No System encryption on Lenovo ThinkServer TS140 - WIN 7 Ult. X64 SP1

Topics: Technical Issues
Aug 27, 2015 at 8:55 PM
Running Win 7 on Lenovo TS140 cannot encrypt system partition. Fails test - accepts & OK's the password but "hangs" while showing "booting". Latest BIOS (June 2015) installed and UEFI disabled. Forced to use "Legacy" boots only.

Didn't work on a Crucial 128 SSD and I read somewhere that undiagnosed SSD errors might cause problems so also tried a new Samsung 850 EVO. Still NG.

Any ideas anyone??

By the way, was using Diskcryptor on the system for about a year and no problems with the system encryption on that.
Aug 28, 2015 at 8:55 PM
Edited Aug 28, 2015 at 8:56 PM
Using either TrueCrypt or VeraCrypt, currently you cannot encrypt the Window System Reserved partition or the machine will fail to boot.

Which system encryption option did you pick? Encrypt the Windows system partition or Encrypt the whole drive?
Aug 28, 2015 at 10:48 PM
Thanks for the get back.

Just the System Partition, which, if I understand you, can't be done.

Just FYI, have an HP Laptop with 2 partitions on the SSD: WIN7 sysres & a Data one. Encrypted each separately as partitions and it works just fine. When encrypting the sysres, the data partition was unencrypted but the system encryption test passed. And have been using that setup for almost a month now with numerous reboots and no problems.

Aug 29, 2015 at 3:00 AM
Edited Aug 29, 2015 at 3:13 AM
To clarify, there is a difference between system partition and system reserved partition. The system reserved partition is generally less than 200 MB for Windows 7 and 350 MB for Windows 8 and 10. There is no drive letter on the system reserved partition.

You can encrypt the OS partition or system partition a.k.a the C drive. Therefore, you would select the option to "Encrypt the Windows system partition" instead of the "Encrypt the whole drive" option.

The following screenshot is from using Windows Disk Management.

Aug 29, 2015 at 4:01 AM
Thanks again for the prompt reply;

Here's my layout and, as you can see, no system reserved partition anywhere. And, as I mentioned at the outset, I have UEFT disabled in the BIOS. But the OS Partition fails the test.

Any other ideas???

Aug 29, 2015 at 5:15 AM
I cannot see your picture. You probably referenced your PC verses using an cloud service.

When you installed Windows 7, was the BIOS setup for UEFI mode or legacy BIOS-compatibility mode?

Windows OS installation will detect the BIOS setting and install the OS using MBR for legacy mode or GPT for UFEI mode.

VeraCrypt does not support GPT for system encryption. DiskCryptor does support GPT.

Check if your OS is using MBR or GPT by performing the following:

Go to Control Panel > Administrative Tools > Computer Management, and select Disk Management
  • In the lower pane where you see Disk 0, Disk 1, etc, right click on the disk number that contains the C drive letter which is usually Disk 0.
  • Right click on Disk 0 and select Properties.
  • Select the Volumes tab.
  • The Partition style: entry will show as either Master Boot Record (MBR) or GUID Partition Table (GPT).
What is your partition style entry for the disk number containing the C drive?
Aug 29, 2015 at 2:33 PM
Continued thanks for your interest.

Sorry about the image. This time saved it as JPG so see below.

Volume properties from both Disk Management and Partition Magic show MBR. Also, remind that WIN7 boots just fine as did DiskCryptor. Plan to image the partition and rebuild the MBR unless you have better idea.

Aug 29, 2015 at 2:54 PM
Edited Aug 29, 2015 at 9:31 PM
Still cannot see your picture.

Did you use Partition Magic to adjust the OS partition in the past?

Are you using dynamic disk for the OS which is not support by VeraCrypt?

The only other idea I have is to have you run the utility Mounir created called GetDriveExtendedInfo for the C drive and post the results in the hopes that Mounir sees something in the output that indicates a problem.

Aug 29, 2015 at 6:07 PM
Hopefully found the way to get images through Codeplex so see below.

Not a Dynamic Disk. In fact Disk Management, when viewing Properties, offers to convert it to a Dynamic Disk.

You mention a utility "Mounir" (perhaps MOUNT) on the C drive but I can't find it. ?? Do I have the name right and just exactly where is the utility?

Aug 29, 2015 at 7:26 PM
Edited Aug 29, 2015 at 9:32 PM
Mounir Idrassi is the developer of VeraCrypt and the GetDriveExtendedInfo utility. The link in my post above will take you to the post to download the utility.

EDIT: Updated my previous post to avoid confusion.
Aug 29, 2015 at 8:34 PM
Bear with me. Think the image below views correctly now.

