Cannot Perform Challenge/Response Recovery After Transfer To New ePO Server
I have two ePO environments running, A and B. Both are running 5.10 Update 3. I migrated systems from A to B by deploying the framepkg from B. I enabled Drive Encryption system transfer using the webAPI per PD27693.
I have a particular client that after migrating to server B needed a recovery operation (user forgot DE password). I entered the challenge code into the console on server B, and user recovery is greyed out and machine recovery says "No recovery keys found for this machine! " So I end going back to server A and could perform the recovery from there.
What I don't understand is that this particular client was clearly communicating with server B. The encryption user list was present and appeared to be valid. I could also perform an export recovery information operation from the system tree but the challenge response failed, almost like it never transferred its keys to the new server. The DE: Client system transfer failure indicates None on both server A and server B. And the DE: Systems reporting a failed ePO system transfer report on server B shows that none of my ~500 DE clients failed.
Now we have successfully performed recovery of systems that were transferred from A to B but my concern is we have no way of knowing what other machines may have the same problem as this one. We don't want to keep server A around any longer than necessary. Any ideas of what might be happening here and how we might go about troubleshooting?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.