Problem: 

A user cannot remember their Trusted Drive password for a Trusted Drive managed by ERAS and requires the Recovery Password from ERAS in order to access the drive.

Solution: 

There are 3 methods of obtaining the Recovery Password from ERAS:

Method 1 – ERAS Console

  1. Open the ERAS Console and navigate to the computer in its OU or use search functionality.
  2. Right click on the computer and select Properties.
  3. Select the Trusted Drive Management Tab > Manage. You will see an option to “Get Recovery Password”
    • Note: if using Challenge Response Recovery method (CRRP) you will be prompted for the challenge value before the recovery password is displayed. This is obtained from the recovery screen on the client machine.
  4. See Entering Recovery Password below for instructions to enter this password on the client

If you do not know the name of the computer, you can search by the Drive Serial Number using the following directions:

  1. Right click on the domain in the left-hand pane and select “Search…” or “Find Computer…”
  2. As an alternative to searching by Computer Name, you can select “Drive Serial Number” and search for the Drive Serial Number, which will be displayed on the login screen for the locked drive.
  3. Select OK. Your search will appear in the Search Results section in the left-hand pane, which should have the entry for the computer/drive.
  4. Follow steps 2, 3 & 4 from above.

 

Method 2 – ERAS Helpdesk

If you have the ERAS Helpdesk installed, you can obtain a Recovery Password with it by searching by Computer name or Trusted Drive SN#.

Note: Users must be assigned the proper Role in the ERAS Authorization Manager in order to use the ERAS Helpdesk.

  1. Open the ERAS Helpdesk website.
  2. On the left of the page, you will find a dropdown to specify what to search by. Please select an option and perform your search.
  3. After performing your search, you can either filter the search further, or select the computer/drive from the search results.
  4. After selecting the computer, please select the trusted drive (if multiple drives are used) then select “View Drive Recovery Password” to display the Recovery Password.
    • Note: if using Challenge Response Recovery method (CRRP) you will need to enter the challenge value before you can click View Recovery Password. This is obtained from the recovery screen on the client machine.
  1. See Entering Recovery Password below for instructions to enter this password on the client

 

Method 3 – ERAS Command Line Utility

Method 3 utilizes the ERAS Command Line Utility that can be located on the ERAS Server:

  1. Open the Command Line Utility by going to Start > All Programs > Wave Systems Corp > EMBASSY Remote Administration Server > ERAS Command Line Utility.
  2. To query the Recovery Password by Drive Serial Number, please use the following command:
    • If using static recovery password:
      Erascmd show SN=xxxxxxx output=rpwd
      (Replace xxxxx with actual drive serial number)
    • If using Challenge Response Recovery method:
      erascmd show COMPUTER passwordtype=CRRPII deviceId=PhysicalDrive0 userid="Service Access" challenge=[13/26 characters]
      (Replace COMPUTER with the actual computer name and enter the challenge from the client in place of ‘[13/26 characters]’)

Your Recovery password should be displayed in the Command Line Utility Window.

 

Entering Recovery Password on Client

ESC 2.6 and below

  1. Under the username field enter ‘recovery_agent’
  2. Enter the recovery password obtained from ERAS into the password field

ESC 2.7 – 2.9.5 (Challenge Response Recovery Password – CRRP)

  1. Press CTRL+X at the normal drive login screen to get to the drive recovery screen
  2. Provide the displayed challenge value to the help desk person who will need it to obtain the recovery password
  3. Enter the response provided by the help desk person as the response value

ESC 2.7 – 2.9.5 (Legacy / Static Recovery Password)

  1. Press CTRL+X at the normal drive login screen to get to the drive recovery screen
  2. Enter the password obtained from ERAS

ESC 2.10 and above (Challenge Response Recovery Password – CRRP)

  1. Click forgot password link below the user name and password fields
  2. From the drop down select Drive Based Recovery
  3. Hit enter or click the right arrow to move to the next screen
  4. Provide the displayed challenge value to the help desk person who will need it to obtain the recovery password
  5. Enter the response provided by the help desk person as the response value

ESC 2.10 and above (Legacy / Static Recovery Password)

  1. Click forgot password link below the user name and password fields
  2. From the drop down select Drive Based Recovery
  3. Hit enter or click the right arrow to move to the next screen
  4. Enter the recovery password obtained from ERAS


For more detailed information regarding obtaining recovery and the different recovery options please see the ERAS admin manual included with your version of ERAS.