Dell Encryption Duplicate DCID or MCID in a production environment

Summary: Duplicate DCID or MCID in a production environment of Dell Encryption (formerly Dell Data Protection | Encryption) is caused when the shield is part of the corporate image that is pushed to the client, instead of installed after the client has been imaged. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Dell Encryption
  • Dell Data Protection | Encryption

Cause

There are several issues with a duplicate DCID or MCID in a production environment.

  • Host names (MCID=Machine ID) are given different encryption keys (stored in the database under DCID, device ID) so another user can chain a drive and access another computer's encrypted data. So having duplicate DCID or MCID in a production environment poses a security concern.
  • A duplicate DCID or MCID impacts policy delivery. When you publish a new policy, the Policy Proxy identifies the computer calling it by DCID. If the same DCID calls back in a second or third time, it is not be given the security policy because the Policy Proxy assumes that the correct policy has already been delivered to that DCID.
  • Inventory is passed during the communication handshake of the policy, so similar to issues related to policy delivery, inventory communication does not transpire as expected which results in significant data missing from reporting along with conflicting information.
  • The final issue is server churning. The server creates device and user intersections that are based on EVERY user and EVERY device. We have seen this make a server unusable as it tries to handle all the intersections. The larger the user base the more intersections and the slower your server responds, which can have significant potential impact to the server.

Resolution

If you have a duplicate DCID or MCID in a production environment, you can apply the steps below to resolve the issue:

  1. Change the primary user of the computer to a security policy of Encryption=False and Scan Upon Login=True.
  2. Decrypt the device to eliminate the active encryption key.
  3. After you have verified the computer is decrypted with WSSCan.exe, you can delete the MCID and DCID from the registry.
  4. Next run WSDeactivate.exe on the device
Note: The MCID is re-created upon reboot and the next time a user logs in and activates they will send the server the new Host Name and request a new DCID and encryption key.
  1. When you change the user's policy back from the above to the default, they encrypt using the new key.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

It is vital that the computer be manually decrypted and all data that is verified as unencrypted using WSScan.exe before moving to a second DCID.

Note: If you plan to use a Windows sysprepped image for deployment, follow the instructions that are outlined in this How to incorporate Dell Encryption in a Windows sysprepped image for VDI Usage to ensure DCIDs and MCIDS remain unique in your environment.

Affected Products

Dell Encryption
Article Properties
Article Number: 000129511
Article Type: Solution
Last Modified: 07 Sep 2023
Version:  9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.