Skip to main content

Enterprise Server Disaster Recovery - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Enterprise Server Disaster Recovery

Authors list

If you lose your Enterprise Server due to a natural disaster, hardware failure or other reason, this article will help you get your Enterprise Server set back up and running with your client workstations.

 

Assess the situation

In the event of losing your Enterprise Server you will first need to establish which state you are in. If you have a complete backup of your Enterprise Server, then you can head to the 'Restore from a backup' section. This is the quickest way to get your Enterprise Server up and running again.

If you do not have a backup of your Enterprise Server, you will need to check with your users to see if they have encrypted any granular data. If they have, you will need to head to the 'Decrypt granular data' section.

 

Restore from a backup

The quickest solution will always be to restore from an up-to-date backup. This will save you from spending time on decrypting data, installing Enterprise Server from scratch and issuing new encryption keys to encrypt granular data again.

If you have an up-to-date backup then you can restore your Enterprise Server by following the restore section of this article:

KB296 - Backing up the Enterprise Server, or migrating an Enterprise Server to a new host

However, if you do not have an up-to-date backup, there are certain things that you need to be aware of. If your backup does not reflect newer changes, such as new workstations, teams, groups etc. you will lose this information. 

If your backup does not contain the most recent Encryption Keys, then you will need to decrypt all granular data that has been encrypted with the missing Keys on client machines before adopting them into your new Enterprise Server. To decrypt this data please read 'Decrypt granular data' below.

If you lose a workstation in the process of restoring your Enterprise Server, you can follow this article to adopt a client back into your Enterprise Server:

KB368 - How to adopt a deleted Workstation (managed)

 

Decrypt granular data

If you do not have a backup of your Enterprise Server or you are missing an encryption key from your Enterprise Server backup, then you will need to decrypt all granular data on client workstations that have encrypted data with the missing Encryption Key. This means decrypting all files, folders, removable media (such as USB sticks and CDs). You will also need to move all data out of any Virtual Disks and delete the empty Virtual Disk. This will need to be carried out on all client PCs where encrypted granular data exists. Failure to do this may result in permanent loss of data.

KB324 - How do I decrypt a memory stick or external disk? 

KB317 - How do I encrypt or decrypt individual files?

KB19 - How do I encrypt or decrypt folders?

 

Full Disk Encryption (FDE)

You may have workstations that are protected with Full Disk Encryption. This can be a problem to resolve if you have lost your Enterprise Server. If you have the necessary Admin username and password required to access the FDE pre-boot authentication screen, then you can simply adopt FDE by following the below section. It is important that you use the Admin username and password to boot the client workstations before adopting them into your new Enterprise Server to ensure that the details are indeed correct.

However, if you do not have the Admin username and password required to access the FDE pre-boot authentication screen then you will need to decrypt each workstation by following this article here (KB211 - How do I decrypt a standalone system that is unable to start Windows?) and use the normal username and password used to access the workstation.

 

Install Enterprise Server 

When you are ready to install your copy of Enterprise Server again you will need to follow this article here:

KB119 - How do I set up my Enterprise Server?

However, only do this if you are certain that your old Enterprise Server is no longer working. Failure to do this will cause synchrnoization problems with your client workstations.

 

Adopt Clients

If you have client workstations (even if they are full disk encrypted) that have DESlock+ activated on them, then you will need to adopt these into your new Enterprise Server. To do this please follow this article:

KB368 - How to adopt a deleted Workstation (managed)

Add a comment

Please log in or register to submit a comment.

Need a password reminder?