Support Center > Search Results > SecureKnowledge Details
Windows machine with Check Point Endpoint Security Media Encryption is unable to boot after Windows update KB2949927 is installed
Symptoms
  • After Windows update, the machine is rebooted and cannot load to Windows OS.

  • If the machine is not encrypted by Check Point Full Disk Encryption Blade, the system will go to 'System Repair', which cannot succeed saying that psg.sys driver is corrupted.

  • If Check Point Full Disk Encryption Blade is installed and the machine is encrypted, the 'Startup Repair' window appears and it fails with a message about disk corruption.

  • During the upgrade of Endpoint Security from R7X to E80.X version, while Windows update KB2949927 is installed, the system will go to 'System Repair' window.
    We are distinguishing between machines not encrypted by Full Disk Encryption Blade and encrypted by Full Disk Encryption Blade as appears in the symptoms above.

  • Check Point GO application crashes while authenticating with Check Point GO USB stick to a machine with Windows update KB2949927 installed.

Cause

Microsoft software update KB2949927 was released on October 14th, 2014 and was delivered with automatic Windows updates.

This KB2949927 causes the issue if Endpoint Security Media Encryption is installed.


Solution

Follow these steps to recover the Check Point Endpoint Security Media Encryption computer with Windows update KB2949927 installed on Windows 7.

Important Note: Reverting the changes on the affected machines with installed Endpoint Security does not affect the Check Point software and configuration.

  • If the affected machine is encrypted by Full Disk Encryption Blade

    1. Download the Check Point special bootable ISO image:

      • If the issue occurred with the currently installed Endpoint Security, then download this ISO image.

      • If the issue occurred during the Endpoint Security upgrade from R7X to E80.X, then download this ISO image.


      Note: This special bootable ISO image was prepared by Check Point based on Windows Automated Installation Kit (WAIK) for Windows 7 and it also contains Full Disk Encryption 'Dynamic Mount Utility' (DMU) to unlock the encrypted hard drive.

    2. Burn the special bootable ISO file on a CD, or copy it to a USB storage device.

      Important Note: The recovery file of the affected machine will be required - either add the recovery file to this ISO file / USB storage device, or copy the recovery file to an additional storage device (such as USB drive).

    3. Boot the Windows machine using the Check Point special bootable image.

      Important Note: Make sure that the recovery file of the affected machine is available - either on the same bootable media, or insert an additional storage device (such as USB drive) before booting the machine.

    4. When the command line appears, run the Full Disk Encryption 'Dynamic Mount Utility':

      C:\> cd /
      
      C:\> cd "Program Files"
      
      C:\> cd "fde_dmu"
      
      C:\> "FDE_Dyn_Disk.exe"
      
    5. In the "Dynamic Mount Utility", double click on the \\.\PhysicalDrive... to unlock the drive.

      In case of authentication issue, use the "recovery file" and then try unlocking the drive again.

    6. Make sure that the partition is unlocked.

      The unlocked drive should be displayed as "Unprotected or unlocked".

      Example:



    7. Use the DISKPART utility to determine the system drive letter (where the Windows OS is installed):

      1. Run the diskpart utility:

        C:\> diskpart

      2. Get the list of the volumes:

        DISKPART> list volume

      3. Find the system drive letter (where the Windows OS is installed) - look at the "Ltr" column.
        Usually, when Windows OS is installed on drive C:, it will appear as drive D: while using WinPE and DMU (drive C: is displayed as 'System Reserved' in the "Label" column).

      4. Exit from the diskpart utility:

        DISKPART> exit

      Example:



    8. Revert changes made by installing KB2949927:

      • In case Windows OS is installed on partition "C:", run this command (note that drive letter is "D:"):

        DISM /IMAGE:D:\ /cleanup-image /revertpendingactions

      • In case Windows OS is installed on any partition other than "C:", run this command:

        DISM /IMAGE:Letter_of_Windows_Partition:\ /cleanup-image /revertpendingactions

      Example:



    9. Wait until the confirmation appears - "The operation completed successfully":



    10. Reboot the machine and use your credentials to pass the Preboot authentication.

      During Windows Startup, the following messages will appear:



    11. Follow the steps displayed on the screen.

    12. After an additional restart, the machine should load Windows OS properly.


  • If the affected machine is not encrypted by Full Disk Encryption Blade

    1. Prepare bootable disc / storage device.

      • Either use Windows OS installation disc

      • Or use the Check Point special bootable ISO image

        1. Download the Check Point special bootable ISO image from here.

          Note: This special bootable ISO image was prepared by Check Point based on Windows Automated Installation Kit (WAIK) for Windows 7 and it also contains Full Disk Encryption 'Dynamic Mount Utility' to unlock the encrypted drive.

        2. Burn the special bootable ISO file on a CD, or copy it to a USB storage device.


    2. Boot the Windows machine - either use Windows OS installation disc, or use the disc with Check Point special bootable image.

    3. Use the DISKPART utility to determine the system drive letter (where the Windows OS is installed):

      1. Run the diskpart utility:

        C:\> diskpart

      2. Get the list of the volumes:

        DISKPART> list volume

      3. Find the system drive letter (where the Windows OS is installed) - look at the "Ltr" column.

      4. Exit from the diskpart utility:

        DISKPART> exit


    4. Revert changes made by installing KB2949927:

      DISM /IMAGE:Letter_of_Windows_Partition\ /cleanup-image /revertpendingactions

      where Letter_of_Windows_Partition is system drive letter from Step 3-C above.

      Example:

      DISM /IMAGE:D:\ /cleanup-image /revertpendingactions



    5. Wait until the confirmation appears - "The operation completed successfully":



    6. Reboot the machine and use your credentials to pass the Preboot authentication.

      During Windows Startup, the following messages will appear:



    7. Follow the steps displayed on the screen.

    8. After an additional restart, the machine should load Windows OS properly.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment