NobelDwarf 2 Posted March 1 Share Posted March 1 Hi All, I currently have a laptop encrypted with Full Disk Encryption and the user has locked the account out but when I tried to go to password recovery it reported "Your recovery password has reached its usage limit. Please contact your Administrator" It doesn't allow you to type any passwords in just the popup and when you click ok it just takes you back to the menu. What is the way to fix this issue or is it just to unencrypt the disk? Thanks Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 35 Posted March 1 ESET Staff Share Posted March 1 Hi @NobelDwarf, I am afraid with this being the case, your only option is to follow this Online Help page https://help.eset.com/efde/en-US/recovery_data.html in order to decrypt. Thank you. Link to comment Share on other sites More sharing options...
NobelDwarf 2 Posted March 1 Author Share Posted March 1 Just now, Kstainton said: Hi @NobelDwarf, I am afraid with this being the case, your only option is to follow this Online Help page https://help.eset.com/efde/en-US/recovery_data.html in order to decrypt. Thank you. Hi @Kstainton, Thanks for the update but if the password has reached its limit why did it, not generate a new one like the other laptops we have on the network? As they rest will allow 5 usages then issue a new code. Thanks. Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 35 Posted March 1 ESET Staff Share Posted March 1 I suspect the policy applied to this machine didn't have the "Automatically generate new recovery password" set before FDE started (As this policy setting cannot be modified after FDE has started). Or it just hasn't been able to reach the EP Console to update the Recovery Password. Thank you. Link to comment Share on other sites More sharing options...
NobelDwarf 2 Posted March 1 Author Share Posted March 1 4 minutes ago, Kstainton said: I suspect the policy applied to this machine didn't have the "Automatically generate new recovery password" set before FDE started (As this policy setting cannot be modified after FDE has started). Or it just hasn't been able to reach the EP Console to update the Recovery Password. Thank you. All the machines have the same policy that I have attached screenshots below, is there a way to make sure that it doesn't happen again? As far as I am aware it's set to allow 5 recovery password usage then set a new one. It has worked before on multiple machines which all use the one policy across the whole network of 88 machines. This is the first time seeing this error and have reset the passwords before after the index code went from all 0s to 002. Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 35 Posted March 1 ESET Staff Share Posted March 1 Once you decrypt this machine and re-encrypt it with the policy you have shown, it should be take on the policy you have shown and thus be using "Automatically generate new recovery password" as enabled. I haven't seen an issue before whereby it is set before FDE and not automatically regenerated unless it hasn't been able to communicate with the ESET Protect Console. Thank you. Link to comment Share on other sites More sharing options...
eornate 4 Posted May 7 Share Posted May 7 On 3/1/2024 at 9:13 PM, Kstainton said: Once you decrypt this machine and re-encrypt it with the policy you have shown, it should be take on the policy you have shown and thus be using "Automatically generate new recovery password" as enabled. I haven't seen an issue before whereby it is set before FDE and not automatically regenerated unless it hasn't been able to communicate with the ESET Protect Console. Thank you. Hi @Kstainton , How can we know the root cause on this ? My customer has the same issue but he said he just use the Recover password one time . Now he have to decrpyt and want to know the root cause ? Thanks, Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 35 Posted May 7 ESET Staff Share Posted May 7 Hi @eornate, That would suggest that they have the Policy set for "Maximum Uses" as 1 or if it is default (5) then they have actually used the Recovery Password 5 times. Thank you, Kieran Link to comment Share on other sites More sharing options...
eornate 4 Posted May 7 Share Posted May 7 2 hours ago, Kstainton said: That would suggest that they have the Policy set for "Maximum Uses" as 1 or if it is default (5) then they have actually used the Recovery Password 5 times. Thanks your response. I also suggested that but they said they have no policy, just use default when deploy EFD and they conform they just used only 1 time. Link to comment Share on other sites More sharing options...
ESET Staff Kstainton 35 Posted May 7 ESET Staff Share Posted May 7 (edited) I would advise reporting this issue via https://www.eset.com/int/support/contact/ with these logs: https://support.eset.com/en/kb7123-eset-encryption-diagnostics-tool as we have not had this reported in the past, nor have we encountered this during any internal usage or testing of EFDE. However, I would suggest that they setup a Workstation with the default policy with EFDE (Which they likely have done since decrypting it after they were unable to use the Recovery Password) and simply attempt to use the Recovery Password 5 times to see if they can replicate this issue now. Thank you. Edited May 7 by Kstainton Link to comment Share on other sites More sharing options...
eornate 4 Posted May 7 Share Posted May 7 2 minutes ago, Kstainton said: I would advise reporting this issue via https://www.eset.com/int/support/contact/ with these logs: https://support.eset.com/en/kb7123-eset-encryption-diagnostics-tool as we have not had this reported in the past, nor have we encountered this during any internal usage or testing of EFDE. However, I would suggest that they setup a Workstation with the default policy with EFDE (Which they likely have done since decrypting it after they were unable to use the Recovery Password) and simply attempt to use the Recovery Password 5 times to see if they can replicate this issue now. Thank you. Thanks your reply, i will inform customer. Kstainton 1 Link to comment Share on other sites More sharing options...
Recommended Posts