There are several reasons why users will be removed from machines. The most common are:
1. The machine was deleted either manually, via a server task, or the group was removed. To verify this, review the ePO Audit Log and see if the machine was deleted.
2. VPN exclusions have not been set (KB52949). This can by verified by looking at the Drive Encryption service log (MfeEpe.log) for the machines LeafNode ID changing and reuploading it's keys to ePO. Search from the bottom of the log for " key " (with spaces on each side of the word).
Because the admin recovery cannot be preformed, it seems more likely that that there is a VPN MAC address issue and KB52949 needs to be applied.
To resolve the issue, you will first want to apply the solution found in KB52949 then boot to DETech Standalone and get the KeyCheck value for the machine. Export the recovery XML and use it to authenticate and emergency boot the system.