Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

111

112

113

114

115

116

117

118

119

120

Security Management Server Virtual v10.2.10 AdminHelp

107

encrypted data.

cannot access encrypted

data.

Occasionally, based on policies set, encryption keys cannot be reinitialized on the computer that the

removable media is inserted in. If policy permits, the user can insert the media into any Dell-encrypted

computer where the original user is logged in, to reinitialize the encryption keys. If policy does not permit

this, it must be inserted into the originally encrypting computer, with the originally specified user name.

On rare occasions, when encryption key material is lost, the Encryption client cannot automatically

locate the necessary information. Use the following process to recover encrypted data.

1. Attach the device to a Windows computer that is not running the Encryption client.

2. Copy all folders from the device onto the Windows computer.

3. Use WSScan to determine the DCID of the encrypted data.

4. Follow the process for recovering access to encrypted data on Windows computers. Use the

DCID obtained from WSScan for the RecoveryID.

Enable Federated Key Recovery

If more than one Dell Server is part of a federation, to perform Encryption External Media Recovery

across Dell Servers in the federation, enable federated key recovery:

1. Navigate to <Security Server install dir>\conf\ and open the federatedservers.properties file.

2. Update the server.code property with a new a code, password or passphrase to be shared

across Dell Servers in the federation. Enclose the code, password, or passphrase within a new

CLR() tag, to replace the ENC() tag.

Example: server.code=CLR(mypassword)

3. List all Dell Servers to be federated in the server uris property, delimited by a comma.

Example:

server.uris=https://server1.company.com:8443,https://server2.company.com:8443

4. Save and copy the federatedservers.properties file to all Dell Servers that are part of the

federation.

5. Restart all Security Servers in the federation.

The restart converts the CLR() tag to the encrypted tag, ENC(), in the

federatedservers.properties file.

Recover Data - BitLocker Manager

See the Recovery Guide

for the most up-to-date recovery instructions.

Recover Endpoint

To download encryption keys of a managed or removed endpoint:

NOTE: Select Include Removed Endpoints to display endpoints that were previously removed.

1. In the left pane, click Management > Recover Endpoint.

2. Enter the hostname and click Search.