How to identify Sophos Disk Encryption endpoints that are already encrypted but do not have a Recovery Key stored in the database

  • Article ID: 119890
  • Updated: 04 Apr 2014

Encryption Recovery is only available for machines with Sophos Disk Encryption 5.61 installed, that reported the Recovery Key back to the Sophos Management Server. Machines that did not report their Recovery Key to the console are unable to perform an 'Encryption Recovery' (i.e. in case of a forgotten password).

The article explains how to verify if all endpoints that are protected with Sophos Disk Encryption 5.61 already reported their recovery key to the Sophos Management Server and what to do with endpoints that did not report their Recovery Key yet.

Known to apply to the following Sophos product(s) and version(s)

Sophos Disk Encryption 5.61.0
Enterprise Console 5.1.0

What To Do

To identify Sophos Disk Encryption endpoints that are already protected and encrypted with the agent but did not yet report their Key Backup to the Sophos Management Server, 

  1. Download MissingKeyBackups.zip
  2. Extract the archive and run the MissingKeyBackups.sql script against the SOPHOS Database (e.g. SOPHOS521)

The MissingKeyBackups.sql script contains two select statements that will retrieve the number of endpoints with Sophos Disk Encryption 5.61 installed, which do not have a Recovery Key in the database and lists details (ComputerID, Type, State, ComputerName, DomainName, IPAddress) of these endpoints.

Endpoints that are referenced in the MissingKeyBackups.sql script output do not have a Recovery Key in the database. To resolve the situation, make sure that the endpoint can communicate with the Sophos Management Server and reboot the Sophos Disk Encryption endpoint. Endpoints will automatically upload their Recovery Key to the Sophos Management Server once a connection was established successfully.

After rebooting the endpoint, please periodically run MissingKeyBackups.sql again and make sure that the number of endpoints referenced by the script decreases.

Raise a ticket with Sophos Support if the number of endpoints does not decrease or certain endpoints do not upload their Recovery Key. When opening a support ticket, please refer to this Knowledge Base Article.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments