Users Guide

Table Of Contents

● Upgrade on a computer with a LiteOn M3 series SSD installed and PBA activated fails due to the small disk size. To work

around this issue, before upgrading, deprovision the PBA. After upgrade, the PBA can be reactivated. [CSF-528]

● With PBA activated on Dell Latitude E7450, navigation of the Advanced Boot Options menu is not possible because the

native keyboard is not available. To work around this issue, deactivate the PBA, access the Advanced Boot Options menu,

and keyboard navigation is available. [DDPLP-286]

● When running Windows 10 on a computer with smart card authentication through PBA activated, after resuming from hybrid

sleep, single sign-on fails. [DDPLP-308]

● To protect communications against the OpenSSL CVE-2014-3566 vulnerability, Dell Enterprise Server v8.5.1 and DDP

Enterprise Server - Virtual Edition v9.0 and later are set to communicate using TLS, by default. However, SED and HCA v8.6

clients communicate with Enterprise Server using SSL. This means that when running Enterprise Server v8.5.1 and later, SED

or HCA v8.6 clients with Preboot Authentication activated will fail to communicate with Enterprise Server. To work around

this issue, refer to knowledge base article SLN296006 at http://www.dell.com/support/article/us/en/19/SLN296006. This

workaround must be implemented as soon as possible, in order to prevent PBA client communication issues with Enterprise

Server v8.5.1 or Virtual Edition v9.0 and later. [DDPUP-733, DDPMTR-1331]

● On Dell Latitude E7250, E7350, E7450, and Venue Pro 11 (Model 7139), recovery fails with Dell Opal SED Recovery Utility

one-time unlock of the drive. To work around this issue, use the recovery key to unlock a drive on one of these models.

[DDPUP-763]

Enterprise Edition for SED

● Amended 08/2015 - When using the child installer, the installer will effect a reboot only if necessary. To force a restart after

installation, add /forcerestart to the installation command. [CSF-246]

Cloud Edition

● When running Encryption with Deferred Activation, Cloud Edition policies may not flow from the DDP Server. If this occurs,

in DDP Remote Management Console, check the list of endpoints. The list includes an endpoint for both the host name and

the Machine ID for the computer. To work around this issue, ensure that Cloud Edition policies are set for the endpoint

represented by the computer host name. Encryption policies must continue to be set on the endpoint represented by the

computer Machine ID. [DDPMTR-825]

BitLocker Manager

● Amended 08/2015 - When using the child installer, the installer will effect a reboot only if necessary. To force a restart after

installation, add /forcerestart to the installation command. [CSF-246]

● Added 08/2015 - If Microsoft TPM Base Services is improperly installed, the following functionality is affected: HCA

provisioning, fingerprint enrollment in the DDP Console/Security Console, and BitLocker Manager operation. For more

information and to work around this issue, refer to this KB article: http://www.dell.com/support/article/us/en/19/

SLN296006. [CSF-454]

Resolved Technical Advisories v8.5.1

Enterprise Edition for Windows

● HCA activation time-outs when using Security Tools' One-time Password have been resolved. [CSF-12]

● When reactivating the PBA, a message to shut down the computer now properly displays. [CSF-20]

● TPM ownership is now properly taken after being cleared in BIOS when using DDP. [CSF-21]

● Enhancements have been made to the installer to ensure that the correct PBAAuthURI is maintained, even if the installation

reboot occurs before the authentication agent is upgraded. [CSF-123, CSF-125]

● The issue of failing attempts to open a Microsoft Excel workbook, with either a message that a problem occurred sending

the command to the program or a message that the file path or file name could not be found, is now resolved. [CSF-157]

● The issue of BitLocker Manager or computers running DDP|HCA contacting the Server too frequently during encryption

and decryption has been resolved. The Server is contacted only at encryption/decryption completion (or other regularly

scheduled polling intervals). [CSF-243]

Technical Advisories