System encryption pretest fails on win10

[Monica7757]

I tried to encrypt my Sytem with Veracrypt: Windows 10 64bit. Everything works fine until I get to the pretest. The computer should reboot, but it turns off. Then when I click to turn it on, it turns on and instantly turns off. After that I press the power button again and it turns on without the password window. After that, a message is reported that the test is not passed. I haven't been able to find a fix. Is anyone aware of this issue? Thank you.

[kkar]

I can verify the issue. I am using Windows 10 64bit, with an SSD. Until TrueCrypt's latest version i had no problem on crypting the whole disk, BUT, i was using Windows 8.1 back then. This is the only difference. Yesterday i installed Win10x64, and had (and still have) the same symptoms as @Monica7757 no matter what kind of encryption algorithms i pick. I can verify that none of my BIOS settings are messed up, i double checked everything (legacy & secure boot etc).

[ghost]

I can confirm the same Problem with Windows 10 1709 x64 On older Win10 Build it worked fine. With newly installed build on same machine the computer only shutdown

[ghost]

Confirmed as well. Option for full disk encryption is unavailable and encrypting system partition results in pretest failure. Windows 10 Pro 64-bit (Version 10.0.16299 Build 16299 x64) with PCI-E Intel Optane 900p 460GB. SATA AHCI selected, same issue with RAID enabled. Encryption performed with AES (AES-NI Enabled) and SHA-512 w/ password + PIM.

[ghost]

Any Update on this or can we help to solve this?

[h00jraq]

I have exactly the same issue :/ (no restart, just shotdown and pretest failed). No idea how to fix this. Don't want to use other encryption software.

[NilsUSA]

I can also confirm, that I am having the same issue on my Windows 10 machine. I have even reinstalled my OS.

[jgoggan]

I'll add yet another "me too" to this.

I did a brand new clean install of Windows 10 yesterday on my Toshiba laptop SSD. Installed with MS's latest Build Tool, so it was straight to 1709. I then installed a couple of downloaded updates. Currently showing 1709 Build 16299.125.

Veracrypt says it is going to do the pretest and says it will restart. Instead, it shuts down. Powering it back up going immediately back into Windows and says that the pretest failed.

[servercookie]

I'll add yet another "me too" to this.

Exact same problem, on a new fresh install of windows 10, pretest fails because instead of restart it just shuts the computer down.

Tried disabling fast boot in bios and in windows, did not help.

[ghost]

Alright. There is a workaround. I was able to get it working with the following steps.

1. Back up everything of importance to you, this may really not work for some
2. Disable secure boot in BIOS
3. Encrypt system partition with Veracrypt
4. Allow the validation to occur and then fail
5. Force it to resume encryption
6. Reboot and enter BIOS
7. Force boot to the unlabeled / veracrypt bootable partition, label varies BIOS to BIOS
8. Everything works, but in the sketchiest of ways

[millerman1121]

I'm also having the same issue, however it seems to be my new SSD.... I preformed the pretest on my laptop last week using my existing WD conventional hard drive and it passed, but I did not complete the process. Today I purchased a new Samsung 860 SSD, cloned the drive and now it is failing the pretest. I tried 1.22-BETA8, but still have the same issue.

[jgoggan]

@michaeljgray How is this a duplicate of #264? 264 is about someone that already HAS it installed, but can't always type the password properly if it has capital letters. This one is about not even passing the pre-test to get to the point of installing the Veracrypt boot loader!

I don't think this is related to #264 at all?

[ghost]

@jgoggan as explained in the other comment, I linked the wrong number on accident. Thanks for pointing it out, I’ll fix it when I’m back at my desktop.

[ghost]

@millerman1121 you can try my workaround with the additional step of disabling Intel Rapid Storage in your BIOS if it’s available.

[Duzga]

On UEFI system before restart for test open Admin command prompt and type: bcdedit /set "{bootmgr}" path \EFI\Boot\bootx64.efi After restart your asked password!

P.S. Problem in this. On some systems UEFI default loads \EFI\Microsoft\Boot\bootmgfw.efi instead of the \EFI\Boot\bootx64.efi. VeraCrypt no check this.

