Symantec Endpoint Encryption Help Desk Recovery (Connected Recovery - SEE Client connected to the SEE Management Server)
search cancel

Symantec Endpoint Encryption Help Desk Recovery (Connected Recovery - SEE Client connected to the SEE Management Server)

book

Article ID: 258513

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Endpoint Encryption Drive Encryption permits managed clients connected to the Symantec Endpoint Encryption Management Server (SEE Management Server) to encrypt hard drives.  This means that you can create a SEE Client from the SEE Management Server and once the machine checks in with the server, a Recovery Key can then be used.  This is the scenario where the SEE Client was able to communicate with the SEE Management at least once.  

This article will cover the general flow of the Help Desk Recovery process that is typically seen.

 

For "disconnected" or "Connectionless" recovery, see the following article:

162352 - Symantec Endpoint Encryption Help Desk Recovery (Challenge Key Recovery - Connectionless Recovery)

Resolution

If the user forgets their pre-boot passphrase and presses F4 to enter a recovery token, they will see the Help Desk Recovery screen.

The typical recovery screen for systems that have connected will display the Computer Name, and a Sequence Number that can be provided to the SEE Helpdesk Admin. 

The Helpdesk Admin will provide a Recovery Key that is entered on this screen to allow the system to boot up.


Client Side Experience

If a client has connected to the SEE Management Server at least one time, a Computer Name and Sequence number is all that is needed to obtain the recovery key from the SEE Management Server Help Desk Recovery portal. 

To get to this screen, on the main Preboot Screen, Press F4, and then read to the Help Desk Administrator this information.

 

Help Desk Recovery Experience


The administrator will login to the SEE Management Server Web Console:

Note: If you do not have the proper Help Desk Role, this will not work.  For more information on Server Roles, see the following article:

214027 - Symantec Endpoint Encryption Admin Server Roles and Server Roles Report

Next, clicks on the "Help Desk" icon on the left side:

The Help Desk Administrator then enters the information provided by the end user:

If the information provided does not match the records, the following error may be displayed:

Enter the proper information on the screen and try again to display the Recovery Key:

The administrator provides this information to the end user.  The checksum values "AX" are used so the end user knows the proper Recovery Key was entered. 
If the end user receives different checksum values, they should check the entry and enter the proper values.

 The end user will then be able to boot up the system.

 

If you have machines that have been encrypted, but have not yet connected to the SEE Management Server, recovery is still possible.

For more information on "Connectionless Recovery", see the following article:

162352 - Symantec Endpoint Encryption Help Desk Recovery (Challenge Key Recovery - Connectionless Recovery)

 

For additional guidance, reach out to Symantec Encryption Support.

Additional Information

162352 - Symantec Endpoint Encryption Help Desk Recovery (Challenge Key Recovery - Connectionless Recovery)

240649 - Symantec Endpoint Encryption 11.4 Dashboard and Reports

Powered by Wolken Software