File Share Encryption

We have PGP Universal server running and I've noticed that the Whole Disk Recovery Token, which I thought was supposed to be a one time key, never changes.  It appears to stay the same every day.

Is this not suppose to update and change each day?  Hence the term "one time recovery key" or is this not how the Whole Disk Recovery Token works on PGP?

It will only change when the laptop in question nexts checks into the universal server.  It will then generate a new token.

That's the problem, all the laptops contact the server everyday when it checks to see if their Windows password has changed or not.  So assume there is a setting somewhere we've missed?

Whole Disk Recovery Tokens are generated on the client systems, and then uploaded to SEMS.

The WDRT will only change if it has been used to gain access to the client system.  In that case, the client will generate a new one, and upload it to SEMS.  If the WDRT has not been used to boot the system, it will not be changed.

Are there any settings for the WDRT?  Because this the issue, even when we do as you mention above, using a WDRT one time, it never appears to update the server, so you can end up using the same one the next day if needed.  All keys sync so new passwords work, but WDRT doesn't appear to change.

The old WDRT will still work until the client has an opportunity to upload a new one.  If you are logging in with the WDRT, and the client is syncing with the server (logs show policy is download and other log messages are uploaded), yet the WDRT is not changing, then that's a problem that you will probably need to contact Support to work through.

Just double checked on way it's suppose to work and all does appear fine now.  I guess sometimes the syncing isn't working properly so the key wasn't changing.  But had to do one this morning and checked and after a force sync, it did actually change.