Reference Guide
Navigate the Dell Server
108
If manual authentication is not successful, the device is disabled according to policy, as follows:
• The policy could be set to wait (cooldown) between unsuccessful manual authentication attempts.
or
• The policy may be set to delete the encryption key material and prevent any access to encrypted
files on this removable storage. In this case, the user will need to contact an Administrator again for
instructions to re-enable access.
Restore Lost Encryption External Media Key Material
If encryption keys have been deleted on the removable storage (because of failed manual authentication,
accidentally deleting a necessary file, a change in policy), the encrypted data will be inaccessible until an
authorized user reinitializes the key material.
A dialog displays, notifying the user that key material is missing. Click Yes to use the self-healing feature of
Encryption External Media or click No.
If the policy blocks all access to
removable storage until
encrypted and the user clicks
No, they cannot access this
removable storage.
If the policy gives read-access
to removable storage until
encrypted and the user clicks
No, they have read-access to
unencrypted data on this
media, but no access to
encrypted data.
If the policy gives full access to
removable storage, whether or
not encrypted and the user
clicks No, they have full access
to unencrypted data on this
media. They cannot access
encrypted data.
Occasionally, based on policies set, encryption keys cannot be reinitialized on the computer that the
removable storage is inserted in. If policy permits, the user can insert the media into any Dell-encrypted
computer where the original user is logged in, to reinitialize the encryption keys. If policy does not permit
this, it must be inserted into the originally encrypting computer, with the originally Dell Encryption user
name.
On rare occasions, when key material is lost, the Encryption client cannot automatically locate the necessary
information. Use the following process to recover encrypted data.
1. Attach the device to a Windows computer that is not running the Encryption client.
2. Copy all folders from the device onto the Windows computer.
3. Use WSScan to determine the DCID of the encrypted data.
4. Follow the process for recovering access to encrypted data on Windows computers. Use the DCID
obtained from WSScan for the RecoveryID.
Enable Federated Key Recovery
If more than one Security Management Server or Security Management Server Virtual is part of a federation,
to perform Encryption External Media Recovery across Dell Servers in the federation, enable federated key
recovery:
1. Navigate to <Security Server install dir>\conf\ and open the federatedservers.properties file.
2. Update the server.code property with a new a code, password or passphrase to be shared across
Dell Servers in the federation. Enclose the code, password, or passphrase within a new CLR() tag, to
replace the ENC() tag.
Example: server.code=CLR(mypassword)
3. List all the servers to be federated in the server uris property, delimited by a comma.