Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

S

SgtTomK

14 Posts

5593

October 16th, 2017 12:00

Failing to Encrypt - lastalive0.dat - Error 32

Client system failing to encrypt a system file in the windows folder.

[10.16.17 12:46:29:786      CredUMES.cpp: 5708 I] UMES - encrypting "C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat", pid=2cc
[10.16.17 12:46:29:786      CredUMES.cpp: 5600 E] UMES - crypt failed during rename for C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat [MS error = 32]
[10.16.17 12:46:29:802      CredUMES.cpp: 5708 I] UMES - encrypting "C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat", pid=2cc
[10.16.17 12:46:29:802      CredUMES.cpp: 5600 E] UMES - crypt failed during rename for C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat [MS error = 32]

I've tried having the user reboot the system and wait for at least 20 minutes before logging in - he is still being continually prompted to reboot to finish the encryption process.

I can't find much info about this file except that it's involved in recording the timestamp of HDD activity. 

Perhaps it should be added as an exemption?

v/r
-Tom

dell-dale p

156 Posts

October 16th, 2017 15:00

Hi SgtTomK,

These files are part of a heartbeat within Windows. These files are being encrypted as they are being generated, but are always destroyed on shut-down. We have a resolution to the workflow within Windows that was causing this issue in our 8.12.0 or later clients.

if updating is not an option, you can temporarily disable the heartbeat that Windows is performing on the next boot by enabling a registry entry. There is a Microsoft discussion around this issue that discusses disabling the hearbeat here:

social.technet.microsoft.com/.../eventlog-service-writes-lastalive0dat-and-lastalive1dat-once-per-minute

I hope that helps!

-Dale

SgtTomK

14 Posts

October 18th, 2017 06:00

Hi Dale,

The client version for this issue was 8.13.0.20 - so maybe the issue has not yet been fully fixed.

That being said - it seems to have resolved itself for this user.  

On to the next issue.... upwards of 1000 systems to go!

v/r

-Tom

View More

View All

No Events found!

Top