Video Screencast Help

Whole Disk Recovery Token not changing

Created: 02 Sep 2013 • Updated: 11 Sep 2013 | 6 comments
This issue has been solved. See solution.

We have PGP Universal server running and I've noticed that the Whole Disk Recovery Token, which I thought was supposed to be a one time key, never changes.  It appears to stay the same every day.

Is this not suppose to update and change each day?  Hence the term "one time recovery key" or is this not how the Whole Disk Recovery Token works on PGP?

Operating Systems:

Comments 6 CommentsJump to latest comment

Alex_CST's picture

It will only change when the laptop in question nexts checks into the universal server.  It will then generate a new token.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

stevenuk's picture

That's the problem, all the laptops contact the server everyday when it checks to see if their Windows password has changed or not.  So assume there is a setting somewhere we've missed?

dfinkelstein's picture

Whole Disk Recovery Tokens are generated on the client systems, and then uploaded to SEMS.

The WDRT will only change if it has been used to gain access to the client system.  In that case, the client will generate a new one, and upload it to SEMS.  If the WDRT has not been used to boot the system, it will not be changed.

--------

David Finkelstein

Symantec R&D

SOLUTION
stevenuk's picture

Are there any settings for the WDRT?  Because this the issue, even when we do as you mention above, using a WDRT one time, it never appears to update the server, so you can end up using the same one the next day if needed.  All keys sync so new passwords work, but WDRT doesn't appear to change.

dfinkelstein's picture

The old WDRT will still work until the client has an opportunity to upload a new one.  If you are logging in with the WDRT, and the client is syncing with the server (logs show policy is download and other log messages are uploaded), yet the WDRT is not changing, then that's a problem that you will probably need to contact Support to work through.

--------

David Finkelstein

Symantec R&D

stevenuk's picture

Just double checked on way it's suppose to work and all does appear fine now.  I guess sometimes the syncing isn't working properly so the key wasn't changing.  But had to do one this morning and checked and after a force sync, it did actually change.