missing poa or key information. please check computer's inventory

missing poa or key information. please check computer's inventory

  • Hi - This is normally seen when the client hasn't communicated with the server and passed across all its data?


    Try a re-sync with the client and check the server again


    How many PC's are you seeing this on?

  • In reply to MichaelMcLannahan:

    In Few of the systems 


    The current scenario is user is offsite windows is not booting up he needs the data in the c Drive he is trying to connect the harddisk has external harddisk it is asking for bitlocker recovery key. 

  • In reply to Girish Gowda:

    I'm afraid this doesn't sound good - Is the data backed up anywhere?

  • In reply to MichaelMcLannahan:

    I / We have the same problem.

    Missing POA or key infformation.pleace check computers inventory..


    the inventory shows me everything lie Machinename OS Encryp.type Last server contact last policy etc.


    But i cant recovery the key, SafeGuard show me everytime the same window MISSING POA or Key Informationen.....


    is there any chance to resolve this issuse???


    kind regards

  • In reply to boris tazhicherry:

    Hi Boris,

    In regards to the error you're seeing, you will need to run through the below steps to determine what course of action you will need to take to resolve.

    Error: Missing POA or key information. Please check computer's inventory


    This error during Challenge/Response occurs when the recovery key is not found in the client machine's inventory in the Management Center.
    This can be confirmed by checking the inventory of the client machine in the Management Center to see if it is blank.

    This issue can be caused by a number of different ways:

    • Database Inconsistencies are reported by the Management Center that has not been repaired
    • Duplicate objects of the SafeGuard Client exist in the Database
    • The client machine not communicating back to the server when the encryption key was initially created (e.g. device encryption policies were applied through the client configuration package instead of distributing them to via the SafeGuard Server)
    • The database is restored to a point in time before the key was sent to the server

    What To Do

    The steps to be performed depending on how this issue was caused.

    Database Inconsistencies are reported by the Management Center that has not been repaired

    If database inconsistencies exist, follow the steps in 'KB116900 We have found inconsistencies in your database, which should be corrected quickly' warning generated by SafeGuard Management Center'. Rerun the recovery process once the database inconsistencies have been repaired.


    Duplicate objects of the SafeGuard Client exist in the Database

    If duplicates exist of this machine then all duplicate entries that have no inventory information should be deleted from the Management Centre and the Challenge/Response performed again. The SafeGuard Database Maintenance Console (KB126742 SafeGuard Enterprise Database Maintenance Console) can be used to detect and remove duplicate objects.


    If the scenarios above are not applicable when the client machine should be recovered by performing a slave and decrypt of the hard drive.

    These instructions describe how to slave a drive to an SGN client and decrypt that slaved drive. Upon completion, in order to boot to the drive the MBR must be re-written.

    Start by following the process on page 18 to slave a hard drive:

    Article ID: 108156
    Title: SafeGuard Enterprise: Recovery scenarios
    URL: https://sophos.com/kb/108156

    Once the hard drive is slaved you will need to create a decryption policy. Decryption is never automatic, it must be manually triggered from the client machine.

    1. Create a new device protection policy in the Management Center
    2. Set the target to 'Local Storage Devices\Drive Letters'. This will allow you to decrypt any hard drive connected to the computer.
    3. Set the Media encryption mode to 'Volume based'
    4. Change the setting 'User may decrypt volume' to Yes
    5. Change the Media encryption mode to 'No encryption'
    6. Click Save
    7. Apply this policy to the OU or group containing the user or computer that will be decrypting the slaved hard drive. Click Save.
    8. Synchronize the client. You should have received new policies. After receiving the new policies you should be able to right-click the slaved drive in Windows Explorer and see that the 'Encryption' context menu item is no longer greyed out, and you can now click 'Decryption'.

    The drive will take roughly as long to decrypt as it did to encrypt. Once decrypted you may want to re-write the MBR to skip over the SafeGuard kernel. You can use either a Windows disk or WinPE to do this, as below:

    Article ID: 108805
    Title: Recovering data from a volume-based encrypted SafeGuard Device Encryption Client
    URL: https://sophos.com/kb/108805

    The following related KBA may also be of some assistance:

    Article ID: 108411
    Title: How to allow a user to decrypt a SafeGuard Enterprise Client
    URL: https://sophos.com/kb/108411

    If the client machine never communicated its recovery key back to the SafeGuard Management center then the client machine will be unrecoverable and should be reverted back to the last available backup.

    Let me know if this helps resolve your query.

  • In reply to Haridoss Sreenivasan:

    The issue is still there, we have a Windows 10 computer encrypted with BitLocker. The console shows the computer, the encrypted drive, etc. but when I try to use the different Recovery Scenarios, but I get this message after entering the computer name and click next." Missig POA or Key Information. Please Check computers inventory.


    I still need help :(

  • In reply to boris tazhicherry:

    HI Boris - Do you know need to unlock this drive, or is it operational but without a recovery key?

  • In reply to MichaelMcLannahan:

    Hi Michael,

    i dont have the recovery key, i know the "default" scenario but it doesnt work.

    kind regards,


  • In reply to boris tazhicherry:

    So if Windows is still operational and so is access to the drive - can you resync the SSG client on the affected computer and do a refresh on the console to see if the key appears?