Drive Encryption 7.x Known Issues

Technical Articles ID: KB84502
Last Modified: 2024-03-08 10:33:39 Etc/GMT

Environment

Drive Encryption (DE) 7.x
Drive Encryption Go (DEGO) 7.x

For supported environments, see KB79422 - Supported platforms for Drive Encryption 7.x.

Summary

Recent updates to this article

Date	Update
March 8, 2024	Added a known issue reference MDE-8656.
January 30, 2024	Added resolved issues for the following releases: DE 7.4.1 Hotfix (HF) 1 DE 7.4.2 Hotfix (HF) 1

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.
This article contains important information about known issues of high or medium rating that's outstanding with this product release. This article will be updated when new issues are identified after release.

NOTE: All issues that are tagged as resolved are included in the latest release, which is available from the Product Downloads site using a valid Grant Number. Updates are cumulative; we recommend that you install the latest one.

Contents
Click to expand the section you want to view:

Product release information

Product Version General Availability (GA) Released to Support (RTS)	Release Date	End of Life (EOL) Date
DE 7.4.2 Hotfix 1 (GA)	January 30, 2024	-
DE 7.4.2 (GA)	August 8, 2023	-
DE 7.4.1 Hotfix 1 (GA)	January 30, 2024
DE 7.4.1 Hotfix 1 (RTS)⁴	January 18, 2024
DE 7.4.1 (GA)	March 14, 2023	-
DE 7.4.0 Hotfix 1 (GA)	December 23, 2022	-
DE 7.4.0 (GA)	November 8, 2022	-

DE 7.3.1 Hotfix 1 (GA)	October 11, 2022	-
DE 7.3.1 (GA)	April 12, 2022	-
DE 7.3.0 Hotfix 2 (GA)	November 9, 2021	-
DE 7.3.0 Hotfix 1 (GA)	September 30, 2021	-
DE 7.3.0 (GA)	August 10, 2021	-

DE 7.2.10 Hotfix 3 (GA)	March 23, 2021	-
DE 7.2.10 Hotfix 2 (GA)	November 2, 2020	-
DE 7.2.10 Hotfix 1 (RTS)⁴	September 8, 2020	-
DE 7.2.10 (GA)	August 11, 2020
DE 7.2.9 Hotfix 5 (GA)	March 10, 2020	-
DE 7.2.9 Hotfix 4 (RTS)⁴ NOTE: Superseded by DE 7.2.9 Hotfix 5	November 25, 2019	-
DE 7.2.9 Hotfix 3 (GA) NOTE: Superseded by DE 7.2.9 Hotfix 5	December 23, 2019	-
DE 7.2.9 Hotfix 2 - RTS⁴ NOTE: Superseded by DE 7.2.9 Hotfix 5	September 18, 2019	-
DE 7.2.9 Hotfix 1 (controlled release) NOTE: Superseded by DE 7.2.9 Hotfix 5	August 10, 2019	-
DE 7.2.9 (GA)	July 23, 2019	-
DE 7.2.8 (GA)	December 11, 2018	-
DE 7.2.7 (Repost)	October 25, 2018	-
DE 7.2.7 (GA)	October 9, 2018	-
DE 7.2.6 Hotfix 1247725 (HF1247725) - RTS⁴	August 20, 2018	-
DE 7.2.6 (GA)	July 10, 2018	-
DE 7.2.5 (GA)	April 10, 2018	-
DE 7.2.4 (GA)	February 13, 2018	-
DE 7.2.3 Hotfix 1225186 (HF1225186) - RTS⁴	January 17, 2018	-
DE 7.2.3 (Build 7.2.3.29) (Repost)	December 22, 2017	-
DE 7.2.3 (Build 7.2.3.28) (GA)	December 14, 2017	-
DE 7.2.2 (Build 7.2.2.14) (GA)	November 13, 2017	-
DE 7.2.1 (Build 7.2.1.24) (GA)	March 29, 2017	-
DE 7.2.0 (Build: 7.2.0.457) Repost³	December 19, 2016	-
DE 7.2.0 (Build: 7.2.0.456) (GA)	December 15, 2016	-

DE 7.1 Update 3 Hotfix 1241165 (HF1241165)²	July 10, 2018	June 13, 2019
DE 7.1 Update 3 Hotfix 1208296 (HF1208296)²	December 19, 2017
DE 7.1 Update 3 Hotfix 1148978 (HF1148978)²	August 02, 2016
DE 7.1 Update 3 Hotfix 1131996 (HF1131996)²	May 4, 2016
DE 7.1 Update 3 (GA)	June 25, 2015
DE 7.1 Update 2¹(GA)	December 11, 2014
DE 7.1 Update 1 (GA)	June 10, 2014
DE 7.1 (GA)	December 16, 2013

¹	DE 7.1.2 is a server-side only feature pack release with no client component, and thus has no client build number.
²	Rollup hotfix that contains all previously released hotfix resolved issues.
³	After checking in DE 7.2 (Repost), the DE 7.2.0 EEAdmin Extension appears as 7.2.0.457. But, another entry for EEAdmin also exists showing 7.2.0.456 for the GA. All other extension versions remain unchanged.
⁴	The hotfix is only RTS. To obtain the hotfix, contact Technical Support. See the "Related Information" section for details.

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.