[ghost]

@Duzga Thanks this workaround fixed the problem. Typed this when the last popup came up with "Restart PC Now" Workstation still did a shutdown but after turning on the password prompt for veracrypt came up

Tested with lates Veracrypt Version 1.22 and latest Windows 10 Pro 1803

[TowerBR]

I'm using VeraCrypt 1.21 on a Windows 10 1709 x64 with the system disk fully encrypted and everything is ok. I only have one boot.

Can I upgrade to 1.22 or should I wait?

[ghost]

@TowerBR Your question has nothing todo with this bug report/ issue. When you have already your complete disk encryptet it is fine. This ticket describes the problem that the encryption is not working, doesnt matter which VeraCrypt Version. You will get more help when you ask the question in the correct thread ;)

[NilsUSA]

@Duzga Thanks for the help! Can confirm, that it solved the problem for me.

[Tech11]

@Duzga Thanks for you help, but now I just keep getting "Image failed to verify with SECURITY VIOLATION Press any key to continue. This message shows 3 times, then I get a boot order menu. Regardless of which option I choose to boot from, it just gives me the same SECURITY VIOLATION message. I can no longer boot Windows 10 version 1709. Help?

[Tech11]

@Duzga I ended up disabling Secure Boot in bios and now it asks for the password and Windows booted. Pretest now completed. Thanks a ton! :)

[idrassi]

I have implemented a workaround for machines where VeraCrypt PreTest fails (most notably HP and Acer machines) and I have published version 1.23-BETA0 that contains this at https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/.

Can you please check that now system encryption works reliably on affected machines?

This version also introduce some enhancement that can be found in the Readme.txt file at the same location.

Thank you for your help.

[kkar]

@idrassi I still get the "The VeraCrypt system encryption pretest failed." error. Tried with 1.23-BETA0 just a minute before.

[kkar]

@idrassi just FYI, I am letting you know my current setup.

• VeraCrypt version: 1.23-BETA0
• Operating System: Microsoft Windows 10 Pro x64 (10.0.16299 N/A Build 16299)
• Hard drive: Kingston SSD
• BIOS Legacy: Yes
• Secure boot: Disabled
• Boot order: 1st->Kingston SSD, 2nd->DVD Drive

I also tried everything people suggest in this issue, including the bcdedit command, but no luck yet.

[idrassi]

@kkar: Thank you for these details. To me, it looks like you are booting in MBR mode and not UEFI mode but I'm not sure. Just to be sure, can you please run msinfo32.exe and report the field "BIOS Mode". It should read "UEFI". Also, what is the system manufacturer of your machine? Last question: can you please run the following command on an command prompt that was launched as an administrator and report the values desiplayed for "Bytes per Sector" and "Bytes per Physical Sector": "fsutil fsinfo ntfsinfo c:"

[LegendaryB]

Hey @idrassi,

I have the same problem with an HP EliteBook 820 G2. Unable to fix this issue. Tried almost everything. Can the beta version be used without problems? (updating in the future etc.)

Kind Regards, Daniel

[idrassi]

@dbelz: yes, this beta is stable. The changes introduced concern EFI boot and these were tested extensively. Moreover, HP machines are one of the targets of the introduced modifications and this beta was validated against HP machines we have. So, you should now be able to perform system encryption on your machine.

[LegendaryB]

Thank you for your fast response :smile: Will try it again today. Will report back

[LegendaryB]

Hey @idrassi,

have tested the new veracrypt version on a freshly installed windows 10. Now my notebook is rebooting instead of shutting down. But still not able to get to the veracrypt pretest. It is now hanging on the HP Logo Screen.

Do you have more ideas what can cause this behavior? Bios has standard settings, nothing customized etc.

Kind Regards and thanks for your effort, Daniel

[LegendaryB]

Okay now I was able to pass the pretest and also encryption is working. But in order to get to the veracrypt password dialog I need to press ESC -> Boot Device Options -> Boot from EFI File -> Navigate down until Veracrypt DcsBoot.efi. Select and press enter. That works. If i select the Veracrypt BootLoader in the main menu its not booting and im stuck at the HP Logo again. Have also disabled every boot device except custom boot and so on.

Ideas, please?

