Drive Encryption recovery Keys can't be exported after the ePolicy Orchestrator server is restored or restarted

Technical Articles ID: KB90940
Last Modified: 2024-01-06 09:02:42 Etc/GMT

Environment

Drive Encryption (DE) 7.2.6, 7.2.5

Problem 1

Recovery keys can't be exported after the ePolicy Orchestrator (ePO) server has been restored or restarted. The exported XML file is not created.

You're unable to export the machine key by System Name or Disk Keycheck.

You're unable to perform machine recovery on clients.

The ePO console displays the following error when trying to export the machine key by System Name or Disk Keycheck:

Unknown error has occurred whilst attempting to export machine key

Problem 2

The client displays the following error when trying to perform a machine recovery:

No machine key available for this system

The orion.log (Debug mode) records one of the following errors after trying to export keys:

DEBUG [http-nio-8443-exec-18] servlet.ControllerServlet - Starting new doGet request: /EEADMIN_1000/ExportMachineKey.do
DEBUG [http-nio-8443-exec-18] servlet.ControllerServlet - Validating action: ExportMachineKey.do
DEBUG [http-nio-8443-exec-18] servlet.ControllerServlet - Executing action: ExportMachineKey.do
ERROR [http-nio-8443-exec-18] command.ExportMachineKey - org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.

OR

ERROR [http-nio-8443-exec-22] command.ExportMachineKey - com.mcafee.keyserver.exception.KeyserverException: javax.crypto.BadPaddingException: unknown block type

The orion.log without debug enabled records the following:

ERROR [http-nio-8443-exec-57] ui.Recovery - java.lang.Exception: Challenge key has additional characters...
3054 at com.mcafee.epe.core.RecoveryData.decodeChallengeCode(RecoveryData.java:107)
3055 at com.mcafee.epe.ui.Recovery.checkChallengeCode(Recovery.java:229)
5659 2018-08-10 14:47:50,642 WARN [http-nio-8443-exec-74] server.DefaultMfsServlet - ETag header not set for /recoveryconsole/
5674 2018-08-10 14:47:51,111 WARN [http-nio-8444-exec-59] server.DefaultMfsServlet - ETag header not set for /recoveryconsole/
8655 2018-08-13 13:06:23,914 ERROR [http-nio-8443-exec-64] ui.Recovery - java.lang.Exception: Challenge key has additional characters...
8657 at com.mcafee.epe.core.RecoveryData.decodeChallengeCode(RecoveryData.java:107)
8658 at com.mcafee.epe.ui.Recovery.checkChallengeCode(Recovery.java:229)
20964 2018-08-27 11:14:12,211 ERROR [http-nio-8443-exec-5] ui.Recovery - java.lang.Exception: CRC failed
20966 at com.mcafee.epe.core.RecoveryData.decodeChallengeCode(RecoveryData.java:115)
20967 at com.mcafee.epe.ui.Recovery.checkChallengeCode(Recovery.java:229)

Solution

This issue is resolved in DE 7.2.7, which is available on the Product Downloads site.

To review other DE known and resolved issues, see KB84502 - Drive Encryption 7.x Known Issues.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Drive Encryption recovery Keys can't be exported after the ePolicy Orchestrator server is restored or restarted

Environment

Problem 1

Problem 2

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Drive Encryption recovery Keys can't be exported after the ePolicy Orchestrator server is restored or restarted

Environment

Problem 1

Problem 2

Solution

Affected Products

Languages:

Choose your region

Title

Title