How MSI SecureDoc Protects Your Data — Features & Setup Tips

Troubleshooting MSI SecureDoc: Common Issues and Fixes

1. Boot/login fails or system won’t decrypt

• Cause: Corrupted pre-boot authentication (PBA) or changed boot order/UEFI settings.
• Fixes:
  • Check BIOS/UEFI: ensure correct boot mode (UEFI vs Legacy) and that Secure Boot settings match the original configuration.
  • Rebuild or reinstall the PBA image using SecureDoc admin tools.
  • If a TPM+PIN setup, verify TPM status in BIOS and clear/re-provision TPM only as a last resort (backup keys first).

2. Forgotten or lost password / recovery key not accepted

• Cause: Incorrect recovery token, mismatched recovery profile, or corrupted key escrow.
• Fixes:
  • Use the organization’s recovery server or recovery token per SecureDoc Recovery procedures.
  • Confirm the recovery key/profile matches the device’s escrowed record in the SecureDoc Management Server.
  • Restore from a known-good backup of the management server database if escrow data was lost.

3. TPM issues (TPM not found, provisioning failed)

• Cause: TPM disabled, cleared, or firmware mismatch.
• Fixes:
  • Enable TPM in BIOS/UEFI and ensure firmware is up to date.
  • Re-provision TPM via SecureDoc tools; follow vendor guidance to avoid key loss.
  • If TPM has been cleared, recover using stored recovery keys; consider moving to password-only until TPM is reprovisioned.

4. BitLocker/other encryption conflicts

• Cause: Multiple full-disk encryption solutions or remnants of other tools.
• Fixes:
  • Fully decrypt or remove other encryption solutions before installing SecureDoc.
  • Clean the disk of any leftover bootloader or metadata from prior encryptors and then re-encrypt with SecureDoc.

5. Performance degradation after encryption

• Cause: Incompatible storage drivers, AES-NI not used, or antivirus interfering.
• Fixes:
  • Ensure disk and chipset drivers are current.
  • Verify AES-NI is enabled (if supported) and OS recognizes it.
  • Exclude encryption processes from real-time AV scanning per vendor guidance.

6. Imaging and deployment problems

• Cause: Incorrect pre-provisioning, wrong master image with encrypted disk signatures.
• Fixes:
  • Use SecureDoc’s recommended imaging workflow: prepare a hardware-independent master image, remove encryption or use pre-provisioning tools, then capture image.
  • Use SecureDoc deployment packages and ensure unique device keys are generated post-deployment.

7. Management Server communication failures

• Cause: Network/firewall blocks, certificate or DNS issues, or expired server certificates.
• Fixes:
  • Verify network connectivity and required ports between clients and SecureDoc Management Server.
  • Check server certificates and renew if expired; ensure clients trust CA.
  • Confirm DNS entries and time sync (NTP) between clients and server.

8. User prompts for password after sleep/resume or hibernate

• Cause: Power management or driver issues causing PBA to re-run.
• Fixes:
  • Update power management and storage drivers.
  • Check SecureDoc power settings and vendor KB for known sleep/hibernate behavior.

9. Updates or patches break authentication

• Cause: OS update changed boot components or drivers.
• Fixes:
  • Test updates in a staging environment before broad rollout.
  • Recreate or repair PBA after problematic updates; keep current SecureDoc client and agent versions compatible with OS patches.

10. Logs insufficient to diagnose

• Cause: Logging level too low or logs not collected centrally.
• Fixes:
  • Increase logging verbosity temporarily in SecureDoc and collect logs (PBA, client agent, server).
  • Use management server’s diagnostic tools and cross-reference OS event logs.

Quick diagnostic checklist

1. Confirm BIOS/UEFI boot mode and TPM status.
2. Verify network, DNS, time sync, and certificates for