Critical known issues

Critical known issues - General
Reference Number	Related Article	Found Version	Fixed Version	Resolved Issue Description
MDE-8739	-	7.4.1	7.4.2 Hotfix 1	Issue: A system crash (blue screen) issue has been observed during the Windows upgrade process.
MDE-8636	-	7.4.1	7.4.1 Hotfix 1	Issue: A system crash (blue screen) issue has been observed during the Windows upgrade process.
MDE-6433	-	7.3.0	7.3.1 Hotfix 1	Issue: DE Single Sign-On (SSO) fails on clients with PulseSecure VPN installed.
MDE-6253	KB83497	7.3.0	7.3.0 Hotfix 2	Issue: You're unable to encrypt the hard-disk and activate. This issue is related to a communication issue between non-Intel CPUs, non-RDRAND Entropy, and the DE Agent. You see this issue when the system is ePO-Server managed.
MDE-6091	SB10361	-	7.3.0 Hotfix 1	Issue: The DE MfeEpePc.sys causes a Local Privilege Escalation vulnerability.
MDE-5171	-	-	7.2.9 Hotfix 5	Issue: Systems that run Windows 10 version 1809 and later intermittently become unresponsive when low on memory.
MDE-5031	KB92286	7.2.9	7.2.9 Hotfix 5	Issue: Systems become inactive after an upgrade to DE 7.2.9.7. Upgrades fail when an EFI system partition file read access collision occurs. Resolution: The DE Redirection Driver now successfully reloads to protect the DE boot code from Windows Updates.
MDE-5028	KB92286	7.2.9	7.2.9 Hotfix 5	Issue: The boot code upgrades at every startup on Windows 7 Unified Extensible Firmware Interface (UEFI) Systems. Resolution: The DE boot code is now only updated when needed.
MDE-5030	-	7.2.9	7.2.9 Hotfix 5	Issue: Preboot corruption occurs after a system restart due to an unclean shutdown during Window updates. Resolution: The preboot registry is now only updated if the contents of the underlying files change. NOTE: This issue was first resolved with DE 7.2.9 Hotfix 2.
MDE-4808	-	7.2.9	7.2.9 Hotfix 5	Issue: Preboot fails when the Windows BCD store becomes corrupted. Resolution: DE now successfully prevents reactivation of other unaffected encryption providers.
1267074 1268295	-	7.2.8	7.2.9	Issue: System crash (blue screen) "Driver Power State Failure," after installation of DE.
1249172	-	7.2.5	7.2.8	Issue: Systems enter Windows repair mode after an upgrade to DE 7.2.5 and a system restart.
1258718 1259203	KB91094	7.2.7	7.2.8	Issue: [UEFI systems] After an upgrade, the "Go back to the previous version of Windows 10" function fails. After a reboot, it displays the Automatic Repair window.
1258267 1260742	KB91010	7.2.7 7.2.6 Hotfix 1247725	7.2.8 7.2.7 (Repost)	Issue: [UEFI systems] After Microsoft monthly updates have been applied on Windows 10 systems, the computer enters into Windows 10 recovery mode. You see this issue on systems with six or more partitions that exist in the primary disk. See the related article for more details. Resolution: We recommend that you upgrade to DE 7.2.8 because the additional Windows 10 UEFI issue is found after the release of DE 7.2.7. For details, see KB91094 - After an upgrade, the "Go back to the previous version of Windows 10" functionality fails, and after a reboot displays the Automatic Repair window.
1221297 1240143 1242673	KB90939	7.2.1	7.2.7	Issue: The DE host service (mfeepehost.exe) crashes during a user update on Intel Software Guard Extensions (SGX) platforms when using the cold boot hardening policy.
1251712 1252775 1252982 1253488 1253633	KB90940	7.2.6	7.2.7	Issue: Keys can't be exported after the ePO Server is restored or restarted.
1227339 1234772 1239094 1239283	KB91034	7.2.1	7.2.6 Hotfix 1247725	Issue: After you apply Microsoft monthly updates on Windows 10 systems, the computer enters Windows 10 recovery mode. You see this issue on systems where the disk or volume layout has changed. See the related article for more details.
1249274	-	7.1.3 Hotfix 1241165	7.1.3 Hotfix 1241165 (Repost)	Issue: After you install DE 7.1.3.634 Hotfix 1241165 and perform a system restart, the system fails to boot. The following error displays during the boot sequence: Secure Boot Violation - Invalid signature detected. Check Secure Boot Policy in Setup
1241165	SB10242	7.1.3	7.2.6 7.1.3 Hotfix 1241165	Issue: Trusted Platform Module (TPM) measurements don't include the BCD entries in DE versions 7.1.3 and later. This issue affects the TPM autoboot feature, where the vulnerability can allow a third party to boot the system and gain unauthorized access. Resolution: For information about the vulnerability and remediation, see the Security Bulletin in the "Related Article" column.
1232451	-	-	7.2.5	Issue: If you activate with an Opal encryption policy when the system has two Opal disks, you can see a black screen or error. This issue occurs after you successfully authenticate at preboot, either by password or autoboot.
1222948	KB90145	7.2.3	7.2.4	Issue: A system crash or blue screen occurs after you connect USB devices such as USB media, printers, and others. Crash dump details include references to the following: PAGE_FAULT_IN_NONPAGED_AREA MfeEpeOpal.sys NOTE: This issue was first addressed in DE 7.2.3 (Repost) for devices known to cause the issue.
1217681	-	7.2.0	7.2.3	Issue: Unable to upgrade from the following product versions because of a DE registry key lock: McAfee Agent (MA) 4.8.x Skyhigh Client Proxy (SCP) 2.1.1.106 SCP 2.1.3.105
1195815	-	7.1.3	7.2.2 7.1.3 Hotfix 1208296	Issue: Surface Pro 4 firmware update fails with DE 7.2.x installed and activated.
1204769	-	7.2.1	7.2.2	Issue: An upgrade on a system that runs Opal encryption from DE 7.1.3.590 to 7.2.1 or 7.2.0 fails.
1188533	-	7.2.0	As Designed	Issue: Unable to upgrade the DE Help extension from DE 7.x to DE 7.2.0 or later. The following error displays during check-in: Can't upgrade extension de_help to version 7.2.0.040 because version 710.100 is already installed Workaround: This behavior is as expected because of the change in the version convention. Remove earlier versions of the DE Help file before you install DE 7.2.0 or later. NOTE: You don't see this issue after you upgrade from DE 7.2.0 to later versions.
1156855	KB89035	7.1.3	7.2.1	Issue: (DE Agent or Host) A system crash with DE and Seagate Opal HDD occurs when the Intel Rapid Storage Technology (RST) driver is installed.
1173642	KB88269	7.2.0	7.2.0 Repost	Issue: Corrupted text displays when you access the Single Sign On (SSO) section located under Policy Catalog, Drive Encryption 7.2, Product settings, Logon tab. Resolution: Download the reposted DE 7.2.0 (build 7.2.0.457) release. NOTE: No actions are needed for customers who download the original version (7.2.0.456) and don't use double-byte languages.
1130663 1142285	-	7.1.3	7.2.0	Issue: Some Lenovo systems fail to boot with Non-Volatile Memory Express (NVMe) drives with software encryption enabled. Suitable compatibility options are added to alleviate the issue.
1129908	-	7.1.3	7.2.0	Issue: You see a continuous boot loop when Out Of Band (OOB) settings are enabled. This issue occurs on systems with unsupported versions of Active Management Technology (AMT). Enhancements have been made to the DE preboot authentication to prevent OOB actions from being applied to unsupported versions of AMT. See the related article for details about the specific issue with AMT 11.
1064792	-	7.1.3 ePO 5.3.0	ePO 5.3.1	Issue: The following error displays during the DE 7.1.3 check-in process on an ePO 5.3.0 server: Unable to install extension. java.sql.SQLException: Invalid object name 'OrionLdapItems'. Resolution: Resolved in ePO 5.3.1. See the related article for details.
1117564	_	7.1.3	7.2.0	Issue: A system becomes unresponsive during preboot authentication on an HP EliteDesk 800 fitted with the Skylake chipsets. These chipsets don't include support for USB 2.0, and only include support for USB 3.0. Resolution: Added support for USB 3.0 systems during preboot in DE 7.2.0.
1095792	-	7.1.0	7.2.0	Issue: After you upgrade from Endpoint Encryption for PC (EEPC) 5.x to DE 7.x, any computer that contains an encrypted secondary disk might display the message unsupported.
1116599	-	7.1.0	7.2.0	Issue: BitLocker Encryption isn't detected correctly when you install DEGO.
1092250	-	7.1.0	7.2.0	Issue: DEGO fails to upgrade if the major version numbers for DEGO match the preinstalled version and the upgrade version.
1077566	-	7.1.0	7.2.0	Issue: Improvements are needed for connections between client and ePO to prevent the error below: Connection refused, Server busy.
1079378	-	7.1.0	7.2.0	Issue: Improvements are needed to LDAP caching in DE to increase efficiency when processing new client activations.
1144648 1148797	-	DE 7.1.0 MA 5.0.3	MA 5.04 MA 5.0.3 Hotfix 1148797	Issue: DE 7.1.x fails to add users on systems with 50 or more users assigned when MA 5.0.3 is installed. Workaround: Remove MA 5.0.3 and install MA 5.0.2. Resolutions: MA 5.0.4 MA 5.0.3 Hotfix 1148797 Both versions are available from the Product Downloads site. See the related article for details.
-	-	7.1.0	n/a	Issue: User attributes are renamed when you upgrade the ePO server from 4.6.x to 5.1.x with DE 7.1.x in place. Resolution: See the related article for details.
1073719	-	-	n/a	Issue: The database is damaged if you remove the EEADMIN extension or DE 7.0.4 extension, and then try to reinstall the same version. This action isn't supported. For example, you can't remove the EEADMIN 7.0.4 extension, and install the EEADMIN and EEPC 7.0 (GA). Resolution: Don't downgrade extensions. NOTE: If you must revert to an earlier version of the EEADMIN and EEPC extension, first perform an ePO disaster recovery. See KB66616 - ePolicy Orchestrator server backup and disaster recovery procedure.
1031617	-	MA 5.0.0	MA 5.0.1	Issue: The client always shows the System State as Inactive after upgrading to MA 5.0. Resolution: Download MA 5.0.1 from the Product Downloads site using a valid Grant Number. See the related article for details.
-	-	7.1.0	n/a	Issue: Hardware incompatibility is incurred during deployment. Resolution: Before you deploy DE to your site, we recommend that you qualify the product first. Undertake this task on a subset of the hardware used throughout your environment. If hardware compatibility issues are encountered during this test deployment, we recommend using the Pre-Boot Smart Check feature. This feature can overcome several common compatibility issues. When you perform the Pre-Boot Smart Check, you can scope which computers might require this feature to be enabled during a production deployment. For more information about the Pre-Boot Smart Check feature, see KB79784 - FAQs for Drive Encryption 7.x. For instructions, see KB81900 - How to use the Hardware Compatibility Settings tool for Drive Encryption.
943277 943971 943973	-	7.1.0	7.1.1	Issue: DEGO 7.1 Compliance Query shows failures for all systems, even though individual system properties show all tests as Successful. Systems might fail to activate if the DE 7.1 Policy is set to activate only if the DEGO Health Check passes.
945213	-	7.1.0	7.1.1	Issue: You might see the error [0xEF000008] - Failed to load cryptographic module when you upgrade from EEPC 6.1.2, 6.1.3, 6.2.0, or 6.2.1 to DE 7.1.
1048264 1050039	-	-	ePO 5.1.0 Hotfix 1048264	Issue: Unknown User is displayed during preboot. The error is seen after DE users are deleted. An exception is thrown while the LDAP sync task runs. Resolution: To prevent the problem, install one of the following ePO hotfixes: ePO5xHF1048264 for ePO 5.1.0, ePO 5.1.1, ePO 5.1.2, or ePO 5.3. ePO46xHF1048264 for ePO 4.6.7, 4.6.8, or 4.6.9. NOTE: The hotfixes correct the problem so that when the LDAP sync task encounters an exception, user data isn't deleted. Download details are included in the related article. Workaround: If you face this issue, use one of the workarounds documented in the related article.
1048264 1050039	-	-	ePO 5.1.0 Hotfix 1048264	Issue: Unknown User displays during preboot after DE user names are changed to FQDN format. Resolution: To prevent the problem, install one of the following ePO hotfixes: ePO5xHF1048264 for ePO 5.1.0, ePO 5.1.1, ePO 5.1.2, or ePO 5.3. ePO46xHF1048264 for ePO 4.6.7, 4.6.8, or 4.6.9. NOTE: The hotfix corrects the problem. If the LDAP sync task runs while the ePO server is still initializing, it doesn't result in corrupted DE user data. Download details are included in the related article. Workaround: If you face this issue, use one of the workarounds documented in the article.

Non-critical known issues

Non-critical known issues - general
Reference Number	Related Article	Found Version	Fixed Version	Issue Description
MDE-8656	-	7.4.2	-	Issue: In the User Directory 2.0.3.1, if a user in the User Directory is renamed, the display name and description are deleted and can no longer be changed.
MDE-7720	-	7.4.0	7.4.1	Issue: The names MDE Crypt Service and Endpoint Encryption Agent service don't appear with Trellix names in the Task Manager.
MDE-7587	-	7.4.0	7.4.0 HF1	Issue: Rebranded due for Trellix supporting tools.
MDE-7253	-	7.3.1 and prior	7.4.0	Issues: The BSOD memory management crashes when you upgrade DE to version 7.3.x or later. crbug.com/1218384 - Crashes observed in Edge and Chrome
MDE-6433	-	7.3.0	7.4.0	Issue: DE doesn't work on client systems with PulseSecure VPN installed.
MDE-5821	-	7.3.1	7.4.0	Issue: Proper requests aren't assigned to filter ALDU user names that match "window manager" and "font driver host".
MDE-6352	-	7.3.0	7.3.1	Issue: Preboot authentication is missing with DE 7.3.0 HF2 in AMD Ryzen CPUs.
MDE-6418	-	7.3.0	7.3.1	Issue: DE and DE Go aren't able to detect Symantec Endpoint Encryption Version 11.3.0 as an incompatible product.
MDE-6349	-	-	7.3.1	Issue: Encrypting partitions on a Windows 11 system is missing in DE.
MDE-6416	-	7.2.10	7.3.1	Issue: The DE application doesn't execute without triggering any memory protection fault.
MDE-6417	-	7.2.10	7.3.1	Issue: The DE application doesn't execute without triggering any UEFI memory protection faults.
MDE-6432	-	7.3.0	7.3.1	Issue: LogonUI.exe crashes and makes users log on twice on Windows systems.
MDE-6089	KB94430	7.2.0	7.3.0 Hotfix1	Issue: DE fails to reactivate after deactivation using WinPE DETech on a UEFI system.
MDE-6203	-	-	7.3.0 Hotfix1	Issue: Owing to a driver issue, DE either doesn't activate, or incurs a system crash (blue screen). This issue is seen when a Master Boot Record (MBR) disk or legacy BIOS disk is attached to a UEFI system. Resolution: Error messages that aren't supported are now recorded in the MfeEpe.log.
MDE-6204	KB94885	7.3.0	7.3.0 Hotfix1	Issue: The CredentialUIBroker.exe process becomes unresponsive for several minutes when a non-administrator user undertakes a Remote Desktop Protocol session from a DE 7.3.0 activated system.
MDE-6295	-	-	7.3.0 Hotfix1	Issue: The credential provider filter doesn't read the information from the EpePcCp.ini file. The file is found in the DE installation directory.
MDE-5468	KB93644	7.2.10	7.3.0	Issue: When you use the Product Deployment page to deploy DE, the "Status" column for each system included in the Product Deployment isn't updated. You see a single gray bar, even though the product is successfully installed on the client systems.
MDE-5523	-	7.2.9	7.3.0	Issue: The Num Lock key doesn't function during preboot authentication.
MDE-5561	-	7.2.9	7.3.0	Issue: DE is unexpectedly activated when you enable the first installed Trend Micro Encryption on a client system.
MDE-5815	-	7.2.8	7.3.0	Issue: The DE system recovery screen is incorrectly shown at startup. This issue is seen after a one-hour daylight saving time change occurs.
MDE-5566	-	7.2.10	7.2.10 Hotfix 3	Issue: Allows upgrade to DE 7.2.10 on ePO 5.3.x. NOTES: ePO 5.3.x went EOL on March 31, 2019. Previously resolved with DE 7.2.10 Hotfix 1 (RTS)
MDE-5609	-	7.2.10	7.2.10 Hotfix 3	Issue: The keyboard and trackpad fail to work on a Lenovo system. The compatibility flag 4000 is incorrectly applied during activation on Lenovo systems. It must only be applied when an explicit model needs it.
MDE-5456	-	-	7.2.10	Issue: ePO fails to acknowledge and activate DE.
MDE-5455	-	-	7.2.10	Issue: Early calls to Windows Management Instrumentation during service startup lead to a logon delay.
MDE-5252	-	-	7.2.10	Issue: DE and DEGO-related contents are shown in Chinese when you log on to ePO in English.
MDE-5251	-	7.2.9	7.2.10	Issue: Single Sign-On (SSO) isn't captured on Windows 10 2004 [20H1].
MDE-5170	-	7.2.0	7.2.10	Issue: [Reporting] When you run the 'DE: Product Client Events' query, it shows the WHERE clause: EPOSoftwareView.SoftwareName = EEADMIN_1000. It's expected to show the following: EPOProductEvents.ProductCode = EEADMIN.
MDE-5253	-	7.2.0	7.2.10	Issue: DE records a new Leafnode ID, even when a key escrow is canceled because of service shutdown. Resolution: The key escrow for the ePO server change is now retried if a service shutdown interrupts a previous escrow attempt.
MDE-5099		7.2.9	7.2.9 Hotfix 5	Issue: Sector numbers and counts don't display correctly within the DETech workspace on disks larger than 2 TB.
MDE-4820	-	7.2.9	7.2.9 Hotfix 5	Issue: Unnecessary user updates are sent up to the Agent Handler on every policy enforcement. You see this issue when the user update acknowledgment is lost or discarded.
MDE-5100	-	7.2.9	7.2.9 Hotfix 5	Issue: Mouse clicks aren't correctly processed when the UEFI compatibility flag 4000 is used.
MDE-4902	-	7.2.9	7.2.9 Hotfix 5	Issue: Keyboards on systems with TianoCore-based firmware don't function correctly when the UEFI compatibility flag 4000 is used.
MDE-5101 MDE-5030		7.2.9	7.2.9 Hotfix 5	Issue: The preboot registry is now updated only if the contents of the underlying file change from within UEFI preboot.
MDE-5095	KB89024	7.2.9	7.2.9 Hotfix 5	Issue: The MBR to GUID Partition Table (GPT) process doesn't function correctly.
MDE-5092		7.2.9	7.2.9 Hotfix 5	Issue: Files are randomly locked in the EFI system partition when other processes have the files open. Resolution: A check for the DE boot code changes now works, even when other processes have the files open for reading.
MDE-4773	-	7.2.9	7.2.9 Hotfix 5	Issue: A black screen displays when the system restarts after a DE deployment.
MDE-4810		7.2.9	7.2.9 Hotfix 5	Issue: After you enable caps lock, characters remain in lowercase when you use an on-screen keyboard (OSK) on a UEFI system.
MDE-4819		7.2.9	7.2.9 Hotfix 5	Issue: Preboot file system (PBFS) sync fails, and you see the error below: OS drive no longer available
1250486	-	7.2.8	7.2.9	Issue: A User Certificate fails to import from Active Directory.
1256659	-	7.2.1	7.2.9	Issue: Windows update error fails with the error 0x80070490 because of an empty SetupConfig.ini file.
1268517	-	7.2.8	7.2.9	Issues: Challenge Response recovery procedure fails. Error when exporting recovery keys: No machine key available for this system Resolution: To eradicate recovery issues, harden the export of the recovery keys mechanism.
1269831	-	7.2.8	7.2.9	Issue: User certificate isn't found with ATOS (Siemens) CardOS 5.3 on UEFI systems.
1264395	-	7.2.4	7.2.9	Issue: User certificate isn't found with ATOS (Siemens) CardOS 5.3 on Legacy systems.
1247732	-	7.2.2	7.2.7	Issue: ePO audit entries aren't being suppressed when a user changes and saves the DE policies for any of the following: Server Settings Simple words Hardware compatibility areas Resolution: ePO 5.9.x and ePO 5.10.0 with DE 7.2.7.
1249067	-	7.2.6	7.2.7	Issue: Installation or upgrade to DE 7.2.6.6 through ePO deployment reports as failed even though DE is properly installed and functional.
1216572	-	7.2.1	7.2.7	Issue: In Windows 10 (version 1709) Fall Creators Update and later, the Windows password fails to sync to preboot when the computer has an internal or external smart card reader.
1228829	-	7.2.2	7.2.6	Issue: On rare occasions, at some point after you upgrade to DE 7.2.2, you see the following error when you reboot a legacy BIOS configured system: EEPC has been corrupted. Workaround: Perform an emergency boot. For information, see KB71868 - How to perform an emergency boot with the Drive Encryption DETech Standalone boot disk.
1234597	-	7.2.4	7.2.6	Issue: Previously encrypted volumes that have been resized, either manually or during a Windows upgrade, can't be deactivated.
1219249	-	7.2.1	7.2.5	Issue: After you lock a computer (Ctrl+L), the Windows logon screen doesn't display when you press Ctrl+Alt+Del to unlock the computer. Only a blank screen is displayed. After you press Ctrl+Alt+Del multiple times, it eventually presents the credential tile.
1226529	-	7.2.3	7.2.5	Issue: DE activates with software encryption instead of the expected Opal encryption when a fixed USB media is inserted during activation on a UEFI system.
1226707	-	7.2.3	7.2.5	Issue: Activation of Opal encryption fails when any USB device is inserted during activation. The Opal activation fails on legacy BIOS systems.
1228498	-	7.2.1	7.2.5	Issue: Noticeable delays are observed when viewing systems at the ePO Organization Group level when the 'DE System' state column is selected.
1222947	KB90216	7.1.3	7.2.4	Issue: Systems fitted with a Micron MTFDDAK256MAM-1K12 Opal drive fail to boot during startup, after you disable protection to deactivate DE. The following error displays after a system restart: No bootable device found
1221179 1214949	-	7.2.1	7.2.4	Issue: Balloon notification reports preboot password isn't in sync even though the password sync is successful.
1183032	KB89462	7.2.0	7.2.2	Issue: SSO no longer functions for new Smart Card users in DE 7.2.x if the policy Must Match Username is enabled.
1189124	KB89061	7.2.0	7.2.2	Issue: Autoboot fails if the policy TPM If Available is enabled in DE 7.2.x.
1187815	-	7.1.3	7.2.2 7.1.3 Hotfix 1208296	Issue: USB Floppy Drives don't display in the DETech Standalone Recovery File Explorer.
1212685		7.1.3	7.2.2	Issue: Hewlett Packard (HP) 640, 650G2, 820, 840, and 850G3 computers stop responding if the policy is set to Turn off when at preboot for a specified period of time.
1204410	-	7.2.0	7.2.2	Issue: A version mismatch is detected between DETECH and the installed version of DE.
