Error handling

In the event that there is an error during the transfer process, the affected system's Drive Encryption service will go into an error state and not perform any further policy enforcement until the service is restarted or the system is restarted. This prevents the destination server becoming overloaded with many systems repeatedly requesting information in the event of a structural configuration issue.

Possible causes of errors during the transfer process are:

  • number of users being transferred is greater than the specified maximum.
  • users cannot be assigned in the destination server because it cannot be found in the Active Directory.

A suitable error event will be sent up to destination sever to allow administrators to identify affected systems.

In the event of an error, the system can be returned to the control of the source server until the root cause is identified.

For environments using chase referrals, failure of the referral (due to an unreachable AD server) will result in either user assignment failure (if the user cannot be found) or assignment of the user from an AD server lower in the search order (where the user exists in multiple directories).