I think your question is more how to restore an EPO DB at the moment? I would suggest starting a thread in the EPO group?
You should still be able to get to the key though in the current production DB - keys are not deleted when the machine is deleted. You can usually use the API and keycheckvalue to export them.
Thanks SaveBoot for great advice, I did not used it before.
I follow the commad scripting but without success, received error -12. Suppose no keys available for this particular computer.
The reason could be as our ePO server synchronize client status with Active Directory, any new computer in AD is in automate way created on ePO.
When I deleted computer from ePO DB, after next sync with AD, it was recreated again as 'unmanaged' and empty all records for this name.
I think only way to recover could be old DB restore.
Look forward for your advice.
As Safeboot said - even if the object (node) is deleted from ePO the key itself never gets deleted (unless you chose so - 'Destroy All Recovery Information') so via scripting you should be able to retrieve the file. Having said this - restoring the old DB is another option.
Thanks Reiner for reply.
I understand what Saveboot wrote about key, i've checked it on other machine, deleted from ePO DB and it works as he described.
I use ePO.API.Explore tool and in this case I received same error:
Simmilar error I received if try to export key for computer without encryption.
Any ideas how to read this key different way?
It would seem the key is not in the backup DB either - are you SURE you are looking for the right machine?
Since keys are never deleted unless you deliberately destroy them, there's no reason it wouldn't exist in the live db and backup.
Can you explain how the key got destroyed? Perhaps you're simply looking for the wrong machine name, or the machine was in fact registered to some other EPO server?
You are looking for the keycheck value as reported by the machine itself yes?
Yes, I’m sure I’m looking for right computer name.
Let me explain more this situation.
Encrypted disk in laptop failed. It was sent to external company to repair. After few months it back working but disk cannot be access.
In the meantime computer was deleted from ePO, but without ‘destroy all data’ option, just machine data. Encryption keys should stay in DB.
ePO server is synchronized with AD, next sync task recreate computer account with ‘unmanaged’ status.
My initial question was to possible look into DB backup which was done before machine account clean-up and recover encryption key for this machine.
Well the keys are NEVER deleted automatically in 6.1.3 , so either you're using the wrong information to find the key, someone destroyed the recovery information, or the key never existed. Use the keycheck value, not the computer name - that will get you the exact key.
Of course, if this was a 6.0 machine it's quite possible the key was deleted - that was the design behaviour of that version.
re using the backup, it's not something I am aware of but may be possible - you'd need to ask your Platinum support person for help I guess. Usually people just mount their backup and read it out.
This machine was encrypted with version 6.1.2, so do not if it stick to what you mentioned about version 6.0.
As you suggest, i can use EETEch tool to read keycheck and then look into DB to recover keys. Am I right?
the keycheck value is what you need to be using to search for the key - the machine could have been renamed at any point.