Attempting to recover users using the Symantec Endpoint Encryption Management Server (SEEMS) Helpdesk Recovery console may result in no values being display, even though the data is in the database and is known to exist.
Observed on Symantec Endpoint Encryption 11.1.x.
FileVault Encryption managed by Symantec Endpoint Encryption Management Server.
Symantec Endpoint Encryption 8.2.1 was previously deployed to the environment using the SEE 8.2.1 native Drive Encryption.
Steps to duplicate:
1. Install a SEE 8.2.1 client on one system, and register, which will send recovery data to the SEEMS.
2. Using the same user, now install SEE 11.1.3 and enable FileVault Encryption, which will send FileVault recovery data to the SEEMS.
3. Attempt to find the recovery data for the user in the SEEMS Help Desk recovery MMC.
Upon entering the username, all the Mac systems that apply should show up in the list to recover.
No systems to recover are displayed as well as no errors indicating a problem.
If the same user has been registered with SEE 8.2.1 as well as SEE 11.1, no information will be displayed in the Recovery Console in the MMC.
Using the SEEMS Web Recovery Console will display all the machines associated with the user, including SEE 8.2.1, however, the systems registered with 8.2.1 will show a blank field for Mac Serial ID. Clicking on these blank entries will result in a spinning circle and will not display any recovery results.
As a workaround, if the 8.2.1 machines no longer exist, move them to the deleted computers from the SEEMS console, and these entries will now show up in both the SEEMS MMC Recovery Console, as well as the SEEMS Web Recovery Console.
If the SEE 8.2.1 clients still exist, use the appropriate recovery option in the Web Recovery Console, as SEE 8.2.1 does not support FileVault Recovery.
Symantec Development is currently reviewing this issue.
Subscribing will provide email updates when this Article is updated. Login is required.