1152041	-	7.1.3	7.2.2 7.1.3 Hotfix 1208296	Issue: On some Dell systems, characters appear in the user name and Password fields when you move the mouse in preboot.
1178391	-	7.2.0	7.2.1	Issue: (DE Agent or Host) An incorrect agent version is stored in the DE MA plug-in. This incorrect version causes automatic attempts to install after a successful activation.
1176891	KB88764	7.1.3	7.2.2 7.1.3 Hotfix 1208296	Issue: (Credential Provider) The Smart Card credential provider is presented as a Windows logon instead of a password credential provider. NOTE: This issue is only partially resolved with the 7.2.1 release. With this release, you still see an issue when a user logs out, but then tries to log back into Windows. If the user simply locks the computer, it unlocks as expected.
1177130	-	7.1.3	7.2.1 7.1.3 Hotfix 1208296	Issue: (Extension) When you use the Quick Search field in ePO, a user isn't listed in the results if the name contains a period (.).
1168125	-	7.1.3	7.2.1 7.1.3 Hotfix 1208296	Issue: (UEFI) Double characters display in the preboot authentication screen if a user presses the Shift key.
1177102	KB89314	7.1.3	7.2.1 7.1.3 Hotfix 1208296	Issue: (UEFI) Internal Broadcom Smart Card readers aren't detected in preboot on several Dell systems.
1177618	-	7.1.3	7.2.1 7.1.3 Hotfix 1208296	Issue: (UEFI) The Caps Lock or Shift state isn't maintained when using the DE OSK during preboot.
1162360	-	7.1.3	7.2.1	Issue: (DE Agent or Host) The following registry keys remain after you uninstall DE. MA on the client under About continues to report it as installed: HKLM\SW\WOW6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\EEPC Workaround: Delete the registry key.
1180037	-	7.1.3	7.2.1 7.1.3 Hotfix 1208296	Issue: [Surface Pro 4] OSK doesn't function unless the policy Always Display OSK option is also enabled. Enable the policy option Enable OSK to enable the OSK. If you have to select both policy options, it causes the OSK to also display on systems that don't need it. NOTE: You must also check in the latest Hardware Compatibility XML. For details, see KB81900 - How to use the Hardware Compatibility Settings tool for Drive Encryption.
1111238	-	7.1.3	7.2.0	Issue: EEPC v5 users are unexpectedly matched to different DE v7 user directory users. An improvement is added to the LDAP attribute rules to prevent this issue.
1125075	-	7.1.3	7.2.0	Issue: Systems might fail to display the credential provider tiles after a system is locked. A fix allows you to see the tiles as expected.
1140743	-	7.1.3	7.2.0	Issue: An enhancement is added to fix a null point exception caused when no System Users are assigned during the EE:SystemUser Report generation.
1145547	-	7.1.3	7.2.0	Issue: The DE disk controller doesn't reset correctly. Resolution: A fix increases the boot times for Opal-activated systems that use Legacy BIOS.
1146025	-	7.1.3	7.2.0	Issue: Improvements have been made to the Opal driver messaging to help prevent incompatibilities seen with Intel^® RST infrastructure.
1116131	-	7.1.0	7.2.0	Issue: OSK isn't available for recovery after a user becomes locked out because of exceeding the expiry threshold.
1115632	-	7.1.0	7.2.0	Issue: NumLock synchronization at preboot isn't applied correctly on systems that require the AMI key code protocol.
1084527	-	7.1.0	7.2.0	Issue: A system in UEFI BIOS mode might appear to hang at preboot. You see this issue when the OOB policy is enabled and no user input is made.
1043660	-	7.1.0	7.2.0	Issue: The query for System Users doesn't display correctly.
1073980	-	7.1.0	7.2.0	Issue: Double-byte characters cause the preboot to crash when used for user recovery.
1038880	-	7.1.0	7.2.0	Issue: A pie chart query displays an incorrect number of systems.
1012722	-	7.1.0	7.2.0	Issue: The requirement for a certificate when applying LDAP attributes is inconsistent with the implementation used in older product versions. The administrator is unable to delete the DE User Certificate field from the task 'LdapSync: Sync across users from LDAP'.
1094366	-	7.1.0	7.2.0	Issue: If you try to obtain a DE recovery key using the key check value in ePO, it might return Null output.
1110473		7.1.0	7.2.0	Issue: 'OptIn user' inheritance fails to add a user to new systems that are added to an existing computer group in ePO.
1103427	-	7.1.0	7.2.0	Issue: No User attributes are shown when creating a User Directory User through ePO 5.1.3 or 5.3.1.
955755	-	7.1.0	7.1.3	Issue: When you perform a system recovery, the following error is shown when you obtain a challenge response code: Unknown Error has occurred. This issue occurs when one or more of the ePO database Display Name fields contains the string NULL.
986808	-	7.1.0	7.1.3	Issue: The ePO Application Server Service periodically fails to shut down in a timely manner.
983564	-	7.1.0	7.1.3	Issue: With the policy setting Cold-Boot Protection on standby enabled, systems fail to transition into sleep mode (S3).
996316	-	7.1.0	7.1.3	Issue: On selected UEFI-enabled computers, if you remove a USB device when in preboot, it causes the computer to become unresponsive.
1013841	-	7.1.1	7.1.3	Issue: Number of days for password expiry is blank at preboot on Japanese operating systems.
1026472	-	7.1.0	7.1.3	Issue: UTC + 13 time zones aren't supported.
1028821	-	7.1.0	7.1.3	Issue: High CPU utilization is reported when you activate DE.
1028753	-	7.1.0	7.1.3	Issue: UEFI Opal activated devices randomly boot to the Windows Recovery Console.
1040854	-	7.1.1	7.1.3	Issue: A logon time-out message appears incorrectly with Japanese language applied.
937778	-	7.1.0	7.1.3	Issue: The Windows logon input mechanism fails to appear after a successful DE preboot authentication. This failure occurs when using a Windows Live ID user on a Windows 8 or 8.1 platform with smart card capability. The user can't log on to Windows. Workaround: See the related article for details.
1009953	-	7.1.0	7.1.3	Issue: Incorrect decryption time continually shows one (1) minute when using DETech to decrypt a system.
1017262	-	7.1.1	7.1.3	Issue: When using Temporary Autoboot on a system that's configured to use the TPM for Autoboot, the operation always uses the TPM. Resolution: This behavior has been changed. Now, when using Temporary Autoboot, the operation is performed using standard autoboot.
969812	-	7.1.0	7.1.3	Issue: On a BIOS system with large numbers of USB interfaces, several USB devices might not be recognized. Resolution: All USB interfaces are now recognized.
962167	-	7.1.0	7.1.3	Issue: During preboot authentication, if you press the Shift key, it doesn't alternate characters when in UEFI mode.
956714	-	7.1.0	7.1.3	Issue: Users that are removed from ePO aren't deleted from the AD lookup cache table.
1005524	-	7.1.0	7.1.3	Issue: The ePO services don't shut down as expected when DE is installed.
1013878	-	7.1.1	7.1.3	Issue: After you upgrade to DE 7.1 Update 1, users aren't assigned to the endpoint until the ePO Tomcat server is restarted.
968772	-	7.1.1	7.1.3	Issue: When you use Policy Assignment Rules, a user that is initialized might become uninitialized when assigned to another system. Resolution: The user state is correctly preserved and the user remains initialized on the new system.
1014198	-	7.1.1	7.1.3	Issue: The Disk is not formatted error is reported after using the Machine key reuse feature and restarting the system.
1059766	-	7.1.1	7.1.3	Issue: A system becomes unresponsive when a user enters a double-byte character. For example, a backslash (\) in Japanese locale when populating the self-recovery registration questions.
1049956	-	7.1.1	7.1.3	Issue: When you run the core.help API command using ePO 5.1.1, core.help doesn't return ee commands even when DE extensions are correctly installed.
976549	-	7.1.1	7.1.3	Issue: Remediation images aren't loaded correctly when installing the DE 7.1.1 EEDeep Extension. The ePO orion.log file records the following error: [org.xml.sax.SAXParseException; lineNumber: 22; columnNumber: 4; The element type "version" must be terminated by the matching end-tag "".]] Workaround: See the related article for details.
1051179	-	7.1.1	7.1.3	Issue: [Microsoft Surface Pro 3] OSK inputs aren't accepted.
936030	KB86540	7.1.0	7.1.3	Issue: Some DE 7.1.x error codes that relate to the TPM Autoboot and Policy Hardening appear as Unknown. The reason is because of missing error strings in the localization file. Without the error strings, the user sees, for example, 0xEE160004 Unknown in the preboot or log file. This issue affects all locales.
926415 925531 926418	-	7.1.0	ePO 5.1 Update 1	Issue: Policy assignment rules don't function correctly for users from Child and Grandchild domains. Resolution: This issue is addressed in ePO 4.6.7 and an ePO 5.1 hotfix (EPO510HF1b.zip). This hotfix is available from the Product Downloads site using a valid Grant Number. See the "Related Information" section for details.
1199622	-	DPSSP 1.3.0.12	DPSSP 1.3.1.1	Issue: Data Protection Self-ServicePortal (DPSSP) fails to load correctly on ePO 5.3.3. Workaround: Enable 'multiple tab support' via the ePO console.
1024827	-	-	DPSSP 1.2	Issue: During stress testing, the ePO administrator is unable to log on to the ePO console. This issue occurs when multiple users try to perform a system recovery using the DPSSP. DPSSP isn't able to restrict the number of concurrent connections to ePO. Resolution: This issue is resolved with the release of DPSS1.2, which is bundled with DE 7.1.3. With the release of DPSS1.2, the port is now set to 8444. Workaround: The potential impact of multiple connections can be mitigated by changing the port used by DPSSP to connect to ePO. See the article for further information and details about how to set up DPSSP to use an alternate port.
MDE-6202	KB94994	7.3.0 Hotfix 2	Expected Behavior	Issue: The EADMIN-7.0.4.79 extension is no longer available in the DE 7.3.0 Hotfix 2 package and later.
MDE-6083	KB94709	7.3.0	-	Issue: Warning message isn't shown when checking in the DE 7.3.0 package. This issue is cosmetic, and is planned to be resolved with the next release of ePO 5.10. The previous earlier DE version is correctly removed from the repository.
1227222	-	7.2.1	-	Issue: Some registry keys are left behind after an uninstall.
1226294	-	7.2.3	-	Issue: The system fails to activate the Opal disk after initially trying to activate with software encryption, until the system is restarted.
1226305	-	7.2.2	-	Issue: Disabling BitLocker after DEGO detects an incompatible product is reported incorrectly.
1226290	-	7.2.3	-	Issue: Configuring the Opal preboot size via a policy isn't enforced on the client.
1226706	-	7.2.3	-	Issue: The WinPE version of the OpalTech recovery tool fails to remove DE if a USB device is inserted during the removal process.
1173338	-	7.2.0	-	Issue: No information is displayed after clicking the Help option to open the help page from the General tab. The issue is reported to occur when using Internet Explorer and Chrome systems. This issue doesn't occur on any other page. Workaround: Click any other tab in the Product Settings policy, then return to click the General tab again to display the help content.
1145868	-	7.2.0	-	Issue: Event 30113 - User Password Synchronized is generated on every Windows logon even though the user logs on with the same synced Windows password.
1149478	-	7.2.0	-	Issue: [Localization] The settings name displayed on the Policy Comparison page for the policy Harden against coldboot attacks on system supports SGX isn't localized.
1165207	-	7.1.0	-	Issue: OPAL activation failure resulting from an incompatible version of EFI firmware fails to fall back to PC software encryption provider.
1145455	-	7.2.0	-	Issue: DE preboot shows misleading information to cancel both: Password Sync Single Sign On (SSO) This issue is seen after a system restart, after enforcing the policy with Integrated Credential Provider (ICP), SSO, and password synchronization enabled.
1169186	-	7.2.0	-	Issue: On using EEOpalTech, during token authentication, the following error is displayed: Error EE050005 Unsupported Token Type Workaround: Cancel or ignore the error and continue with the EEOpalTech actions you want.
1137953	-	7.1.0	-	Issue: DE or DEGO fails to detect BitLocker as an incompatible product if awaiting a hardware test.
1143292		-	-	Issue: DE or DEGO fails to detect Symantec Endpoint Encryption v11 as an incompatible product.
924903	-	7.1.0	-	Issue: The Machine Recovery Script fails with an exception when the user data upgrade task is successful. This issue occurs when performed after the user data upgrade task is complete, but before the upgrade of EEAdmin to DE 7.1.0.
1052112	-	7.1.0	-	Issue: DE keeps prompting the user with the notification balloon message Preboot password needs updating. This issue occurs on setting a password at Windows that doesn't follow UBP rules for an initialized user.
1046611	-	7.1.0	-	Issue: The McAfee tile on the Credential Provider screen keeps appearing even after the SSO is captured for a user.
1051002	-	7.1.0	-	Issue: The Windows Active Directory (AD) polling Balloon notification remains until the time-out period expires, even after synchronizing the new credentials by lock or unlock.
1061101	-	7.1.0	-	Issue: The Windows AD Polling balloon appears even with no SSO captured for a user in SSO + Must Match user name scenario.
953651	-	7.1.0	-	Issue: After you configure the permission set in ePO 5.1.0 for DEGO and select 'Change and view DEGO' settings, the ePO system shows the error below: EEGO____1000.EEGO____1000.admin The permission set isn't enforced, and no policies can be viewed or edited.
-	-	7.1.0	-	Issue: [Dynamic and RAID disks in Windows] Software RAID: DE works at the sector level, and so it doesn’t support software-based dynamic disks and software-based RAID. Hardware RAID: DE is untested in this mode, but works properly in environments where pure Hardware RAID is implemented. But, EEPC can't support diagnostic or disaster recovery in this situation.
921227	-	7.1.0	-	Issue: Hot-plugging a non-Opal drive into an active system and then activating DE on the system causes the non-Opal drive to be left unencrypted. This issue doesn't occur if the non-Opal drive is plugged into the system when the system boots.
918870	-	7.1.0	-	Issue: Upgrading or uninstalling an ePO-deployed DEGO install from the command line fails silently because MSI installs Per-User and not Per-Computer.
814790	-	7.1.0	-	Issue: Offline activation always uses software encryption, even on an Opal drive.
1024913	-	7.1.2	-	Issue: Audit for an unprivileged user has the incorrect action for eedeep.resetUserPassword. Instead of showing the localized name, the command name is shown.
1025071	-	7.1.2	-	Issue: Audit for an unprivileged user has the incorrect action for eedeep.emergencyBoot. Instead of showing the localized name, the command name is shown.
925733		7.1.0	-	Issue: Queries still show as 'EE: Out-of-band Action Queue' after you upgrade the client successfully to DE 7.1.0 or later (including the EEDEEP extension).
909730	-	7.1.0	-	Issue: After you upgrade to DE 7.1.0 or later, the queries still show Endpoint Encryption instead of DE.
914170	-	7.1.0	-	Issue: After you disable the policy option 'Save machine info', the option is still available in the user interface for a few seconds. The progress bar becomes unresponsive on the screen if an option is clicked.
929618	-	7.1.0	-	Issue: The Help extension page is missing for the Manage LDAP attribute link under Server Settings.
788370	-	7.1.0	-	Issue: It isn't possible to force EEPC version 5 migrated users to change their password until they've logged on through DE 7.1.x preboot at least once.
805262	-	7.1.0	-	Issue: In some rare cases, a client UEFI system might not activate because the C: partition can't be shrunk to make way for the DE 7.1.0 or later partition. Workaround: Running CHKDSK might resolve the problem. If not, manually shrink the C: partition by a small amount (about 1 MB). Activation must then continue as normal.
808920	-	7.1.0	-	Issue: Preboot theme and dialogs might appear incorrectly scaled on Cathode Ray Tube (CRT) monitors on some UEFI booting systems. This issue doesn't affect a non-CRT monitor.
809043	-	7.1.0	-	Issue: Using the mouse excessively with preboot USB support and accessibility enabled might cause the preboot to stop responding on legacy BIOS booting systems.
778521	-	7.1.0	-	Issue: [Activation] Removal of DE via ePO fails to clean up the DE folder under Program Files.
847307	-	7.1.0	-	Issue: [Policies] With Reactive Autoboot enabled, Windows 8 Local Account/User with a blank password fails to lock the workstation.
812088 817898	-	7.1.0	-	Issue: Policy assignment rules aren't enforced for users from child domains. This issue is seen when the client system communicates with a specified Agent Handler defined by an Agent Handler assignment rule. This issue can cause missing user-based policies on client systems.
817646	-	7.1.0	-	Issue: IDE-redirection isn't supported under UEFI. The effect of this is that there's no DE 7.1.0 or later Out-of-band remote remediation capability for UEFI implementations.
835090	-	7.1.0	-	Issue: [PBA. EE Logon, UEFI only]: When trying to sync the Password (SSO+SYNC) with a European character (ALTgr character) during Preboot authentication, the operation fails. The characters can't be entered in the password field.
931113	-	7.1.0	-	Issue: An Unexpected error occurs when a client is hard booted while creating PBFS (activation).
921766	-	7.1.0	-	Issue: Change in the PBFS size isn't applied. This issue is seen when a system reactivates from recovery state after an emergency boot on UEFI systems.
917757	-	7.1.0	-	Issue: DETech is sometimes unable to detect a recovery file while authenticating with a file using DETech standalone on a UEFI platform.
921905	-	7.1.0	-	Issue: DETech doesn't currently support Remove DE from secondary (data) Opal drives.
927142	-	7.1.0	-	Issue: DETech is unable to detect USB drives on some systems when trying to select a recovery file in DETech Standalone. Workaround: Hot-plug the USB drive, and then refresh the drive list.
849461	-	7.1.0	-	Issue: DETech (Standalone) Operating system fails to load after performing the Remove DE action on a UEFI system with two disks.
762979	-	7.1.0	-	Issue: The DEGO DC Ping Status still displays a Success message in the DEGO Dashboard after the removal of DEGO from the client.
913595	-	7.1.0	-	Issue: EEGO is displayed instead of DEGO in the ePO 5.1 console under Queries & Reports, Shared Groups after you upgrade from EEPC 7.0.
809262	-	7.1.0	-	Issue: [Acer Iconia Tab w500] USB mouse doesn't work on the DETech (Standalone) screen on this model.
927145		7.1.0	-	Issue: [Windows 8.1] SSO might not replay and stops at the Windows logon screen where the Win 8.1 smart card service is running. Workaround: Disable the smart card service.
930283	-	7.1.0	-	Issue: When you check in the EEDeep extension (EEDeep.zip) that ships with DE 7.1, before the ePO Deep Command (eDC) 2.0 extension via an ePO console, the following incorrect error message is displayed: Missing dependencies are required by EEDEEP.EPO.AMT:1.5.0.511. The messages must show that the required supported eDC version is 2.0. Workaround: Check in eDC version 2.0 first.
908934	-	7.1.0	-	Issue: [ePO 5.1] The DEGO policies in the Policy comparison page have an incorrect prefix named General.