Kind Regards

[idrassi]

Is it possible to know the BIOS version that is used by your HP machine? Also the HP model? I don't have such behavior on HP laptop used for testing so it is difficult to know what is causing this. I will try to find machines similar to yours around me. VeraCrypt Bootloader entry in main menu points towards DcsBoot.efi so it is strange that it doesn't work. It looks like the machine's firmware refuses to boot implicitely from anything other Microsoft bootloader which is surprising since SecureBoot is disabled. By the way, can you check SecureBoot configuration in BIOS menu and report options that are allowed for it?

[LegendaryB]

Hey,

I'm using the HP 820 G2. My BIOS Version is: M71 Ver. 01.24 It was released on the 25.01.2018

Yeah I also don't know how this is possible. I have this menu entry but when I try to use it it stucks. But when I use "Boot from EFI File" and select the DcsBoot.efi file it works. I have also discovered that you can specify a customized boot path in the HP Bios (see this: https://wiki.archlinux.org/index.php/HP_EliteBook_840_G1)

But it results in the same behavior = stuck

Secure Boot in the BIOS is entirely disabled. Have no settings activated for it. Will now start a new test with the BIOS set to use Legacy Mode instead of UEFI. Maybe this will work for me.

Kind Regards, Daniel

[LegendaryB]

Have switched now to Legacy Bios mode. Seems to work fine. Will go now with this solution. Thanks @idrassi

[bigretromike]

Only workaround I found was Disabling Secure-Boot; It result with shutdown instead od reboot on test, but after turning it up computer asked for password, entered Windows and veracrypt started encryption. bcdedit for me was \EFI\Microsoft\Boot\bootmgfw.efi changing it to anything else result in soft-brick;

[kkar]

@idrassi my BIOS is in "Legacry" in msinfo32. Also, the output you asked for:

C:\Windows\system32>fsutil fsinfo ntfsinfo c:
NTFS Volume Serial Number :        0x46dad175dad161ab
NTFS Version   :                   3.1
LFS Version    :                   2.0
Number Sectors :                   0x0000000037e41fff
Total Clusters :                   0x0000000006fc83ff
Free Clusters  :                   0x0000000003a24ee9
Total Reserved :                   0x0000000000001531
Bytes Per Sector  :                512
Bytes Per Physical Sector :        512
Bytes Per Cluster :                4096
Bytes Per FileRecord Segment    :  1024
Clusters Per FileRecord Segment :  0
Mft Valid Data Length :            0x0000000026f00000
Mft Start Lcn  :                   0x00000000000c0000
Mft2 Start Lcn :                   0x0000000000000002
Mft Zone Start :                   0x0000000005a03ae0
Mft Zone End   :                   0x0000000005a10300
Max Device Trim Extent Count :     64
Max Device Trim Byte Count :       0x7fff8000
Max Volume Trim Extent Count :     62
Max Volume Trim Byte Count :       0x40000000
Resource Manager Identifier :      5AE61974-FFFB-11E7-ACDD-85E026309792

C:\Windows\system32>

[MCS000]

Add another me-too

{blah blah blah}

Opening a new thread; Deleting my comments here. See Issue 323.

[kkar]

Any progress on this?

[Marcel64]

I found a good link! https://h30434.www3.hp.com/t5/Notebook-Software-and-How-To-Questions/VeraCrypt-Boot/td-p/6450537 There is a step by step method to follow

[goose-ws]

For others with Acer computers, here's how I fixed this issue for me:

1. Rebooted into BIOS (F2 on logo)
2. Go into Security settings and set a Supervisor Password, so I can modify Secure Boot settings
3. Clear Secure Boot Settings
4. Install Secure Boot settings from VeraCrypt
5. Save changes, reboot

Hopefully this helps someone else

[idrassi]

Version 1.23-BETA1 implements fixes for EFI issues that affected several machines (like HP). You can get it from https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/.

For SecureBoot compatibility, I have updated PowerShell scripts to be compatible with more machines models. You can read the following the post that has more details on this: https://sourceforge.net/p/veracrypt/discussion/technical/thread/ace1e682/?page=1&limit=25#15ef.

[steampixel]

Had the same problem on my MSI GE72 6QD Apache Pro Notebook. The beta version worked :-)

[eetech888]

I just tried VeraCrypt Setup 1.23-BETA2.exe as Administrator and failed pretest with error "The parameter is incorrect. Source: VeraCrypt::File::Write:922" on my HP Stream

[jgoggan]

I just wanted to add a data point. I am using a Toshiba Satellite with Windows 10 64-bit and the pretest kept failing for me with 1803 installed. When running 1709, I had done some tricks to get VeraCrypt (1.22) to encrypt the system partition, but was hoping not to have to do that with 1803. 1.22 failed for me, but I upgraded to the 1.23BETA2 and it worked great!

