How to obtain the DAT file needed to run "Recover /B" with the SEE Recovery Tools.
search cancel

How to obtain the DAT file needed to run "Recover /B" with the SEE Recovery Tools.


Article ID: 178096


Updated On:


Endpoint Encryption


You wish to recover an encrypted system with the Recover /B option.

You wish to recover an encrypted system, and the recover /A and /D options did not work or are not accessible. You need to run "recover /B", but are unsure how to proceed.


If Recover /D does not work or is not available, it may be because a local copy of an encrypted cryptographic key specific to the system cannot be located.


***NOTE**** Both Recover /D and /B attempt to decrypt the disk. The only difference is that /B allows the use of a copy of a system-specific key that has been backed up on the Management Server. If you have already run /D successfully, but the system is still not accessible for some reason, do NOT run /B as it will attempt to decrypt the volume again.

The Policy Administrator creates the DAT file by exporting a Client Computer’s data from the database. For this reason, Recover /B is not available for computers that do not check in with the SEE Management Server.
  1. In the SEE Management Server Console, browse to "Symantec Endpoint Encryption Users and Computers" > "Active Directory Computers" > Forest > Domain > Computers.
  2. Select the affected computer.
  3. Click on "Recover".
  4. Enter the SEE Management password.
  5. Enter the Recover Access password that will apply to the file when you create it.
  6. Save the DAT file on a memory stick and copy to the affected system.
  7. Use the Recovery CD to boot the affected system.
  8. Select the option button for recover /B. Browse to the DAT file. You will be prompted for the Recovery Password associated with the DAT file.

SEE-FD Client Administrator Guide P. 27-28.