cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
nick.vazquez@ce
Level 7
Report Inappropriate Content
Message 1 of 5
‎05-15-2020 07:46 AM

Client System with DE but no Recovery Key

We discovered a system that is encrypted and ePO shows all polices and products but when I look for a recovery key, there isn't 1 present. Is there a way to export the key from the client and import into ePO? Is there a mechanism to re-sync this key? Is there a procedure that would gracefully re-create the recovery key? Any advice is appreciated.
0 Kudos
Reply
4 Replies
sbalamur
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5
‎05-18-2020 06:02 AM

Re: Client System with DE but no Recovery Key

Hi nick.vazquez@ce  ,

Thank you for choosing McAfee Support Community.

As per below statement when you say the machine is encrypted the key should be backed up in ePO and should be accessible from "Export Recovery Information" when it is missing, the key would have got deleted from DB and there is no way to download or restore it from client to ePO.

Can you let us know was there any migration activity performed for the affected machine?

However, if the endpoint is accessible try to perform wake up agent to resend the key if available in the machine to ePO .

If this failed to recreate the key by pushing a policy to deactivate and re-activate it again so that the new key will be generated and updated in DB.

 

 

Was my reply helpful?If you find this post useful, Please give it a Kudos!

Please don't forget to select "Accept as a solution" in my reply and together we can help other members?

Regards
Subramanian B
McAfee Employee
0 Kudos
Reply
JaganA
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5
‎05-18-2020 08:13 PM

Re: Client System with DE but no Recovery Key

nick.vazquez@ce Thanks for choosing McAfee community portal

Unfortunately, there is no mechanism to export and import the encryption key OR re-sync. These futures are not available for good security reason.

You may be interested what happened to the key, when the machine is deleted from the system tree the connection to the key stored in DB is lost.

You may look into the audit log within ePO to understand when and who deleted the machine entry.

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
0 Kudos
Reply
jsubbura
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5
‎05-19-2020 06:49 AM

Re: Client System with DE but no Recovery Key

Hi nick.vazquez@ce ,

If you are still able to login to the client machine, then you can check the MfeEpe.log on the client if the key was backed up to the epo or not,

C:\Program Files\McAfee\Endpoint Encryption Agent\

2020-05-19 12:44:55,824 INFO StatusService Preboot File System (PBFS) creation complete
2020-05-19 12:44:55,824 INFO StatusService Sent system key to Key Server
2020-05-19 12:44:55,840 INFO StatusService Sent recovery key to Key Server
2020-05-19 12:44:55,840 INFO MfeEpeKeyServerService Sending key to server
2020-05-19 12:44:56,199 INFO MfeEpeKeyServerService Sending key to server
2020-05-19 12:44:59,386 WARNING EpoMaLpcLog Service not available
2020-05-19 12:44:59,418 INFO MfeEpeKeyServerService keyServiceHandler: handling ePO response: KSSetMachineKeyAck
2020-05-19 12:44:59,418 INFO StatusService System key was backed up

 

If this was already done, then may be someone deleted the machine from the EPO after this or the client machine was migrated from one to another EPO.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
0 Kudos
Reply
jacek
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 5
‎06-08-2020 12:06 AM

Re: Client System with DE but no Recovery Key

There is also possible to export recovery information (XML file) by keycheck. Even a system was deleted from ePO, recovery key is still in a database.
The only one situation I can imagine, where a recovery key can be lost is restore the ePO server (ePO database) from backup or snapshot.

If affected system is still managed by ePO, you can assign a policy to the system, forcing decrypt all disk. When it will finish, you can run uninstall task for DE. Reinstalling DE and encrypting system again, will send a new key to ePO.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC