[KB8024] ESET Endpoint Encryption (EEE) Server disaster recovery

Issue

ESET Endpoint Encryption Client and ESET Endpoint Encryption Client Server are separate products from ESET Full Disk Encryption

The article below applies only to the ESET Endpoint Encryption Client or ESET Endpoint Encryption Server and not ESET Full Disk Encryption.

Visit ESET Full Disk Encryption support to view ESET Full Disk Encryption content.

Details

If you lose your ESET Endpoint Encryption Server (EEE Server) due to a natural disaster, hardware failure, or other reason, you can restore the EEE Server and reconnect it with client workstations.

  • If you have a complete backup of your EEE Server, you can restore it from a backup.
  • If you do not have a backup of your EEE Server, check if there are any encrypted granular data on client workstations. If yes, decrypt granular data.

Solution

Restore EEE Server from a backup

  • If you have an up-to-date backup, restore your EEE Server.
  • If you do not have an up-to-date backup, be aware that your backup does not reflect the latest changes, for example, new workstations, teams, groups, and you will lose this information. Also, if your backup does not contain the most recent Encryption Keys, you need to decrypt all granular data that has been encrypted with the missing Encryption Keys on client workstations before adopting them into your new EEE Server.
  • If you lose a workstation in the process of restoring your EEE Server, you can adopt a client back into your EEE Server.

Decrypt granular data on client workstations

Move data from virtual disks and delete empty virtual disks on client workstations

You need to move all data out of any virtual disks and delete empty virtual disks before decrypting granular data. This needs to be done on all client computers where encrypted granular data exists. Failure to do this may result in a permanent loss of data.

If you do not have a backup of your EEE Server or you are missing an Encryption Key from your EEE Server backup, you need to decrypt all granular data on client workstations that have encrypted data with the missing Encryption Key. This means decrypting all files, folders, removable media (such as USB sticks and CDs).

Full Disk Encryption (FDE) protected workstations

If you have workstations that are protected with Full Disk Encryption, this might be a problem if you have lost your EEE Server.

  • If you have the admin username and password required to access the FDE pre-boot authentication screen, you can adopt FDE. You need to use the admin username and password to boot client workstations before adopting them into your new EEE Server to ensure that the details are correct.
  • If you do not have the admin username and password required to access the FDE pre-boot authentication screen, you will not be able to decrypt the workstation. Instead, log in as any user and copy all the data on the workstation which you want to keep onto an external drive. Afterward, reinstall Windows.

Installing EEE Server

Old EEE Server must no longer be functional

Ensure that your old EEE Server is no longer working. Failure to do this will cause synchronization problems with your client workstations.

Ensure that your old EEE Server is no longer working, then install the ESET Endpoint Encryption Server.

Adopt client workstations

If you have client workstations (even if they are encrypted by FDE) that have ESET Endpoint Protection activated on them, adopt these into your new EEE Server.

This article applies to
Product
OS
Issue
Related articles
Decrypt a memory stick or external disk using ESET Endpoint Encryption
Encrypt a memory stick or external disk using ESET Endpoint Encryption
Install the ESET Endpoint Encryption Server
Last Updated: Oct 13, 2023

Additional resources

User Guides

ESET Forum

YouTube videos

Support News Customer Advisories ESET Status Portal Contact ESET Technical Support

Existing customer?

Chat with ESET AI Advisor for support