HP EliteBook 745 Sure Recover User Guide - Page 22

A Troubleshooting Drive partitioning failed Failed drive partitioning can occur if the SR_AED or SR_IMAGE partition is encrypted with Bitlocker. These partitions are normally created with a gpt attribute that prevents Bitlocker from encrypting them, but if a user deletes and recreates the partitions or creates them manually on a bare metal drive, then the Sure Recover agent is unable to delete them and exits with an error when repartitioning the drive. The user must manually delete them by running diskpart, selecting the volume, and issuing the del vol override command or similar. Firmware audit log EFI variable information is as follows: ● GUID:{0xec8feb88, 0xb1d1, 0x4f0f, {0xab, 0x9f, 0x86, 0xcd, 0xb5, 0x3e, 0xa4, 0x45}} ● Name: OsRecoveryInfoLog APIs exist under Windows for reading EFI variables, or you can dump variable content to a file using the UEFI Shell dmpstore utility. You can dump the audit log using the Get-HPFirmwareAuditLog command provided by the HP Client Management Script Library. Windows event log Sure Recover start and stop events are sent to the BIOS audit log, which you can view in Windows Event Viewer in the Sure Start log if HP Notifications is installed. These events include the date and time, Source ID, Event ID, and an event specific code. For example, [fe 00 40 26 02 27 06 18 84 2a 02 01 00 30 f2 c3] indicates that recovery failed because the manifest could not be authenticated with the event specific code c3f 23000 that was logged at 2:26:40 on 6/27/18. NOTE: These logs follow US date format of month/date/year. 16 Appendix A Troubleshooting