Issue
- After entering the correct FDE credentials, Windows fails to boot and you cannot log in to Windows
Solution
Obtaining the FDE Recovery Data File
- Select the Workstation you need to decrypt from the EEE Server Workstation list and click Details.
- Click Tools, select FDE Recovery and click Recovery File.
- Type a password into both fields to protect the decryption file and then click Download. This password will be required to start the decryption process later.
Figure 1-3
- Your browser will prompt you to download the generated file. Select a location to save the file.
Using the ESET Encryption Recovery Media Creator
- Insert an empty USB drive into your computer.
- Download the ESET Encryption Recovery Utility.
- Run the utility and click Next to continue.
- Click Win RE USB 32/64 bit.
- Note: For TPM Encrypted systems please use the EFI USB 32 & 64 bit option instead as WIN RE is not compatible with these systems.
- Select the Destination disk for the recovery media and click Next.
- Click EEES Managed.
- Click Browse and locate the FDE Recovery Data File (DLPRecovery_*.dat) file generated earlier.
- Optional: only select additional support files if you have been instructed to by ESET support.
- Click Next.
- Click Start to create the recovery media.
- A format dialog will appear, click Yes to format the USB drive and create the recovery media.
- Allow the utility to complete the creation process.
- Click Finish.
- Safely eject the USB drive.
Decrypting the Workstation
- Insert the ESET Encryption Recovery USB drive and boot the Workstation from the USB.
- If the device has booted correctly, you will see the image below.
- Select the desired language to continue.
- Select the option to Decrypt all encrypted disks (managed recovery file).
- The following warning will be displayed. Select Yes to proceed.
- Type the password you specified previously and press the Enter key.
- Choose from Secure or Performance mode to initiate the decryption process.
- After the computer has been successfully decrypted, press Ok and then Shutdown.
Updating the ESET Endpoint Encryption Server
Decrypting a Managed Workstation outside of Windows will result in an Encryption Discrepancy. This is because the EEE Server thinks the Workstation is encrypted, however the Workstation has been decrypted using the ESET Encryption Recovery utility. To resolve this discrepancy, follow these instructions.
- After you have resolved the issue with the Windows installation, update the server status of the machine so that a new encryption command can be sent.
- After re-synchronizing the EEE Server, you will see a Resolve Encryption Discrepancy button on the top panel. Click Resolve Encryption Discrepancy.
- Read the dialog carefully. Selecting No will ERASE the EEE Server's record of all encryption data for this Workstation. Do not do this if the Workstation is still encrypted.