Before installing the FDE agent, the installation will verify if the endpoint has met the minimum system requirements. This article provides information on workarounds.
You may also use Encryption Management for Microsoft BitLocker, where available, to avoid any incompatibility. Encryption Management for Microsoft BitLocker manages BitLocker Drive Encryption™ (BDE) for endpoints running compatible versions of Windows 7, Windows 8 and Windows 10.
The endpoint must have a supported operating system installed.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_OperatingSystem | Select-Object Version,ProductType
Click image to enlarge.
Make sure you have the supported operating system installed:
Version = MajorVersion.MinorVersion.Build
- MajorVersion is less than 4 it is not supported.
- Majorversion is greater than or equal to 5 and MinorVersion x is not supported.
- ProductType not equal to 1 is not supported.
For more information, refer to this Microsoft Article: OSVERSIONINFOEX structure.
Encryption Management for Microsoft BitLocker must not be installed on this endpoint. Uninstall Encryption Management for Microsoft BitLocker to install Full Disk Encryption or use Encryption Management for Microsoft BitLocker instead.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_Product | Where-Object {$_.Name -like "*Bitlocker*"} | Select-Object Name,Version
Click image to enlarge.
Make sure that Encryption Management for Microsoft BitLocker is not installed.
The physical disk must be fixed and not removable.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_DiskDrive | Where-Object {$_.MediaType -like "*Fixed*" -and $_.DeviceID -like "*PHYSICALDRIVE*"} | Select-Object DeviceID,MediaType
Click image to enlarge.
Make sure that the drive is not a removable drive.
Multiple disk environments are not supported. Remove all physical hard disks except the system drive.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_DiskDrive | Where-Object {$_.MediaType -like "*Fixed*" -and $_.DeviceID -like "*PHYSICALDRIVE*"} | Select-Object Model,DeviceID,MediaType
Click image to enlarge.
Make sure to install TMFDE on a single drive device.
The drive must have at least 256 MB of free disk space.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DeviceID -like "C:"} | Select-Object Deviceid,FreeSpace,Size
Click image to enlarge.
As a workaround, free space until it reaches the minimum requirement of 256 MB (256000000 bytes).
The disk space for each device must be no more than 2 TB.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DeviceID -like "C:"} | Select-Object Deviceid,FreeSpace,Size
Click image to enlarge.
Make sure that the disk space for each device is not more than 2 TB (2000000000000 bytes).
The endpoint must have at least 512MB of RAM.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_ComputerSystem | Select-Object TotalPhysicalMemory
Click image to enlarge.
Make sure that the system has at least 512MB of total physical memory.
The drive must not have more than 25 partitions.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_DiskDrive | Select-Object Name,Partitions
Click image to enlarge.
Make sure that there are 25 partitions or less.
The drive has an incompatible partition type.
How to check:
Run the following on a Windows Powershell:
PS C:\>Get-WmiObject Win32_DiskDrive | Where-Object {$_.Signature -eq $null} | Select-Object Name,Signature
Click image to enlarge.
Value of Signature should not be null. GPT does not have a Signature value as it is a GUID (which does not fit in WMI).
Workaround:
GUID partition table (GPT) disks use unified extensible firmware interface (UEFI). Most new systems ship with UEFI as the default configuration. UEFI utilizes the partitioning scheme called GUID Partition Table (GPT) which is currently not supported.
After converting to master boot record disk, you will need to switch to Legacy BIOS mode to be able to install the TMFDE agent on the system. This requires a reinstallation of the operating system. Part of Microsoft’s hardware requirements for Windows 10 has made this switch optional to computer manufacturers.
If the pre-install check fails the partition type check, follow the steps in this KB article: Converting GUID Partition Table (GPT) disk to Master Boot Record (MBR) disk in Endpoint Encryption.
The drive must be bootable.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_DiskPartition | Select-Object Name,BootPartition,Bootable
Click image to enlarge.
Make sure that the drive is bootable.
SCSI drives are not supported.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_DiskDrive | Select-Object Name,InterfaceType
Click image to enlarge.
As a workaround, switch to a IDE/SATA disk.
Microsoft .NET Framework is required.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_Directory | Where-Object {$_.Name -like "C:\Windows\Microsoft.Net\Framework\v*"} | ForEach-Object {Split-Path $_.name -Leaf} | Where-Object {$_ -like "v*"} | ForEach-Object {[System.Version]($_ -replace "^v")}
Click image to enlarge.
Version=Major.Minor
Make sure that at least the following Microsoft .NET Framework versions are installed.
-
For Windows 7/8/10:
- Microsoft .NET Framework 3.5 or later
-
For Windows XP:
- Microsoft .NET Framework 2.0 SP1 or later
For more information, refer to the Microsoft KB Article: How to determine which versions and service pack levels of the Microsoft .NET Framework are installed.
The installer checks that the hard disk has SED hardware compatibility.
How to check:
Run the following on a Windows Powershell:
PS C:\> Get-WmiObject Win32_DiskDrive | Select-Object Manufacturer,Model
Click image to enlarge.
Workaround:
Search the Internet for the particular model number if manufacturer details are not given. We only support the following SED drives:
- Seagate DriveTrust drives
- Seagate OPAL and OPAL 2 drives
- SanDisk self-encrypting solid-state drives
Microsoft BitLocker must not be enabled. Two full disk encryption solutions cannot run on the same drive.
How to check:
Run the following on a Windows Powershell:
PS C:\>manage-bde -status
Click image to enlarge.
Workaround:
Make sure that you have decrypted the drive and removed BitLocker protection. To turn off BitLocker Drive Encryption:
- Go to Start > Control Panel > System and Security > BitLocker Drive Encryption.
- Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.
- A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive.
How to check:
Run the following on a Windows Powershell:
PS C:\Users\markse> Get-WmiObject Win32_Product | Where-Object {$_.Name -like "*Rapid Storage*"} | Select-Object Name,Version,InstallState
Click image to enlarge.
| Value | Meaning |
|---|---|
| -6 | Bad Configuration |
| -2 | Invalid Argument |
| -1 | Unknown Package |
| 1 | Advertised |
| 2 | Absent |
| 5 | Installed |
As a workaround, switch to ATA in the BIOS. This may make the device not bootable. RAID is not supported.
