The information in this article is provided for historical reference only. For all the current Best Practice information, see the following article:
153530 - Best Practices: Symantec Endpoint Encryption and Symantec Drive Encryption
The Recovery Process Steps Summary:
It is recommended that the following actions take place in the order listed for the best possible chance at recovering data.1. Contact your internal help desk for assistance.2. Contact Symantec Technical Support for assistance.3. Run "Recover /a".4. Run the SEE Hard Disk Access utility and back up any data.5. Perform a Hard Drive consistency check.6. Perform a hard drive backup using a "sector by sector" copy method.7. Run "Recover /d" emergency decryption.
Contacting internal help desk (Step 1)
Contact your internal help desk for assistance
Contacting Symantec (Step 2)
Contact Symantec Technical Support for assistance.
Run "Recover /a" (Step 3)
The recommended first step, after contacting your internal company help desk and the Symantec technical support team, will be to attempt to repair the SEE Hard Disk Operating System (RTOS) if it has been damaged. The use of the recover utility with the /a parameter will not harm the drive or any data it contains.The command to run this utility is: "recover /a"WARNING: Do not run the recover program with the "/d" or "/b" parameters until instructed to do so, or there could be the risk of data loss.
Endpoint Encryption Hard Disk Access Utility (Step 4)
Symantec recommends running the Hard Disk Access Utility and attempting to back up the data to a secondary location for safe keeping.- Boot the system with SEE-FD-Access-7.X.X.iso(The SEE-FD Access Utility is available on request from Symantec Support)- MS DOS commands like copy and xcopy can then be used to backup data to a network share (by mapping a drive usingthe NET USE command) or to a USB storage device. This allows data to be backed up and retrieved in case a user experiencesa failure within Windows.
Hard Drive Consistency Check (Step 5)
Using the hard drive manufacturer's recommended method, perform a low-level consistency check to verify that the hard drive hardware is operating normally. This is to eliminate the possibility that a mechanical failure is the root cause of the problem. This will usually require a separate boot disk with the manufacturer's utility on it.
Hard Drive Backup (Step 6)
At this point, a backup of the hard drive should be taken for protection against possible data corruption. Further attempts at recovering data will involve writing to the drive and will increase the risk of data loss. Symantec recommends that Symantec Ghost be used to create a "sector-by-sector" copy of the hard drive.
Symantec Technical Support can provide instructions on performing a sector-by-sector backup of the hard drive.
Run "Recover /d" (Step 7 - Emergency decryption)
The emergency decryption process is used to decrypt a hard drive in the event that normal decryption methods are unsuccessful. The emergency decryption utility is a very powerful tool that will decrypt the entire hard drive when authorized by a Hard Disk administrator. There are some very important points to keep in mind when using this utility:
Recover /B also performs an identical emergency decryption of a system, but it can do so when the Workstation Encryption Key is not available on the disk by using a backup file extracted from the server.
- This is the Admin credentials for SEE package not system Admin credentials.- The system is now ready to boot up in normal mode.References
Best Practices for Data Recovery using Symantec Endpoint Encryption - Full Disk (SEE-FD)http://service1.symantec.com/support/ent-security.nsf/docid/2008022909242448
You will likely want this Community for encryption -
Endpoint Encryption (broadcom.com)