And i got the util and ran on the C: drive with following results:

_____Get drive technical information
Copyright Mounir IDRASSI ( 2015

Disk Free Space = 0000077832704000 Bytes
Disk Total Size = 0000120031539200 Bytes

Disk Number = 0 ("\Device\Harddisk0")
Drive Serial = 32534e31534e4742303438333439205020202020
Logical sector size = 512
Physical sector size = 512
Byte offset for alignment = 0

Partition Number = 1 ("\Device\Harddisk0\Partition1")
Partition Offset = 0000000001048576
Partition Length = 0000120031543296
Partition Style = MBR
Partition Type = IFS
Partition Bootable = TRUE
Partition Recognized = TRUE
Partition Hidden Sectors = 68896824525588480

Look OK to you???

Aug 29, 2015 at 9:06 PM
Thanks for providing the information. I do not see any obvious issues. You are using 512 sector size, no offset for alignment, MBR and bootable.

Have you tried using TrueCrypt 7.1a version to see if it will pass the pretest? VeraCrypt is based on TrueCrypt. If you have the same problem with TrueCrypt, then we know it is not something unique to VeraCrypt code modifications that were made since forking the software from TrueCrypt.
Aug 29, 2015 at 11:17 PM
Long time Truecrypt user and still have 7.1A around. Will try it and let you know.

Aug 30, 2015 at 1:03 AM
As promised, tried Truecrypt on the partition with same results. Accepts the password and then hangs in "booting". Used Partition Wizard to rebuild the MBR (no problems) and tried again with Truecrypt. Same results -- Boot Hang.

Than I booted into Win7 Repair and checked for startup problems and it could find nothing wrong with the partition, the volume, or anything else. Tested memory on the box and that too was fine. Outta ideas.
Aug 30, 2015 at 2:48 AM
Thank you for testing using TrueCrypt. Now we know the issue is not specific to VeraCrypt.

What is your boot order and settings in the BIOS? Did you select Legacy Only or Auto?

In the BIOS, is Secure Boot disabled?

See pages 6 & 8 in the link below.

Also, can you try physically disconnecting the other HDDs leaving only the system disk attached to the system to see if you can pass the boot pretest when BIOS is set to Legacy Only?
Aug 30, 2015 at 6:54 PM
As generally mentioned in my initial post, the BIOS is the latest (June, 2015) and is set up for Legacy Only.

Given the TS140 doc you reference (greatly appreciate your efforts, by the way), let me be specific.

These are, and have been, my BIOS settings:

CSM = Enabled
Boot Mode = Legacy Only

All three Boot Sequences (Primary, Automatic, & Error) will boot from the Samsung SSD and ONLY from that device. To boot from another device, you would have to hit F12 at start-up to temporarily modify a boot sequence.

Just finished re-trying both VC & TC with these settings with same results -- hang at "rebooting".
Aug 30, 2015 at 8:32 PM
Thank you for verifying the BIOS and boot order settings.

One test I would perform is to use the F12 and manually select the Samsung SSD drive for boot both before you attempt to encrypt and during the boot pretest.

If for some reason you manually select the SSD drive before attempting to encrypt and the system fails to boot, then definitely something else is not correct.

Have you checked for any postings from Diskcryptor having issues migrating or removing DiskCryptor bootloader from their systems?

Try Google searching "remove diskcryptor bootloader".

Sorry to trouble you with things you stated before. However, when troubleshooting remotely you be amazed at the number of times you ask the person to verify certain settings and they come back with results that are different from their initial posting. :-)

I am running out ideas to troubleshoot the issue.
Sep 2, 2015 at 7:41 PM
I had the exact same problem. (both TC and VC hang after password entry), the only difference is, that I never used diskcryptor.
Anyway I Just managed to fix it: I started the machine with the windows boot disk (usb in my case) and selected to repair my computer
It came up with bunch of options.. Go with command prompt.

Once the command prompt comes up I run the following commands:
BootRec /fixmbr
BootRec /FixBoot

Restarted the computer. Once it was up I could setup up the system encryption.
Sep 2, 2015 at 8:44 PM
Thanks, AlbertJohn for the info.

Have done the fix mbr but not the fix boot so will try it and let you know.

Are you on a ts140 running win7 x64?
Sep 2, 2015 at 11:18 PM
Worked like a champ. Thanks to both of you.

Funny thng was, at one point I had Win Repair check the system and it found no problems. Changed the mbr but not the boot so go figure.
Sep 3, 2015 at 12:07 AM
Thank you AlbertJohn for sharing your solution.
It is much better than the usual one that requires deleting the 100 MB System Reserved partition and setting the one that follows it as the active partition.

I have updated the FAQ to include your solution alongside the 100MB one:
Sep 3, 2015 at 7:02 AM
scout44 wrote:
Are you on a ts140 running win7 x64?

idrassi wrote:
It is much better than the usual one that requires deleting the 100 MB System Reserved partition and setting the one that follows it as the active partition.
Actually when I had this problem, the system did not had this 100 MB System partition. So your second solution would not work for me.