Jump to content

Full Disk Encryption - Recovery Password has reached its usage limit


NobelDwarf

Recommended Posts

Hi All,

I currently have a laptop encrypted with Full Disk Encryption and the user has locked the account out but when I tried to go to password recovery it reported "Your recovery password has reached its usage limit. Please contact your Administrator" It doesn't allow you to type any passwords in just the popup and when you click ok it just takes you back to the menu.

What is the way to fix this issue or is it just to unencrypt the disk?

image.thumb.png.fc9b853a3dfb6d66ae7a69168c064cf5.png

Thanks

Link to comment
Share on other sites

Just now, Kstainton said:

Hi @NobelDwarf,

I am afraid with this being the case, your only option is to follow this Online Help page https://help.eset.com/efde/en-US/recovery_data.html in order to decrypt.

Thank you.

Hi @Kstainton,

 

Thanks for the update but if the password has reached its limit why did it, not generate a new one like the other laptops we have on the network?

As they rest will allow 5 usages then issue a new code.

 

Thanks.

Link to comment
Share on other sites

  • ESET Staff

I suspect the policy applied to this machine didn't have the "Automatically generate new recovery password" set before FDE started (As this policy setting cannot be modified after FDE has started). Or it just hasn't been able to reach the EP Console to update the Recovery Password.

Thank you.

Link to comment
Share on other sites

4 minutes ago, Kstainton said:

I suspect the policy applied to this machine didn't have the "Automatically generate new recovery password" set before FDE started (As this policy setting cannot be modified after FDE has started). Or it just hasn't been able to reach the EP Console to update the Recovery Password.

Thank you.

All the machines have the same policy that I have attached screenshots below, is there a way to make sure that it doesn't happen again? As far as I am aware it's set to allow 5 recovery password usage then set a new one.

It has worked before on multiple machines which all use the one policy across the whole network of 88 machines. This is the first time seeing this error and have reset the passwords before after the index code went from all 0s to 002.

 

image.png.b8562cba50edcecb49ad4a2afaab5b17.png

 

image.thumb.png.40a53e28d0602d60930fe51b11194a51.png

Link to comment
Share on other sites

  • ESET Staff

Once you decrypt this machine and re-encrypt it with the policy you have shown, it should be take on the policy you have shown and thus be using "Automatically generate new recovery password" as enabled. I haven't seen an issue before whereby it is set before FDE and not automatically regenerated unless it hasn't been able to communicate with the ESET Protect Console.

Thank you.

Link to comment
Share on other sites

  • 2 months later...
On 3/1/2024 at 9:13 PM, Kstainton said:

Once you decrypt this machine and re-encrypt it with the policy you have shown, it should be take on the policy you have shown and thus be using "Automatically generate new recovery password" as enabled. I haven't seen an issue before whereby it is set before FDE and not automatically regenerated unless it hasn't been able to communicate with the ESET Protect Console.

Thank you.

Hi @Kstainton ,

How can we know the root cause on this ? My customer has the same issue but he said he just use the Recover password one time . Now he have to decrpyt and want to know the root cause ?

Thanks,

Link to comment
Share on other sites

  • ESET Staff

Hi @eornate,

That would suggest that they have the Policy set for "Maximum Uses" as 1 or if it is default (5) then they have actually used the Recovery Password 5 times.

Thank you,

Kieran

Link to comment
Share on other sites

2 hours ago, Kstainton said:

That would suggest that they have the Policy set for "Maximum Uses" as 1 or if it is default (5) then they have actually used the Recovery Password 5 times.

Thanks your response.

I also suggested that but they said they have no policy, just use default when deploy EFD and they conform they just used only  1 time.

Link to comment
Share on other sites

  • ESET Staff
Posted (edited)

I would advise reporting this issue via https://www.eset.com/int/support/contact/ with these logs: https://support.eset.com/en/kb7123-eset-encryption-diagnostics-tool as we have not had this reported in the past, nor have we encountered this during any internal usage or testing of EFDE.

However, I would suggest that they setup a Workstation with the default policy with EFDE (Which they likely have done since decrypting it after they were unable to use the Recovery Password) and simply attempt to use the Recovery Password 5 times to see if they can replicate this issue now.

Thank you.

Edited by Kstainton
Link to comment
Share on other sites

2 minutes ago, Kstainton said:

I would advise reporting this issue via https://www.eset.com/int/support/contact/ with these logs: https://support.eset.com/en/kb7123-eset-encryption-diagnostics-tool as we have not had this reported in the past, nor have we encountered this during any internal usage or testing of EFDE.

However, I would suggest that they setup a Workstation with the default policy with EFDE (Which they likely have done since decrypting it after they were unable to use the Recovery Password) and simply attempt to use the Recovery Password 5 times to see if they can replicate this issue now.

Thank you.

Thanks your reply, i will inform customer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...