search cancel

New Whole Disk Recovery Tokens are not created if Encryption Desktop does not connect to Encryption Management Server


Article ID: 228734


Updated On:


Encryption Management Server Drive Encryption


A new WDRT (Whole Disk Recovery Token) is only created for an Encryption Desktop client if the client can connect to Encryption Management Server over https and authenticate.

If the client cannot connect over https to the server then the existing WDRT remains active.

A new WDRT is created after a WDRT is used to authenticate at bootguard and the user logs into Windows.

If a client cannot connect to the server, an entry like this appears in the Encryption Desktop log:

Scheduled sync with failed; server is unreachable

If a client can connect and authenticate, an entry like this appears in the Encryption Desktop log:

Completed synchronization with configuration server

In addition, in the administration console of Encryption Management Server under Reporting / Logs / Client log, an entry like this will be seen when a client authenticates:

authenticated internal Encryption Desktop user first.last from []


  • Symantec Encryption Desktop 10.5 and above.
  • Symantec Encryption Management Server 10.5 and above.


Please ensure that Encryption Desktop clients are authenticating to Encryption Management Server if you want new WDRTs to be generated.