Non-critical known issues - expected behavior
Reference Number	Related Article	Found Version	Resolved Version	Issue Description
1226268 1219749	KB89945	7.2.1	n/a	Issue: Unable to create a DEOpalTech standalone bootable disk. One of the following errors is reported: Bootdisk.exe EEOpalTech.RTB imageopal.dsk Writing application to disk image.....image file too large c:\eetech\723>Bootdisk.exe EEOpalTech.RTB Image.dsk RTB file too large to fit on a 1.44MB floppy image Support for DETech on floppy disks is no longer provided.
-	-	7.1.0	n/a	Issue: Out-of-band User Management doesn't work. This issue is seen when the action is performed on the client system at preboot through a Client Initiated Remote Access (CIRA).
-	-	7.1.0	n/a	Issue: The RemoveDE feature isn't supported in the UEFI version of the standalone DETech for Opal. Workaround: Use the WinPE version of DETech to remove DE on a UEFI system.
-	KB82160	7.1.0	n/a	Issue: The built-in track pad, mouse pad, or touch interface might not work in preboot on UEFI booting systems. The reason is that some OEMs might not bundle a suitable UEFI driver for the device in the firmware. The track pad or mouse pad requires the UEFI Simple Pointer Protocol and the touch interface requires the Absolute Pointer Protocol to work correctly. To view the requirements to fully support installation on UEFI systems with DE, see the related article.
811080	-	7.1.0	n/a	Issue: When trying an Emergency Boot of a client system using DETech (Standalone), if a recovery file from a different system is used, Windows automatic repair starts. This behavior is expected because the recovery file contains the wrong key and can't successfully unlock the disk.
789575	-	7.1.0	n/a	Issue: A client system with an unlocked Opal drive doesn't show a preboot if the system is rebooted using either of the following deep command options: Normal Boot Reboot This issue is caused because the system is hard-booted. But, power to the drive isn't lost, and the drive doesn't lock.
774109	-	7.1.0	n/a	Issue: After initiating an out-of-band password reset action, the pre-existing password must be used to log on until the client receives the new password.
801084	KB76329	7.1.0	n/a	Issue: Registering an LDAP server as a Global Catalog hides the memberOf attribute. This fact might lead to issues when migrating User Groups in child domains from EEPC 5 to DE 7.1.0 or later. The reason is because DE is unable to determine memberOf relationships. See the related article for details.
798122	-	7.1.0	n/a	Issue: After deactivation of Opal systems, you must restart the system before trying to reactivate.
802547	-	7.1.0	n/a	Issue: Remove DE isn't supported in EEOpalTech (Standalone) for UEFI.
770024	-	7.1.0	n/a	Issue: Touchscreen pen support might not function correctly if Always enable pre-boot USB support isn't enabled. Resolution: Make sure the Always enable pre-boot USB support option is enabled on tablets configured to run in legacy BIOS mode.
965239	KB82028	7.1.0	n/a	Issue: Lenovo ThinkPad with ExpressCache software installed is incompatible with all Full Disk Encryption software and OPAL Self-Encrypting Drives. Workaround: Lenovo advice users to uninstall the ExpressCache software. See the article for details. See also this Lenovo article.
804145	-	7.1.0	n/a	Issue: Upgrade from HP Protect Tools 2012 (V8) is no longer supported.
-	-	7.1.0	n/a	Issue: Removing the EEADMIN and DE extensions and then installing an earlier version of the EEADMIN or EEPC extension damages the database and isn't supported. Workaround: Don't downgrade extensions. IMPORTANT: If you must revert to an earlier version of the EEADMIN or EEPC extension, first perform an ePO disaster recovery. See KB66616 - ePolicy Orchestrator server backup and disaster recovery procedure.
928218	-	7.1.0	n/a	Issue: Mac-specific properties are shown as Unknown after checking in the DE 7.1 EEAdmin extension. Examples of the affected Mac parameters: Model Identifier (Mac only), Preboot Partition Status (Mac only), Recovery Partition Status (Mac only). IMPORTANT: The DE 7.1 EEAdmin extension can manage EEMac 7.0 systems. This issue is cosmetic and there are no plans to resolve it, because EEMac is EOL.
Non-critical known issues - not a DE issue
Reference Number	Related Article	Found Version	Resolved Vendor	Issue Description
1109682	KB86256	7.1.3	Microsoft	Issue: The following error is displayed when you run the EEPC 7.0.4 upgrade task: Failed with exception 'ResultSet may only be accessed in a forward direction' Resolution: Change the SQL Cursor Threshold value to 1, and then at the ePO server, run the EE: User Data Upgrade task again. See the article for details.
816600	-	7.1.0	Microsoft	Issue: The MfeEpeHost.exe process might sometimes cause the system to become unresponsive on a Windows 8 client. This issue is seen on systems that boot using UEFI if the following Microsoft Windows update isn't installed: KB2756872 Windows 8 Client and Windows Server 2012 General Availability Cumulative Update Resolution: Install the Windows 8 update from the Microsoft Downloads Center.
792096	-	7.1.0	Hardware	Issue: On BIOS booting systems, DETech is unable to decrypt large GPT disks (> 3 TB) if the BIOS doesn't support large disks (> 3 TB).
797652	-	7.1.0	Microsoft	Issue: Opal activation might occasionally fail because the Microsoft defragmentation API fails to defrag the PBFS file.
817645	-	7.1.0	Intel	Issue: A known issue exists in Intel AMT firmware that can cause a 20-second delay before Client Initiated Local Access (CILA) events leave the endpoint. The effect of this issue on EEPC is that it might take over 20 seconds for an Out-of-band unlock to occur in a CILA environment. Resolution: This issue is resolved in AMT 9 and later. The 20-second delay remains a limitation with earlier AMT releases.
Product Ideas To submit a Product Idea, see the "Related Information" section of this article.
Reference Number	Related Article	Found Version	Resolved Version	Issue Description
1217489	-	-	7.2.3	Issue: Request to suppress the error that occurs in ePO logs during addition of an attribute. Example of the error logged in the Orion log: ERROR [scheduler-TaskQueueEngine-thread-32] attributes.OrionLdapCustomAttributeHelperImpl - Failed to add attribute with id EEADMIN.attribute.activedirectory.certificate, Failed to write value to attribute com.mcafee.orion.ldapsync.exception.LdapSyncException: Failed to write value to attribute
1154082	KB89035	-	7.0.4	Issue: Support for Opal Hard Disk drivers or firmware that don't support the "status_pending” function, resulting in a System Crash (Blue Screen).
799359	-	-	n/a	Issue: With the current releases, logging isn't enabled for DEGO by default.

n/a = not available

Back to top

Hardware compatibility known issues

Reference Number	Related Article	Model	Found Version	Fixed Version	Issue Description
ASUS Hardware
1253129	-	P2540UB	7.2.4	7.2.9	Issue: The touchpad doesn't work in the preboot authentication (PBA) window on ASUS P2540UB in EFI mode.
1061665	-	X551MA	7.1.0	7.1.3	Issue: The SHIFT key doesn't function during PBA.
Dell Hardware
MDE-5242	-	Latitude 3400	7.2.8	7.2.10	Issue: The touchpad doesn't work within preboot when configured in UEFI mode.
MDE-5243		Latitude 7200 ,7400		7.2.9 Hotfix 5	Issue: The Caps lock and Shift key don't work correctly when the compatibility flag 20000 is applied.
1049804	KB83703	Latitude Exx50	7.1.0	Dell	Issue: Fatal ERROR 0xEE800004 or 0XEE020006 (displayed during preboot on Dell Latitude Exx50) Resolution: Dell is providing (since April 20, 2015) BIOS updates on their public download pages.
791201	-	DELL 990	7.1.0	Dell	Issue: Out-of-band emergency boot doesn't work under CIRA on DELL 990.
789762	KB76801	Latitude E651, E6420, E6410-ATG	7.1.0	Dell	Issue: These models require a firmware update to support remote-remediation under BIOS boot. Resolution: Contact Dell Technical Support to obtain a BIOS update.
797616	-	Latitude E6520	7.1.0	Dell	Issue: The DELL PBADRV.SYS driver might cause logon issues with DE 7.1. The logon issues might cause a blank screen when you press Ctrl+Alt+Del to resume the system from hibernation.
947992 947943 948556	KB81357	Venue 11 Tablet	7.1.0	Dell	Issue: The DELL OSK doesn't accept any input during PBA. Resolution: Contact Dell for assistance to allow the Absolute Pointer Protocol to be available during preboot after normal start operation. DELL needs to change its BIOS/Firmware to make sure that this protocol is available during startup.
801209 824263	-	Latitude E6420	7.1.0	Dell	Issue: Stops responding after providing credentials at PBA after migrating from v5. Resolution: Upgrade to the latest DELL Latitude E6420 BIOS.
1243007	-	Latitude 5580	7.2.5	7.2.8	Issue: A few systems don't display the authentication window that's expected to be displayed during preboot.
1228264	-	Optiplex 7050	-	7.2.8	Issue: Dell loops back to authentication after authenticating with a smart card.
1243710	-	Latitude e5480	7.2.4	7.2.7	Issue: Dell e5480 becomes unresponsive at preboot when using a mouse connected to a Dell WD15 docking station.
1230861	-	Latitude 5580	7.2.3	7.2.7	Issue: Latitude 5580 doesn't shut down automatically at preboot when "Pre-boot power management" is configured to automatically shut down preboot after a period of inactivity.
-	-	Latitude 7480 Precision 7720	7.1.2	7.2.5	Issue: The system locks up at preboot when docking or undocking.
1052002	-	Latitude 3340	7.1.0	7.2.0	Issue: With this model, after activation, the system boots to a black screen before the PBA screen is displayed. Workaround: After you install DE 7.1.3, the system is identified as incompatible. This identification prevents the system from being activated and negates the need to perform a recovery. Resolution: Install DE 7.1.3 Hotfix 1131996.
978458 981152	-	Latitude E5440	7.1.0	7.1.3	Issue: This model is fitted with an Opal drive, and the hard disk is successfully activated and encrypted. But, on the first system restart, the system shows the following error on a black screen: Fatal Error: [0xEE7F0001] Failed to Connect This issue occurs because, on this model, the disk is on Port 1, instead of the more usual Port 0, of the AHCI.
	-	Alienware 17	7.1.1	7.1.3	Issue: The system doesn't boot after DE encrypts the stated model. The system becomes unresponsive at preboot. Resolution: The default IRQ handlers get disabled at PBA to support systems that use aligned memory. This fix is included in the DE Compatibility XML Version 11.
962183	-	XPS 13	7.1.0	7.1.3	Issue: When in legacy BIOS mode, the internal mouse doesn't work after a warm restart.
1006343	-	Venue 11	7.1.0	7.1.3	Issue: When trying to authenticate at preboot on this model, multiple characters are displayed in the authentication field. This issue is seen when the criteria below are met: You press a single key via the OSK. Multiple USB devices are attached.
923842	-	Latitude 10	7.1.0	-	Issue: The system becomes unresponsive for about 10 minutes during PBA when using a USB token (for example, an etoken Pro 72k).
904073	-	Latitude E6510	7.1.0	-	Issue: After entering your credentials when booting from a DETech Standalone media, you see the error below: Please insert your smart card.
926898	-	Latitude E6410	7.1.0	-	Issue: On Windows 8 X64 UEFI systems, users see this message during preboot: Please insert your smartcard.
824264 801574	-	Latitude ST Tablet	7.1.0	-	Issue: System becomes unresponsive during the Windows loading screen, after selecting the option below: Always enable pre-boot USB Support.
924904 920465	-	Latitude XT3	7.1.0	-	Issue: The following error is shown after booting the system from a DETech USB media. You see this issue after successfully authenticating, selecting File authentication, and providing the correct recovery file for the platform: Failed to retrieve key check from the primary disk Workaround: The problem can be avoided by creating a bootable DETech CD.
920537	-	Optiplex 990, 755	7.1.0	-	Issue: A compatibility issue exists with the listed models MBR BIOS. This issue causes the systems to fail to boot using a standalone DETech USB recovery media.
802785 824266	-	Optiplex 990	7.1.0	-	Issue: System can fail to boot to the PBA screen if set in ATA mode. Workaround: Use AHCI mode; in some BIOS editions, the code path for ATA and AHCI travels through different code segments and exhibits different outcomes.
904075	-	Latitude E6420	7.1.0	-	Issue: After entering your credentials when booting from a DETech Standalone media, you see the error below: Please insert your smart card
811780	-	Latitude E6420, E6520	7.1.0	-	Issue: When you perform the Remove DE action, using DETech (Standalone) booted from a USB device might show the following error: [EE020001 Error Reading Disk Sector The error seen while the system is decrypting, or during deactivation is in progress.
Fujitsu Hardware
MDE-5167	-	Fujitsu Lifebook E756		7.2.9 Hotfix 5	Issue: Compatibility issues are experienced within the Legacy BIOS preboot environment.
1266253 1263433	-	Fujitsu Celsius H780 laptop	-	7.2.9	Issue: The internal keyboard doesn't work in preboot on Fujitsu Celsius H780 laptop when in UEFI mode.
1220944	-	Lifebook 757	7.2.1	7.2.7	Issue: A black screen is displayed until a USB device is inserted.
1235158	-	Lifebook E756	7.2.5	7.2.7	Issue: Internal smart card readers don't work on this model.
1034556	-	A547H A547K	7.1.0	7.2.0	Issue: The internal mouse moves erratically in preboot if a USB mouse is also attached.
963601	-	Biblo Loox U/G90	7.1.0	7.1.3	Issue: The system becomes unresponsive during PBA. Resolution: Default IRQ handlers are now disabled at PBA. This fix is included in the DE Compatibility XML Version 11.
990018	-	Stylistic Q584	7.1.0	7.1.3	After a successful authentication at preboot, the system becomes unresponsive when booting into Windows.
Getac
1168353	-	T800	7.1.0	7.1.3 Hotfix 1208296	Issue: The OSK display is too small.
Hewlett Packard Hardware
1243007	-	840 G3	7.2.5	7.2.8	Issue: A few systems don't display the PBA window.
-	KB79998	HP Notebooks	7.1.0	HP	Issue: Some HP Notebook PC systems with the hard drive access configured in SATA mode exhibit errors. Resolution: This issue is resolved by obtaining BIOS version F.10 or later through your HP support service. See the article for details to identify the HP models incurring this issue and where to download the BIOS update.
960320	-	Compaq Elite 8300 SFF	7.1.0	7.1.3	Issue: The preboot screen isn't displayed when the OOB policy is enabled. Resolution: The default IRQ handlers are disabled at PBA to support systems that use aligned memory. This fix is included in the DE Compatibility XML Version 11.
1018977 1020153	-	EliteBook 725 EliteBook 745 G2	7.1.1	7.1.3	Issue: The HP systems are added to the list of computers that require default settings. Resolution: This fix is included in the DE Compatibility XML Version 11.
1005672	-	ProBook 640 G1	7.1.0	7.1.3	Issue: The system doesn't boot when DE encrypts this model. The system becomes unresponsive at preboot. Resolution: The default IRQ handlers get disabled at PBA to support systems that use aligned memory. This fix is included in the DE Compatibility XML Version 11.
1032420	-	Pavilion DV7	7.1.0	7.1.3	Issue: The system fails to boot after DE encrypts this model. The system becomes unresponsive at preboot. Resolution: The default IRQ handlers are disabled at PBA to support systems that use aligned memory.
1037900	-	EliteDesk 800 G1	7.1.0	7.1.3	Issue: With this model, if the OOB policy is enabled, the system doesn't display the PBA dialog. Resolution: Added to the hardware compatibility list. This setting sends the serial interrupt request to the BIOS. When that happens, the system no longer becomes unresponsive and presents the PBA dialog. This fix is included in the DE Compatibility XML Version 11.
1018122	-	Elite Pad 1000 G2	7.1.0	7.1.3	Issue: The state of NumLock LED isn't represented or initialized correctly.
1018977	-	EliteBook 725 G2	7.1.0	7.1.3	Issue: The system doesn't boot when DE encrypts this model. The system becomes unresponsive at preboot. Resolution: The default IRQ handlers get disabled at PBA to support systems that use aligned memory. This fix is included in the DE Compatibility XML Version 11.
783882	-	Compaq 8200	7.1.0	-	Issue: Failure can occur at preboot with the error below: Failed to load cryptography module. Workaround: Configure the system to run in AHCI mode.
825789	-	EliteBook 6460W, 8560P, 8740W	7.1.0	-	Issue: The OSK can cause some models to become unresponsive at PBA.
807163	-	ProBook 6550b	7.1.0	-	Issue: DETech (Standalone) Remove DE becomes unresponsive during decryption on HP6550b under BIOS boot. Workaround: Use the DETech (WinPE) option to Remove DE on this system.
919218	-	Revolve 810 Tablet	7.1.0	-	Issue: After entering your preboot credentials, you see the error below: Please insert your smart card.
797864	-	Slate 2 Tablet	7.1.0	-	Issue: Enabling the option 'Enable pre-boot USB support' causes USB devices to fail on this tablet model. Workaround: On this platform, disable the 'Enable pre-boot USB support' option to allow USB devices to function normally.
924904 920465	-	Spectre UltraBook	7.1.0	-	Issue: The following error is shown after booting the system from a DETech USB media. This issue is seen after successfully authenticating, selecting File authentication, and providing the correct recovery file for the platform: Failed to retrieve key check from the primary disk. Workaround: The problem can be avoided by creating a bootable DETech CD.
924030	-	Spectre UltraBook	7.1.0	-	Issue: (Win 8 UEFI platforms only) After creating a standalone DETech USB recovery media, the following error is shown when trying to remove DE 7.1: Error EE020001: Error reading disk Sector.
920537	-	Z220 Workstation	7.1.0	-	Issue: A compatibility issue with the listed models MBR BIOS causes the systems to fail to boot using a standalone DETech USB recovery media.
Lenovo Hardware
MDE-5460	-	Thinkcentre m910s	7.2.0	7.2.10	Issue: [Opal drives] Unable to boot normally into the computer without selecting the Windows manager option.
1250930	KB91343	USB-C dock	7.2.5	7.2.9	Issue: The keyboard and mouse don't function when connected to the Lenovo USB-C dock on DE activated systems.
1268921	-	P52	7.2.8	7.2.9	Issue: The keyboard language doesn't change when a language other than English-US is selected.
1214579	-	P50	7.2.1	7.2.3	Issue: A system crash or blue screen occurs, with references to MfeEpePc.sys.
893472	KB78632	Helix Tablet	7.1.0	-	Issue: The system becomes unresponsive on a Lenovo Helix Tablet at preboot after enabling USB 3.0 Mode (Emulation) in the UEFI Firmware. Resolution: Install the Lenovo Firmware and BIOS update. See the related article for details.
768448	-	ThinkPad T520	7.1.0	-	Issue: BIOS doesn't support DETech (Standalone) booted from a USB drive. Contact Lenovo for assistance.
988843	-	Yoga	7.1.1	7.1.3	Issue: When returning from sleep mode on systems fitted with an Opal drive, the system becomes unresponsive.
978555 988823	-	ThinkPad x240	7.1.0	7.1.3	This model becomes unresponsive when fitted with an Intel SSD Pro 1500 Series Opal Drive. This issue is seen when booting from a DEOpalTech recovery media and authenticating from a file.
1041508	-	Think Centre 93P Lenovo Think Centre M82	7.1.0	7.1.3	Issue: With this model, if the OOB policy is enabled, the system doesn't display the PBA dialog. Resolution: Added to the hardware compatibility list. This setting sends the serial interrupt request to the BIOS. When that happens, the system no longer becomes unresponsive, and presents the PBA dialog. This fix is included in the DE Compatibility XML Version 11.
1030200	-	Helix ThinkPad 10	7.1.1	7.1.3	Issue: No input is displayed at the PBA screen when an external (USB) keyboard is attached to this model. Resolution: This fix is included in the DE Compatibility XML Version 8.
952778	-	ThinkPad Helix	7.1.0	-	Issue: Input provided via an attached keyboard during preboot isn't processed. You can't authenticate in preboot using the attached keyboard. Workaround: Use the OSK.
824261	-	ThinkPad T420	7.1.0	-	Issue: Emergency boot might fail when using an Opal 2 drive.
921944	-	ThinkPad W530	7.1.0	-	Issue: The firmware of certain models of the Opal drive incorrectly shows the ATA Security drive lock screen. This issue is seen when in UEFI mode, and prevents PBA from occurring.
807183	-	ThinkStation E30	7.1.0	-	Issue: DETech (Standalone) becomes unresponsive after finishing the Remove DE action on this system when under UEFI boot. On restart, DE 7.1 is successfully removed.
Microsoft Hardware
1067219	-	Surface Pro 3	7.1.0	7.2.0	Issue: eToken fails to be recognized at preboot.
1047480	-	Surface Pro 3	7.1.0	7.2.0	Issue: The policy "TPM Autoboot" isn't applied correctly on a Microsoft Surface Pro 3 because of Algorithm requirements.
1051179	-	Surface Pro 3	7.1.1	7.1.3	Issue: The OSK doesn't accept input.
Panasonic
1213737	-	Let's Note	7.2.1	7.2.3	Issue: The keyboard layout is changed to English.
Samsung Hardware
1221188	-	Samsung systems with NVMe controller	7.2.3	-	Issue: A random system crash (blue screen) occurs during activation, making the drive unbootable. The issue is seen on Samsung systems fitted with an NVMe host controller interface.
824296	-	Slate Tablet	7.1.0	-	Issue: The pen digitizer for finger sensing touch support doesn't work when using the smart card policy.
810778	-	Slate Tablet	7.1.0	-	Issue: File-based authentication might fail at DETech (Standalone) on this tablet model when using a USB device.
Sony Hardware
MDE-6419	-	VAIO VJPG13C12N, VJS123C12N	7.3.0	-	Issue: Keyboard and trackpad lag is observed in the DE PBA. The lag occurs only with the default boot or when booting the Windows boot entry. The lag issue isn't observed when the DE application is run from the EFI shell. The BIOS doesn't operate optimally when booting Windows boot entry compared to other applications. IMPORTANT: For this issue, contact Sony VAIO for assistance.
990465	-	Vaio Pro 13	7.1.0	7.1.3	Issue: When resuming from sleep mode, a system crash or blue screen occurs.
	-	Dyanabook R63/W	7.2.9	7.2.10	Issue: The touchpad doesn't work within preboot when in UEFI mode.
1235158		Portage Z30-C Tecra 250-C	7.2.5	7.2.7	Issue: Internal smart card readers don't work on these Toshiba models.
1221189	-	Toshiba systems With NVMe controller	7.2.3	n/a	Issue: Unable to remove DE using a DETech (WinPE) Opal bootable media on a Toshiba system fitted with an NVMe host controller interface. The following error is displayed during the removal: "Error EE020001 Error reading disk sector." NOTE: Removal of DE using the WinPE recovery media, isn't supported on this Toshiba Drive. Resolution: Use a DETECH Standalone image to perform DE recovery and removable operations. These images aren't based on any Windows components.

