3 Replies Latest reply on Oct 4, 2012 8:44 PM by EMiranda

    OSD (vboot) issues with Encrypted Hard Drives

    EMiranda Expert

      We recently started deploying laptops with encrypted drives.  SGN is the software that is doing the encryption.  I have no problems imaging via WinPE on this machines however when I want to schedule an OSD job to a machine that it is encrypted it fails.  I am seeing it fail at trying to run the lddefrag.exe utility.  Looks like the encrypted hard drive is denying access to the tool.


      Can someone explain to me what exactly lddefrag.exe does, does it have command lines for debugging or can you see what is going on in the screenshots below that I have attached?   Thanks,






        • 1. Re: OSD (vboot) issues with Encrypted Hard Drives
          Frank Wils ITSMMVPGroup



          This is what i found out through the years after having the same issue on Windows Embedded and Windows devices with Deepfreeze installed and active.


          The function of lddefrag is to defragment the Boot.wim file before bootfile.exe installs it as the active boot partition.

          After lddefrag, the file will occupy contiguous disk space, which is essential for the mechanics of the vboot scenario.


          The error code -2147024885 (= 0x8007000B = win32 error code 11) is bootfile error code ERR_FILEISFRAGMENTED.

          So it means that lddefrag's attempt to defragment the file was unsuccessful, presumably because the drive is too fragmented or it can't determine its status...


          Bootfile.exe is a Win32 program that sets up the MBR to boot an NTFS, FAT or FAT32 partition contained in a contiguous file in a FAT, FAT32, or NTFS partition. The file is expected to be 512 bytes larger than then actual partition because the original MBR is saved at the end of the contiguous file.


          bootfile filename [/keep] [/noui] [/noboot]


          /keep (optional) Keeps the existing partition entries in the MBR.

          If the switch is used, there must be at least one free entry in the partition table for the emulated entry to be added. If the switch is not used then only the

          emulated entry will exist in the partition table.


          /noui Prevents the message box from showing if a problem occurs.

          /noboot Performs all tasks except the MBR is not changed and the system is not restarted.


          One of the reason because it is not possible to defrag the image is that too less space is available on the disk or that the disk is too much fragmented or both. Possibly the encryption is to 'blame' here.


          Currently unfortunately there are no alternative versions of bootfile and/or lddefrag that you can use for the vboot process according to LD...


          Never been able to solve it, so always had to resort to pxe boot :(



          1 of 1 people found this helpful
          • 2. Re: OSD (vboot) issues with Encrypted Hard Drives
            zman Master

            Well if you two guys can't figure it out we are [email protected] Have you opened a case up with support? With the amount of FDE floating around in most enterprises you would think this is being addressed????

            • 3. Re: OSD (vboot) issues with Encrypted Hard Drives
              EMiranda Expert

              I plan on putting in a case in the morning. This is a tough one because the problem lies in-between both products. If I remove SGN LANDesk works as expected. I plan on putting a case with SGN as well and will definitely report back any progress. Thanks for the responses so far guys.