Using Extensive Repair

The Recovery Tool displays the Unable to Repair Device status if it requires an administrator account to perform the repair. Additionally, it adds the Extensive Repair option to the screen. Clicking View also notifies you that authentication is required to continue repairs.

  1. Click Extensive Repair.
  2. Log on PolicyServer with the following credentials:



    User name

    Specify an Administrator account. Authenticator and normal user accounts may not access the Recovery Tool, regardless of policy configuration.


    Specify the password for that user name.


    Specify the PolicyServer IP address or host name.

    Device ID

    Specify the device ID. For Full Disk Encryption 5.0 patch 4 or later devices, the Recovery Tool attempts to automatically generate this field. If the MBR or Full Disk Encryption database is corrupted, the Recovery Tool may be unable to retrieve this information.

    If the Recovery Tool is unable to retrieve this information, or the device has Full Disk Encryption 5.0 patch 3 or earlier installed, find and copy the device ID from PolicyServer MMC or Control Manager. In Control Manager, you can access the device ID from the Full Disk Encryption Status Report widget. See Full Disk Encryption Status.


    If the Recovery Tool is unable to connect to PolicyServer, a message appears requesting that you configure your network. In that case, click Network Status and Configuration to view your current network status. Click Configure to specify the endpoint IP address settings. Click Reconnect to attempt to connect to PolicyServer again and refresh your network information.

  3. The Recovery Tool automatically performs additional scanning and repairs.

    After this process, the Recovery Tool shows FDE System Disk Repaired Successfully.

  4. (Optional) To ensure that all users can log on after the repair, click Advanced Functions, and then click Cache All Users.

    A notification appears informing the user that user accounts were cached successfully.

    For more information about the available advanced functions, see Advanced Functions.

  5. (Optional) If you need to collect logs for further troubleshooting, click Start > Collect CDT to run the Case Diagnostic Tool.

    The Recovery Tool saves the collected logs in the USB drive and shows a notification after collection is finished.

  6. Click Shut Down to shut down the endpoint.
  7. Remove the Recovery Tool from the endpoint.
  8. Start the endpoint.

    If repairs were successful, the endpoint loads the Full Disk Encryption preboot screen at start up.