Just wanted to let you know that your BETA2 fixed the issue for me on this laptop. Thanks!

[punkr0ck]

Read everything completely before doing anything!

On Lenovo Thinkpad T570 (UEFI) it works like this:

• Start the System Encryption process until you have to hit the "Test" button that restarts the machine (don't hit it)
• Now open the Windows console as adminstrator and enter bcdedit /set "{bootmgr}" path \EFI\Boot\bootx64.efi like @Duzga said above.
• Now hit "Test"-button in VeraCrypt and let it reboot
• Now I had to interrupt the boot process because I ended up in the startup partition list and every time I choosed the VeraCrypto Boot-Partition it reloaded the list and nothing happens, so:
• I restarted (CTRL+ALT+DEL), interrupted booting and then disable "Secure Boot" and "Clear All Keys...":

• Save and Exit

Now it should ask for your VeraCrypt password and you can proceed with the encryption.

Good luck!

[Van-Fouran]

Is this issue fixed in the current version? Can this case be closed?

[Tech11]

Yes, thank you.

Thank you for your business, Andrea Zimprich/Office Manager Office: (928) 774-7700

Alpine Computer Repair & IT Services, LLC 709 N Humphreys St. Flagstaff, AZ 86001

Please preserve our natural resources by not printing this e-mail.

On Sat, Sep 14, 2019 at 7:17 AM Van-Fouran notifications@github.com wrote:

Is this issue fixed in the current version? Can this case be closed?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/veracrypt/VeraCrypt/issues/269?email_source=notifications&email_token=AJFSISIKMRSTC4ZOASM7VUDQJTW6RA5CNFSM4ENGF42KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6W4TXA#issuecomment-531483100, or mute the thread https://github.com/notifications/unsubscribe-auth/AJFSISJVUBMCF6EODHRKQVDQJTW6RANCNFSM4ENGF42A .

[sreith1]

I couldn't solve this issue on my system.

• Lenovo E560
• Windows 10 1909 x64
• UEFI Mode
• Secure boot and legacy boot switched off
• VeraCrypt 1.24-Update2

After the pretest no password query was shown and the System infinitely tried to reboot, even if I choosed the VeraCrypt bootloader in boot menu. I could only boot my system after applying of the steps described here.

I tried the workarounds from Duzga and punkr0ck with the same result.

[minozheros]

EDIT: I solved it by switching to Native UEFI (without csm)

HI.. I can't get it to work either..

• HP Elitebook 8570W
• VeraCrypt 1.24-Update6
• 2tb samsung 860 qvo

my info:

"Sicherer Startzustand AUS" is SecureBoot off in german

the fsinfo:

if i try to encrypt the system drive i get the following errors after i press yes to restart the computer and start the pretest.

1. 

2. 

3. 

4. 

5. 

the following files do get created despite the error messages though:

I can start the pretest by loading the DcsBoot.efi file but it always tells me that :

"Either the password or the pmi or the hash are wrong"

Any help or suggestions would be very much appreciated..

[Politycian]

Same here, boot loop after installation and execution of the test. I used Veracrypt on the system for a long time, but switched to Bitlocker about a year ago after re-installation of Windows, because the problem of the boot loop could not be solved. Unfortunately the problem remains in version 1.24-Update6 of VeraCrypt.

Informations: Lenovo Thinkpad X260
UEFI-BIOS Version: R02ET69W (1.42) Secure Boot off / UEFI and Legacy Boot

[soroshsabz]

Same here, boot loop after installation and execution of the test. I used Veracrypt on the system for a long time, but switched to Bitlocker about a year ago after re-installation of Windows, because the problem of the boot loop could not be solved. Unfortunately the problem remains in version 1.24-Update6 of VeraCrypt.

Informations: Lenovo Thinkpad X260 UEFI-BIOS Version: R02ET69W (1.42) Secure Boot off / UEFI and Legacy Boot

@idrassi I have the same problem. any idea to resolve this?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.