Technical support

Knowledgebase: Maintenance
ESET Endpoint Encryption Server Disaster Recovery
Article ID: KB374 email a link to this article

If you lose your ESET Endpoint Encryption Server (EEE Server) due to a natural disaster, hardware failure or other reason, this article will help you get your EEE Server set back up and running with your client workstations.


Assess the situation

In the event of losing your EEE Server you will first need to establish which state you are in. If you have a complete backup of your EEE Server, then you can head to the 'Restore from a backup' section. This is the quickest way to get your EEE Server up and running again.

If you do not have a backup of your EEE Server, you will need to check with your users to see if they have encrypted any granular data. If they have, you will need to head to the 'Decrypt granular data' section.


Restore from a backup

The quickest solution will always be to restore from an up-to-date backup. This will save you from spending time on decrypting data, installing EEE Server from scratch and issuing new encryption keys to encrypt granular data again.

If you have an up-to-date backup then you can restore your EEE Server by following the restore section of this article:

KB296 - How do I Migrate my Enterprise Server (v2.6.1 - v2.9.3)

KB492 - How do I Backup or Migrate my Enterprise Server (v2.10.10 and later)

However, if you do not have an up-to-date backup, there are certain things that you need to be aware of. If your backup does not reflect newer changes, such as new workstations, teams, groups etc. you will lose this information. 

If your backup does not contain the most recent Encryption Keys, then you will need to decrypt all granular data that has been encrypted with the missing Keys on client machines before adopting them into your new EEE Server. To decrypt this data please read 'Decrypt granular data' below.

If you lose a workstation in the process of restoring your EEE Server, you can follow this article to adopt a client back into your EEE Server:

KB368 - How to adopt a deleted Workstation (managed)


Decrypt granular data

If you do not have a backup of your EEE Server or you are missing an encryption key from your EEE Server backup, then you will need to decrypt all granular data on client workstations that have encrypted data with the missing Encryption Key. This means decrypting all files, folders, removable media (such as USB sticks and CDs). You will also need to move all data out of any Virtual Disks and delete the empty Virtual Disk. This will need to be carried out on all client PCs where encrypted granular data exists. Failure to do this may result in permanent loss of data.

KB324 - How do I decrypt a memory stick or external disk? 

KB317 - How do I encrypt or decrypt individual files?

KB19 - How do I encrypt or decrypt folders?


Full Disk Encryption (FDE)

You may have workstations that are protected with Full Disk Encryption. This can be a problem to resolve if you have lost your EEE Server. If you have the necessary Admin username and password required to access the FDE pre-boot authentication screen, then you can simply adopt FDE by following the below section. It is important that you use the Admin username and password to boot the client workstations before adopting them into your new EEE Server to ensure that the details are indeed correct.

However, if you do not have the Admin username and password required to access the FDE pre-boot authentication screen then you will not be able to decrypt the workstation. Instead, login as any user and copy all the data on the workstation which you want to keep onto an external drive then reinstall Windows.


Installing the EEE Server 

When you are ready to install your copy of EEE Server again you will need to follow this article here:

KB119 - How do I set up my ESET Endpoint Encryption Server?

However, only do this if you are certain that your old EEE Server is no longer working. Failure to do this will cause synchrnoization problems with your client workstations.


Adopt Clients

If you have client workstations (even if they are full disk encrypted) that have ESET Endpoint Protection activated on them, then you will need to adopt these into your new EEE Server. To do this please follow this article:

KB368 - How to adopt a deleted Workstation (managed)


keywords: disaster, recover, enterprise, server, adopt

We use cookies on our website to enhance your browsing experience. Read more