Workaround for VeraCrypt pretest failure on Windows 10 Build 1709

The latest VeraCrypt Final/Beta seems to have some troubles with latest Windows changes, which means the pretest fails. This test is needed to verify if your HDD/SSD can be proper encrypted before the actual process really starts to avoid running into problems.

vc2

The guide is a workaround however this needs to be fixed within VeraCrypt with the next final version.

The Problem

Once you installed VeraCrypt Final / Nightly you might want to start the full disk-encryption (FDE) to encrypt the whole OS partition/drive, you start the setup and do everything what you get asked for – The system shutdowns , yep no reboot! – it shutdown, bad signal already! Okay so you power on your machine and you won’t see any input field to type in your password, Windows just boots or you see a error which says that the authentification failed. Well, you just boot into Windows but nothing got encrypted and you see the error (see picture above). That’s bad and it sucks!

Workaround

  • If you tell the VeraCrypt wizard to go ahead and skip the pretest and take a look into the EFI filesystem you will notice that there is no EFI/VeraCrypt folder! That’s the real issue here. Sadly I could’t find what is causing it.
  • After the first reboot with no password prompt (as explained in the above scenario), VeraCrypt says that the pre-test failed, however at this moment you can see that the EFI/VeraCrypt partition was created. Go ahead and tell the VeraCrypt wizard that you want to try it again but hold on with the reboot and follow with these steps manually:
    1. Copy the file: EFI\Microsoft\Boot\bootmgfw.efi to bootmgfw_ms.efi
    2. Copy and replace EFI\VeraCrypt\DcsBoot.efi to EFI\Microsoft\Boot\bootmgfw.efi
    3. Edit EFI\VeraCrypt\DcsProp and put the key within the configuration:
      <config key="ActionSuccess">postexec file(EFI\Microsoft\Boot\bootmgfw_ms.efi)</config>
    4. After the reboot you finally can enter your password and VeraCrypt finally says that the pretest is okay.

I took me one day to figure it out. The issue is already reported on GitHub with similar or exactly the same symptoms.

I hope this gets fixed because as of right now no version – no matter FInal or Beta- seems to have a solution for this.

Stay secure friends! 🕵🏻

Research

Advertisements

One thought on “Workaround for VeraCrypt pretest failure on Windows 10 Build 1709

  1. I had the same problem on a fresh installation of Windows 7 Pro 64 bit with all the updates, and this worked just great – thanks!

    I used this to mount the EFI partition first :

    Open an elevated command prompt and give the EFI partition a drive letter. In the following example the EFI partition is on disk 0, partition 1 and will be assigned to letter b:

    diskpart
    list disk
    select disk 0
    list partition
    select partition 1
    assign letter=b
    exit

    Now kill the File Explorer process and start it with administrative privileges:

    taskkill /im explorer.exe /f
    explorer.exe

    Now you can access the EFI partition with File Explorer.

    Liked by 1 person

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: