I've setup and advertised an OSD image to some test laptops and desktops. Laptops are encrypted with Utimaco encryption. The Task sequence runs fine on desktops without encryption. On the laptops, I get the error: "ConvertBootToLogicalPath failed" Failed to find the configuration path. The system cannot find the path specified (Error 80070003). I've tried using Diskpart before and after the TS step "Restart in Windows PE" but that doesn't work. I also saw this article regarding runningconvert.exe before staging the boot imagehttp://technet.microsoft.com/en-us/library/bb932144.aspx, this didn't work either. Hasanyone used SCCM / OSD toreimage a machinewith a 3rd party encryption tool?

I am having the exact same problem. We use WinMagic SecureDoc on our laptops. PXE boot TS's work fine, its just the TS's that launch from Windows that stage the boot image that have the problem. The error you mentioned shows up in the smsts.log. On the screen I see an "Unable to read task sequence configuration disk" message. The wizard is at the "Initializing hardware devices..." window at the time of the error. I just upgraded to SP1 last week. One thing I noticed that was different is when an image is copied down it now copies to C: rather than E:. Not sure why or if this has anything to do with it. The smsts.log shows that it is trying to access e:\nts_sms_fre\sms\...and can't. I have opened an incident with MS and will report what I find out. Neal

In the SMS 2003 OSD days, I made a solutionhandling this issue.The encrytion tool was actually also SafeGuard Easy. I was able to PXE-boot the clients and wipe the encrypted disk using diskpart, but notvia an advertisement from full OS. So what I did was: In the Validation phase (SMS 2003 OSD phase)using a VBScript I copied the SMS 2003 OSD boot CD-ROM ISO-file to the C-drive, and modified the boot files to boot on the ISO file in stead of the full Windows XP. The OSD boot CD was built on WinPE 1.5 and Windows Server 2003 with the "boot in memory" fuctionality. Then I was able to wipe the disk using diskpart.However, I really don't think this was a supported scenario I got the inspiration from Johan's article: http://www.myitforum.com/articles/8/view.asp?id=8814 Please note that I was using SMS 2003 and not ConfigMgr, so I have never tried this with ConfigMgr. And again, really don't think this is a supported scenario, so if I were you, I would look for a more "pretty and clean" solution Maybe ask Utimaco if there is a solution.

Any news on this? I'm facing the same issue with Safeguard Easy, and would be keen on finding a solution.

hi ..is there a solution? We're facing the same issue in SCCM with another encryption tool...

Neal - Were you able to find out anything? I would be very interested to hear

Does anyone know how to do this? I am able to do it with PGP / SCCM and PGP / MDT but not Ultimaco. I have a customer who is lookign to upgrade from XP to Win 7 and they can't sacrifice having the disks wiped manually to change out the OS and reencrypt.

I've been looking at this as well, and the key to me it seems will be getting filter drivers for the version of Utimaco SGE that work with the latest WinPE. The drivers for BartPE are obviously XP, not Win7, and they do not seem to work. You cannot install the version we are running (4.30.1) on windows 7, which leads me to believe a plugin for WinPE 3.0 will be hard to come by. I'm going to see if my coworker who originally dealt with Utimaco can get some information from them on this.

Here's what I found: http://www.sophos.com/support/knowledgebase/article/66019.html Specifically: ftp://SGEwinpe:SGEwinpe@ftp.ou.utimaco.de There is a pre-built winPE 2.0 that can read the encrypted drive and there are instructions on how to add the filter drivers to your own PE image using a batch file. I tried it on our WinPE 3.0 image and it is working great.

Old post but I'm trying to get this to work in a task sequence atm. The filter drivers above works fine for reading the encrypted drive that WinPE get's staged on. The disk get's formatted and the windows 7 image is applied. However, after the next reboot SafeGuard Easy still resides in the MBR even though a config file has run that instructs SGE to allow changes to the MBR and hangs at "loading operating system". Tried using diskpart to clean the MBR, bootsect /mbr and bootrec /fixmbr from within the task sequence but that doesn't work either. Only solution so far is to from that point boot from a WinPE CD (starts before the SGE PBA) and perform a bootsect /mbr, then reboot again to the task sequence which then continues correctly. Any ideas on how to do this without external media?

Old post but I'm trying to get this to work in a task sequence atm. The filter drivers above works fine for reading the encrypted drive that WinPE get's staged on. The disk get's formatted and the windows 7 image is applied. However, after the next reboot SafeGuard Easy still resides in the MBR even though a config file has run that instructs SGE to allow changes to the MBR and hangs at "loading operating system". Tried using diskpart to clean the MBR, bootsect /mbr and bootrec /fixmbr from within the task sequence but that doesn't work either. Only solution so far is to from that point boot from a WinPE CD (starts before the SGE PBA) and perform a bootsect /mbr, then reboot again to the task sequence which then continues correctly. Any ideas on how to do this without external media?