Issue:
User fails to logon and displays "Error 0x000000a1, Please contact Winmagic Technical Support"
Product version affected:
SD 5.x and up
Environment (OS/hardware/software):
Reported devices: HP Probook 6475b, Lenovo T410/T430/T520/T540, HP EliteDesk 800 G1 TWR
SED OPAL drives: 2.5 and 3.5 inch SED drives i.e. Micron M500, Seagate Thin Momentus SED, Samsung Evo 840, Seagate ST3000DM002-1BJ166 TCG Opal 3TB, Intel Pro 2500 SED
Windows 7 32/64 bits with V4 PBL installed
Windows 8 64 bits Legacy mode
Profile setting: All are default but set BootLoader: 'Default to V4 with option to use V5'
Probable Causes:
- V4 boot logon is not able to detect SED drive and allow for successful authentication
- Client is not able to deactivate or cryptoerase/PSID revert of the drive
Symptom 1:
- SecureDoc has been installed successfully, boot logon has been installed as well and the machine has been encrypted.
- At the boot logon loading screen - the user pressses "a" to load the V4 boot loader boot logon.
- At the authentication screen, the user enters valid username and password.
- Issue: Instead of authenticating the user and booting into Windows, the logon fails and the following message is displayed:
"Error 0x000000a1 Please contact Winmagic Technical Support"
Symptom 2:
Client is unable to use "Export hardware encryption key" to cryptoerase or deactivate the hard drive.
Troubleshooting:
Obtain the following information from the SED/OPAL drive:
a. make and model
b. firmware of the drive
c. Intel Rapid Storage Technology driver version
d. Consult the WinMagic support for a compatibility list of SED drives and IRST drivers tested
e. Obtain the following logs:
- SDRecovery log
- hwemngr logs
- SDSpace.dat
- F7 (support.tar.gz) preboot log
- Logs from SD device (prior to 6.5 version), from C:\program files\winmagic\securedoc-nt\userdata folder
- From SD 6.5 or newer device, run a file called ClientSupportInfo.bat in folder C:\Program Files\WinMagic\SecureDoc-NT\Support
Analysis:
1. There is a limitation when utilizing the older pre-boot (V4) on machines with legacy-BIOS and OPAL drives.
2. "A1" error code comes from Btlogin.cpp, it means CKR_PIN_INVALID. Error code means PIN INVALID.
Limitation:
WinMagic will not provide support V4 Pre-Boot Authentication (PBA) for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL).
The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. Customers are recommended to migrate device encrypted with SED drives to use V5 PBL (As per SD-9411).
Resolution:
- For reported devices (i.e. HP ProBook 6475b) the SecureDoc client software should only be deployed so that it will use the version 5 boot code only.
If necessary, create a copy of the profile installed, and ensure that the option is selected that will utilize ONLY the V5 Boot Logon.
- WinMagic may determine that the drive has a firmware issue, and suggest to the client to consult with the hard drive vendor for resolution.
Internal Reference:
SD-183
SD-4378
SD-9411
SD-11414