cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

McAfee FRP says "key not available" when using User Personal Keys

We are currently working out our new protection stack for Windows 10 which consists of the following

- ENS 10.5.3 (Threat Prevention & Firewall)

- Management of Native Encryption 4.1.2 (to manage Bitlocker)

- DLP 11 HF 130 (to manage who can use an USB drive on their PC/laptop)

- McAfee Agent 5.0.6 (how would it work otherwise )

Everything above is configured perfect and works without a problem.

Because MNE does not support Bitlocker To Go (yet), we try to implement File & Removable Media Protection 5.0.4 to encrypt our USB sticks.

Here is where we got some difficulties, we want to work with User Personal Keys so that every USB is encrypted personally and that the encrypted stick is unlocked automatically when inserted into a pc where the user is logged in.

Problem 1:

We succeed in creating a UPK for the user, but our question is which authentication type should we pick (OS or password) for the thing that we want to use.

Problem 2:

We made a removable media policy where we chose password and UPK as authentication method, but when we insert an USB stick and want to encrypt it, I get the message "key not available" and I can't continue to initialize the stick. Why is it giving this error? If I use a regular encryption key it works without a problem, but we don't want this as we have to create a policy per user which is time consuming and prone to mistakes.

Is UPK perhaps incompatible with one of our other products in the security stack?

3 Replies
pcoates
Level 10
Report Inappropriate Content
Message 2 of 4

Re: McAfee FRP says "key not available" when using User Personal Keys

I'm having the same issue right now. I've just tried several different things to try and get it working. If I look at the Status Report in available keys it has my default recovery key and the Personal Key for my user, but when trying to initialize media it shows key not available.

If I change my Removable Media policy to point to my personal key instead of "User Personal Key" then it lets me use that, but only if I had converted it to a regular key as well. I also did a force os token authentication for first time login since we upgrade from 4 to 5 and it was suggested in the guide. 

McAfee ePO administrator has the flexibility to mandate that the user authenticates using the Active Directory user name and password for the first time that the OS token is used on a given Windows system. This can be configured from the OS Token tab of the Authentication policy.

If you had any luck feel free to share! We'll probably open a ticket if we can't figure it out.

pcoates
Level 10
Report Inappropriate Content
Message 3 of 4

Re: McAfee FRP says "key not available" when using User Personal Keys

So I may have spoken to soon, after enabling the "Require authentication using Active Directory credentials at first logon" option in OS token in the authentication policy and did another reboot it seems to be loading the UPK key properly. Now I also was implementing a disable policy for the McAfee Full Disk Encryption, so I'm unsure if that had an impact as well. I will test with another system tomorrow to confirm.

Update:

We deployed to a couple test systems, making sure that the UPK key did not have regular key selected, and also we re-did the assign UPK for out test users and selected just OS for the authentication method. This won't show up in the "show" selection in the keys menu, but if you do an audit report it will show you that it's an OS Auth mode.

Re: McAfee FRP says "key not available" when using User Personal Keys

what is the solution?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community