlocker allows for full-disk encryption to be paused thus addressing this issue. I personally know of no third-party products that allow this (although there could be some).

    Also probably not what your client wants to hear, but it was their choice that lead them to this.

    Most folks treat all deployments at this point as Replaces and use an SMP or UNC to transfer USMT data.

    There is a rather lengthy thread here in the forums for a totally unsupported solution that involves not rebooting the system initially. I wouldn't recommend that path and only mention it because there are often ways to do unsupported things if you spend enough time and effort on them. Of course, these ways often break when new versions come out.


    Jason | http://blog.configmgrftw.com

    Wednesday, August 7, 2013 4:49 PM
  • Can you Send me the link to that threat i can offer that to the client and if they wish to follow that process its on them.

    Chris

    Wednesday, August 7, 2013 4:53 PM
  • Most folks treat all deployments at this point as Replaces and use an SMP or UNC to transfer USMT data.


    Any way to deal with this is inconvenient and a logistical challenge. I have been down this road several times and have found that decrypting the drives in advance is usually the best option.


    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Wednesday, August 7, 2013 4:55 PM
  • I don't think I actually have a link (or at least can't find it right now). If it turns up, I'll post it.


    Jason | http://blog.configmgrftw.com

    Wednesday, August 7, 2013 4:59 PM
  • Actually just found it. Disclaimer and caveat: I neither recommend this method or claim that it should work or is supported by anyone.

    http://social.technet.microsoft.com/Forums/systemcenter/en-US/e0048909-12c0-4c94-a4bd-6b664d946fb1/applying-winpe-without-reboot


    Jason | http://blog.configmgrftw.com

    Wednesday, August 7, 2013 5:01 PM