I have a user who has Endpoint Encryption on their laptop. Unfortunately we had an issue where all the user names (including the admin account) got removed from the laptops Endpoint Encryption, so we have no way of logging passed the Endpoint Encryption boot window.
I have tried the recovery option on the laptop (Administrator/Smartphone Recovery) entering in the client code provided onto our ePO and then choosing machine recovery and entering the codes provided onto the laptop. This sprung up an error EE110001 The recovery response is not valid.
Any ideas how I can get passed this?
Normally I would just wipe the hard drive and start again, but this user is one of our EXCO members and has said they really can not lose data that is saved on the HD (typical I know)
The product versions ect are below:
Endpoint Encryption Agent: 22.214.171.1249
Endpoint Encryption for PC: 126.96.36.1999
ePO OS: Windows Server 2008 R2 SP1
Laptop OS: Win7 SP1 64 bit
There are several reasons why users will be removed from machines. The most common are:
1. The machine was deleted either manually, via a server task, or the group was removed. To verify this, review the ePO Audit Log and see if the machine was deleted.
2. VPN exclusions have not been set (KB52949). This can by verified by looking at the Drive Encryption service log (MfeEpe.log) for the machines LeafNode ID changing and reuploading it's keys to ePO. Search from the bottom of the log for " key " (with spaces on each side of the word).
Because the admin recovery cannot be preformed, it seems more likely that that there is a VPN MAC address issue and KB52949 needs to be applied.
To resolve the issue, you will first want to apply the solution found in KB52949 then boot to DETech Standalone and get the KeyCheck value for the machine. Export the recovery XML and use it to authenticate and emergency boot the system.