Symantec Endpoint Encryption Drive Encryption permits managed clients that are disconnected from the Symantec Endpoint Encryption Management Server to encrypt hard drives.
No warning or error messages are displayed to the user.
This is by design.
If the Symantec Endpoint Encryption Management Server is unreachable at the time that a drive is encrypted, the encryption will still take place and pre-boot authentication will be required.
If the user forgets their pre-boot passphrase and presses F4 for a recovery token, they will see the Advanced Help Desk Recovery screen. This screen displays the Computer name, a Sequence Number and a Challenge Key. The Challenge Key comprises 32 characters split into two parts each comprising 16 characters. Each 16 character part is followed by a two character checksum in square brackets. The user provides the Help Desk with the Computer name, Sequence Number and both parts of the Challenge Key:
The Help Desk administrator opens the Help Desk Recovery Program from Symantec Endpoint Encryption Manager and enters the Computer name, Sequence Number and both parts of the Challenge Key.The Help Desk administrator can confirm that they have entered both parts of the Challenge Key correctly by referring to the two character checksums which match what the user sees:
The Help Desk administrator is then provided with a Response Key that they give to the user. There is a two character checksum associated with the Response Key:
The user enters the Response Key and can confirm that it has been entered correctly using the two character checksum. The machine can then authenticate to pre-boot: