Hi nick.vazquez@ce ,
Thank you for choosing McAfee Support Community.
As per below statement when you say the machine is encrypted the key should be backed up in ePO and should be accessible from "Export Recovery Information" when it is missing, the key would have got deleted from DB and there is no way to download or restore it from client to ePO.
Can you let us know was there any migration activity performed for the affected machine?
However, if the endpoint is accessible try to perform wake up agent to resend the key if available in the machine to ePO .
If this failed to recreate the key by pushing a policy to deactivate and re-activate it again so that the new key will be generated and updated in DB.
nick.vazquez@ce Thanks for choosing McAfee community portal
Unfortunately, there is no mechanism to export and import the encryption key OR re-sync. These futures are not available for good security reason.
You may be interested what happened to the key, when the machine is deleted from the system tree the connection to the key stored in DB is lost.
You may look into the audit log within ePO to understand when and who deleted the machine entry.
Hi nick.vazquez@ce ,
If you are still able to login to the client machine, then you can check the MfeEpe.log on the client if the key was backed up to the epo or not,
C:\Program Files\McAfee\Endpoint Encryption Agent\
2020-05-19 12:44:55,824 INFO StatusService Preboot File System (PBFS) creation complete
2020-05-19 12:44:55,824 INFO StatusService Sent system key to Key Server
2020-05-19 12:44:55,840 INFO StatusService Sent recovery key to Key Server
2020-05-19 12:44:55,840 INFO MfeEpeKeyServerService Sending key to server
2020-05-19 12:44:56,199 INFO MfeEpeKeyServerService Sending key to server
2020-05-19 12:44:59,386 WARNING EpoMaLpcLog Service not available
2020-05-19 12:44:59,418 INFO MfeEpeKeyServerService keyServiceHandler: handling ePO response: KSSetMachineKeyAck
2020-05-19 12:44:59,418 INFO StatusService System key was backed up
If this was already done, then may be someone deleted the machine from the EPO after this or the client machine was migrated from one to another EPO.
There is also possible to export recovery information (XML file) by keycheck. Even a system was deleted from ePO, recovery key is still in a database.
The only one situation I can imagine, where a recovery key can be lost is restore the ePO server (ePO database) from backup or snapshot.
If affected system is still managed by ePO, you can assign a policy to the system, forcing decrypt all disk. When it will finish, you can run uninstall task for DE. Reinstalling DE and encrypting system again, will send a new key to ePO.