This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Encryption problems Key with Notebook DELL VOSTRO

Good morning,


I would like to start by saying that I have always favored all the programs created by Sophos, I am also a Certified Technician and my company is a Partner. But we are facing a big problem, a big disservice, we are already followed by Sophos Technical Support but I can't give us any information. We purchased the Sophos Central Encryption module (it is not the first time I have installed this module, I know it quite well), I have installed about twenty HP Notebooks (all successful) and about thirty DELL VOSTRO Notebooks of various models. Five DELL VOSTRO Notebooks have given me problems with the Recovery Key, let me explain better... once the module has been installed from the Sophos Dashboard I get the message

"Device Encryption
Boot Volume(C:)OS (C:) [6977da1f-0af6-4596-ae3b-75bceb0c5fad]
Encryption StatusUnencrypted - Software-based encryption (XTS-AES 256-bit)
Authentication type TPM only",

and in the Central dashboard I see "release of the Bitlocker recovery key"......ok......when the Notebook is restarted the DELL VOSTRO asks me for the Bitlocker recovery key , the one released by Sophos is provided and the DELL Self-Diagnosis starts immediately (I discovered that it is enabled by default in the BIOS settings), after a while it restarts and returns to the initial screen where the Bitlocker recovery key is requested again, but this once it doesn't work anymore, because the moment the DELL self-diagnosis started (I remember that it didn't even get to the Window menu) the Bitlocker key was revoked (you can see it right from the Sophos Dashboard) but it never comes back the new key has been released. At this point I find myself completely blocked. I also tried to access through DOS at a low level but the disks are completely encrypted. I would like to find a way to be able to get a new Recovery Key, I don't understand how I managed to contact the Sophos Central Dashboard from the Self Diagnosis stage, but if it has succeeded I expect it can also do the same to provide me with a new key. I await your clarification on how I can resolve this problem, I sincerely hoped that Technical Support would have some immediate resolution to this now routine problem. Thank you, best regards, Dr. Falcone Christian



This thread was automatically locked due to age.
Parents
  • Hi Christian - Sorry to suck eggs but.... Do all laptops have the same BIOS version and config?  A repeated request for a recovery key means that the device has an issue with its key protectors. There needs to be at least two - TPM (or TPM and PIN) AND the recovery key (called a numerical password).  If there's only one listed - it'll prompt every time. Could you please run an admin command prompt on one of these dodgy Dells and type "manage-bde -protectors c: (assuming C is your primary drive) -get". This should list your active key protectors on the device. Cheers

  • Hi, I ran a VBS that Sophos Technical Support sent me, specifically to identify this problem (I've attached the screens of the two PCs). As you can see, there is all the information needed to make you believe that the problem is not present. They explained to me that in these conditions it could be a "metadata" problem and to use third-party software to try to recover the disk data: "repair-bde".
    Ok, I try, but when I insert the 48-digit recovery key it keeps telling me that the key is incorrect. Ok then I want to test it on my PC, which works correctly. Strange case even on my PC it tells me that the key is incorrect. Am I doing something wrong? Is it possible that it doesn't even work on my personal PC that I work on every day? My PC is also a DELL VOSTRO. Thank you for your support. Christian

  • Hi. I’ve been this happen with different Windows versions. If the disk was encrypted with an older/newer version that the OS trying the recovery key, it can fail and say the key isn’t correct when it is. Can you confirm that the OS versions (and therefore Bitlocker versions) are the same? 

Reply Children
No Data