heavyhaze Absent Member.
Absent Member.
1900 views

Emergency Recovery Information List - ZCC Question

We are just implementing FDE in our environment and I am confused about the Emergency Recovery Information List on the Emergency Recovery tab.

How many listings should there be per device? Some of the laptops we have encrypted have 5-10 listings in just a couple of months... Could this be because the laptops might be unencrypting themselves and then re-encrypting themselves thus generating a new eri file? Or do they regularly generate new files?

Thanks,

heavyhaze
0 Likes
6 Replies
shaunpond Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

0 Likes
heavyhaze Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

We are at 11.2.1 MU1 and currently in process of upgrading to 11.2.3a on the clients. The servers are at 11.2.3a MU1.

spond;2272742 wrote:
Heavyhaze,

Novell Doc: ZENworks 11 SP2 Full Disk Encryption Emergency Recovery Reference - Creation of ERI Files
What version of ZCM are you at?

--

Shaun Pond
0 Likes
shaunpond Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

Heavyhaze,

then you're heading in the right direction - there were issues before.
Wait until you've upgraded then take another look 🙂

--

Shaun Pond


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

There is a nasty bug that will cause the drives to decrypt and then
re-encrypt randomly. That may be why you are seeing the multiple ER info.
I have had an ongoing SR on it that started back in Sept 2012. It has been
finally fixed in 11.2.4 as I have been told. Was told it has to do with the
device losing track of the FDE policy and thinking it no longer applies to
the device.

I put our rollout of FDE on hold a long time ago due to the bug. You may
want to wait until 11.2.4 comes out supposedly sometime next month. I was
also told the fix will not be back ported to older versions due to the
number of things the fix touches.

It causes a big mess when a drive decides to just decrypt randomly. Machine
shuts down without saving anything and the depending on the drive size it
can take 8 hours or more of a user dealing with a slow computer until
everything is back to where it was. I have had devices that have gone
through 30+ cycles of the decrypt/re-encrypt, no fun for the end user.

Jim Koerner

"heavyhaze" wrote in message
news:heavyhaze.5yml3c@no-mx.forums.novell.com...


We are just implementing FDE in our environment and I am confused about
the Emergency Recovery Information List on the Emergency Recovery tab.

How many listings should there be per device? Some of the laptops we
have encrypted have 5-10 listings in just a couple of months... Could
this be because the laptops might be unencrypting themselves and then
re-encrypting themselves thus generating a new eri file? Or do they
regularly generate new files?

Thanks,

heavyhaze


--
heavyhaze
------------------------------------------------------------------------
heavyhaze's Profile: https://forums.novell.com/member.php?userid=61187
View this thread: https://forums.novell.com/showthread.php?t=468256

0 Likes
heavyhaze Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

Thanks for the heads up. We have already experienced the pain of a few high level staff and the encryption/decryption issue. I hope they have it more bullet proof in the 11.2.4. I need to be able to assure our security manager that once encrypted a device will stay encrypted unless we manually intervene and tell it to unencrypt.

heavyhaze

Jim Koerner;2272930 wrote:
There is a nasty bug that will cause the drives to decrypt and then
re-encrypt randomly. That may be why you are seeing the multiple ER info.
I have had an ongoing SR on it that started back in Sept 2012. It has been
finally fixed in 11.2.4 as I have been told. Was told it has to do with the
device losing track of the FDE policy and thinking it no longer applies to
the device.

I put our rollout of FDE on hold a long time ago due to the bug. You may
want to wait until 11.2.4 comes out supposedly sometime next month. I was
also told the fix will not be back ported to older versions due to the
number of things the fix touches.

It causes a big mess when a drive decides to just decrypt randomly. Machine
shuts down without saving anything and the depending on the drive size it
can take 8 hours or more of a user dealing with a slow computer until
everything is back to where it was. I have had devices that have gone
through 30+ cycles of the decrypt/re-encrypt, no fun for the end user.

Jim Koerner

"heavyhaze" wrote in message
news:heavyhaze.5yml3c@no-mx.forums.novell.com...


We are just implementing FDE in our environment and I am confused about
the Emergency Recovery Information List on the Emergency Recovery tab.

How many listings should there be per device? Some of the laptops we
have encrypted have 5-10 listings in just a couple of months... Could
this be because the laptops might be unencrypting themselves and then
re-encrypting themselves thus generating a new eri file? Or do they
regularly generate new files?

Thanks,

heavyhaze


--
heavyhaze
------------------------------------------------------------------------
heavyhaze's Profile: https://forums.novell.com/member.php?userid=61187
View this thread: https://forums.novell.com/showthread.php?t=468256
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Emergency Recovery Information List - ZCC Question

yep we had a few nasty ones with sales people at a client doing a
presentation and out of the blue the computer decides it is a good time to
decrypt.....

Jim Koerner

"heavyhaze" wrote in message
news:heavyhaze.5yqd7d@no-mx.forums.novell.com...


Thanks for the heads up. We have already experienced the pain of a few
high level staff and the encryption/decryption issue. I hope they have
it more bullet proof in the 11.2.4. I need to be able to assure our
security manager that once encrypted a device will stay encrypted unless
we manually intervene and tell it to unencrypt.

heavyhaze

Jim Koerner;2272930 Wrote:
> There is a nasty bug that will cause the drives to decrypt and then
> re-encrypt randomly. That may be why you are seeing the multiple ER
> info.
> I have had an ongoing SR on it that started back in Sept 2012. It has
> been
> finally fixed in 11.2.4 as I have been told. Was told it has to do
> with the
> device losing track of the FDE policy and thinking it no longer applies
> to
> the device.
>
> I put our rollout of FDE on hold a long time ago due to the bug. You
> may
> want to wait until 11.2.4 comes out supposedly sometime next month. I
> was
> also told the fix will not be back ported to older versions due to the
> number of things the fix touches.
>
> It causes a big mess when a drive decides to just decrypt randomly.
> Machine
> shuts down without saving anything and the depending on the drive size
> it
> can take 8 hours or more of a user dealing with a slow computer until
> everything is back to where it was. I have had devices that have gone
> through 30+ cycles of the decrypt/re-encrypt, no fun for the end user.
>
> Jim Koerner
>
> "heavyhaze" wrote in message
> news:heavyhaze.5yml3c@no-mx.forums.novell.com...
>
>
> We are just implementing FDE in our environment and I am confused
> about
> the Emergency Recovery Information List on the Emergency Recovery tab.
>
> How many listings should there be per device? Some of the laptops we
> have encrypted have 5-10 listings in just a couple of months... Could
> this be because the laptops might be unencrypting themselves and then
> re-encrypting themselves thus generating a new eri file? Or do they
> regularly generate new files?
>
> Thanks,
>
> heavyhaze
>
>
> --
> heavyhaze
> ------------------------------------------------------------------------
> heavyhaze's Profile: https://forums.novell.com/member.php?userid=61187
> View this thread: https://forums.novell.com/showthread.php?t=468256



--
heavyhaze
------------------------------------------------------------------------
heavyhaze's Profile: https://forums.novell.com/member.php?userid=61187
View this thread: https://forums.novell.com/showthread.php?t=468256

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.