Non-critical token known issues

Reference Number	Related Article	Found Version	Resolved Version	Issue Description
Token - expected behavior
692466	-	7.1.0	-	Issue: PKI token certificate rules aren't verified against the certificate rule on the token user-based policy. Resolution: This issue is resolved for all PIV and CAC tokens and for Gemalto Net V2 and Gemalto IDPrime Net 510 tokens.
Token - general issues
MDE-7429	-	7.4.0	7.4.0 HF1	Issues: The user can't successfully log on to the system with the e-tokens initialized with recent SAC versions at the preboot.
MDE-7586	-	7.4.0	7.4.0 HF1	Issues: The USB tokens aren't recognized at preboot on Microsoft Surface models.
MDE-5380	-	7.2.9	7.2.10	Issue: You're unable to log on at preboot with a smart card, which is a SafeNet 5110 attached using USB.
MDE-5172	-	-	7.2.9 Hotfix 5	Issue: Users are unable to log on with IDEMIA v8.1 PIV card.
1268379	-	7.2.6	7.2.9	Issue: The SafeNet Java 72k token fails to obtain 'detected on preboot' with HP EliteBook X360 1030 G3.
1249152	-	7.2.6	7.2.7	Issue: YubiKey doesn't work when the token type is set to "PIV PKI smart card."
1063428	-	7.1.1	7.2.0	Issue: The following error is reported during preboot authentication: Error EE0F000C - Token failure with Omnikey 3121 from HID Resolution: Support for HID Omnikey 3121 smart card reader is provided with DE 7.1 Update 3 HF1131996 and 7.2.0.
1085224	-	7.1.0	7.2.0	Issue: HASP Token is incorrectly recognized as an E-Token, preventing logon at preboot.
1105830	-	7.1.0	7.2.0	Issue: Windows credentials aren't captured, preventing SSO with a smart card user Tokens Reference Issue description.
1066560	-	7.1.0	7.2.0	Issue: User token data is reset when importing via the User Migration Task.
1013137	-	7.1.1	7.1.3	Issue: When a certificate changes, the password token is changed to a default password token.
984650	-	7.1.1	7.1.3	Issue: When using SafeSign JCOP41 PKI tokens, the message EE0800009 Smart Card not present appears.
996335	-	7.1.0	7.1.3	Issue: After an upgrade to DE 7.1.x, if a certificate change occurs, password token users are unexpectedly reinitialized.
928837	-	7.1.0	-	Issue: When you try to authenticate using a token or file on a system that's decrypting with DETech, the error below is seen: System not activated.
904095	-	7.1.0	-	Issue: [Lenovo X60]: Card token authentication fails on DETech Standalone.
768499	-	7.1.0	-	Issue: [Lenovo T520, Lenovo X220] (with UPEK fingerprint readers installed) After you initialize the UPEK token, the Token Initialization Event (Event ID 3003) isn't recorded for the UPEK token user in ePO.
774473	-	7.1.0	-	Issue: [Lenovo T520, Lenovo X220] With UPEK fingerprint readers installed. You aren't able to retrain the user's fingerprints in Windows using the Fingerprint Reader Registration screen when you perform the following actions: Remove a user's fingerprints from the reader on the client system. Delete the user and user-based policy from the client system on ePO. Add the user and policy back and reinitialize the user on the client.
650103	-	7.1.0	-	Issue: [Generic] Self-recovery or any other recovery that involves resetting of the PIN isn't supported.
662247	-	7.1.0	-	Issue: [Generic] SSO captured on Windows XP (Gina logon) can't be automatically pushed to a Windows Vista or Windows 7 system (Credential Provider).
665526	-	7.1.0	-	Issue: [Generic] SSO data for a token user isn't updated after the PIN is changed.
661590	-	7.1.0	-	Issue: [Generic] PIN Content rules might differ on Policy Settings and Card Token settings. So, the most secure Password or PIN length policy combination might not be enforced.

Non-critical reader known issues

Reference Number	Related Article	Found Version	Resolved Version	Issue Description
Reader - product ideas To submit a Product Idea, see the Related Information section of this article.
709016	-	7.1.0	-	Issue: [Dell E6510] - The PCMCIA card reader doesn't work at PBA. Resolution: Resolving this issue requires a major rewrite of the preboot code. There are currently no plans to perform this work.
Reader - general issues
MDE-4750	-	7.2.8	7.3.0	Issue: Removing the smart card on a Windows 10 DE system, fails to lock the screen.
MDE-4593	-	7.2.9	7.2.9 Hotfix 5	Issue: A USB transfer occurs with the Alcor reader on HP ProBook 650-G2 and other HP models.
1224553	-	7.2.1	7.2.9 (UEFI) 7.2.8 (MBR)	Issue: USB transfer errors are seen with smart card readers that don't perform automatic protocol negotiations. The card rejects the communication parameters specified by the smart card Answer to Reset (ATR) settings. Resolution: A change is applied to work around the smart card reader limitation. IMPORTANT: This approach can't be applied to smart card readers that perform their own automatic protocol negotiations. For such smart card readers, contact the manufacturer. NOTES: DE 7.2.9 delivers the change for UEFI systems. DE 7.2.8 delivers this change for legacy BIOS (MBR) systems.
1265394	-	7.2.8	7.2.9	Issue: The message 0xee0b001 CCID protocol error displays during PBA, with Oberthur ID-One PIV cards, after upgrading DE from 7.2.6 to 7.2.8.
1124258	-	7.1.0	7.2.0	Issue: Support for internal Broadcom smart card readers installed on Dell platforms.
1011666	-	7.1.0	7.1.3	Issue: [Windows 8.1] When SSO is enabled, the logon window defaults to smart card instead of password. See when a smart card reader is attached and DE.
968748	-	7.1.0	7.1.3	Issue: When using the Safesign generic implementation, if using a smart card reader that allows PIN changes, the PIN can't be changed in preboot. PIN changes in Windows remain unaffected. Workaround: Change the PIN in Windows.
969812	-	7.1.0	7.1.3	Issue: [HP EliteBook 8460P] The internal smart card reader on this model fails to read a smart card in preboot.
809285	-	7.1.0	-	Issue: [Acer Iconia Tab w500] Unable to log on to DETech (Standalone) with EToken Smart Card or Starcos Smart Card.
919250	-	7.1.0	-	Issue: Dell E4200; after providing credentials at preboot using a smart card, the following error message is displayed: Please insert your smart card
919238	-	7.1.0	-	Issue: [Dell Latitude 10/SAM Series 5 Ultra] After authenticating at preboot with a smart card, users see the error below: Please insert your smart card.
904097	-	7.1.0	-	Issue: [Dell D620] The smart card isn't recognized during preboot.
904100	-	7.1.0	-	Issue: [Del 6430u] A soft reboot doesn't allow the Smart Card to be seen at preboot, whereas a hard reboot does.
705882	-	7.1.0	-	Issue: [Dell Precision M4500] The PCMCIA card reader doesn't work at PBA.
720395	-	7.1.0	-	Issue: [Dell Optiplex FX160] After you provide credentials at PBA and attempt to log on with a USB Token or CardToken user, you see the error below: Please insert your smart card.
873039	-	7.1.0	-	Issue: [HP4540s] The smart card isn't detected on HP ProBook 4540s in UEFI mode. Error: Please insert your smart card appears at preboot.
905258	-	7.1.0	-	Issue: [Lenovo W520] Internal card reader fails to work during PBA when in UEFI Mode.
838544 838221 837946 837596	-	7.1.0	-	Issue: [Validity Finger Print Sensor - VFS471] Varied errors can appear if a fingerprint is already enrolled for a user. The errors are seen after an attempt is made to re-register the fingerprint against this user.

Windows 10 known issues

Critical known issues - general
Reference Number	Related Article	Found Version	Resolved Version	Resolved Issue Description
1251020	-	7.2.6	7.2.7	Issue: SSO on Windows 10 (version 1803) can't bypass the authentication (Ctrl+Alt+Del) screen.
-	KB86009	7.1.3	7.2.0	Issue: Device Guard support on Windows 10.
1087741	-	7.1.0	7.2.0	Issue: DEGO 7.1.3 fails to install on Windows 10.
1113478	-	7.1.0	7.2.0	Issue: DEGO fails to install correctly on Windows 10 Professional.

Non-critical known issues - general
Reference Number	Related Article	Found Version	Resolved Version	Issue Description
1209546	KB89857	7.2.2	-	Issue: SSO fails on Windows 10 Fall Creators Update, for users in a Workgroup. Resolution: See the related article for details.
1214124	-	7.2.1	7.2.2	Issue: Upgrade from Windows 10 version 1703 fails, when DE is in FIPS mode.

Upgrading the Windows operating system to Windows 10
There's a process to refresh the Windows operating system without having to decrypt the hard drive and uninstall DE. The three upgrade articles listed below provide instructions for the Windows 10 releases. See the appropriate article for detailed instructions. The table below helps you use the correct article, based on the Windows 10 variant that you're upgrading to.

Microsoft Windows 10 Release	Upgrade Method
	DE 7.1 Update 3 (7.1.3)	DE 7.1.3 HF1148978 HF1208296	DE 7.2.0	DE 7.2.1 and later
Windows 10 (version 1709) Fall Creators Update	OS Refresh ¹	Reflect Drivers ²	Reflect Drivers ²	SetupConfig ³
Windows 10 (version 1703) Creators Update	OS Refresh ¹	Reflect Drivers ²	Reflect Drivers ²	SetupConfig ³
Windows 10 (version 1607) Anniversary Update	OS Refresh ¹	Reflect Drivers ²	Reflect Drivers ²	SetupConfig ³
Windows 10 (version 1511) November Update	OS Refresh ¹	OS Refresh ¹	OS Refresh ¹	OS Refresh ¹
Windows 10 (version 1507)	OS Refresh ¹	OS Refresh ¹	OS Refresh ¹	OS Refresh ¹

¹	The operating system Refresh method is a script method. It's a more manual method developed to handle the first upgrade to Windows 10 (version 1511). Easier methods were developed later together with Microsoft. See below for details. NOTE: Scripts are needed for this upgrade method.
²	See KB87909 - How to upgrade the operating system to Windows 10 Anniversary Update with Drive Encryption 7.2 or 7.1 Patch 3 Hotfix 1148978. [Reflect Drivers method] An improved method to upgrade the operating system to Windows 10 Anniversary Update (Build 1607) with DE 7.1 Update 3 or later. NOTES: Scripts are needed for this upgrade method and are attached to the article. Microsoft provides a new command-line switch, /ReflectDrivers, which is available only in the Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image. It can be added during the setup and installation phase, using a configuration file (.inf).
³	See KB89000 - How to upgrade the operating system to Windows 10 with Drive Encryption 7.2.1 or later installed — [SetupConfig method] A superior method that was developed with Microsoft. NOTES: The OSUpgrade packages are included with the DE download package with DE 7.2.1 and later. Microsoft provides a new command-line switch, /ConfigFileswitch, which is available only in the Windows 10 Anniversary Update (Build 1607) and later. This switch allows drivers to be added to the operating system image. This action is achievable during the setup and installation phase via a configuration file (*.inf).

NOTE: For information, see KB85784 - Windows 10 compatibility with our products.

Back to top

Related Information

To view the DE companion application Endpoint Assistant:

KB85892 - Endpoint Assistant 2.x Known Issues.

Released To Support (RTS)

We investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.

See KB51560 - On-premises product release cycle for more information.

Contact Technical Support

To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.

If you are a registered user, type your User ID and Password, and then click Log In.
If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.

Product Documentation

For product documents, go to the Product Documentation portal.

Downloads Site

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

ServicePortal Downloads

Updates are available when you log on to the ServicePortal.

Previous Document ID ^(Secured)

KB83540 KB79753 KB81902

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Drive Encryption 7.x Known Issues

Environment

Summary

Related Information

Previous Document ID ^(Secured)

Affected Products

Languages:

Title

Title

Knowledge Center

Drive Encryption 7.x Known Issues

Environment

Summary

Related Information

Previous Document ID (Secured)

Affected Products

Languages:

Choose your region

Title

Title

Previous Document ID ^(Secured)