Without taking appropriate steps, upon starting up a newly-installed version of MagicEndpoint Enterprise (having first uninstalled an earlier version), any manually-added security keys will be lost, resulting in only those Security Keys derived from the MagicEndpoint IdP being visible in the MagicEndpoint list of Security Keys.
This issue can be proven by performing the following steps:
1. Uninstall ME then reinstall ME successfully
2. Wait for a few minutes, it will show the message "Successfully synced with the server"
3. Check for the presence of your auto IdP keys and any manually-created security keys based on TPM or Software Tokens.
Due to this issue, you should see only IdP keys.
Reason: There was a change in approach. Now, by default ME creates “non-shareable“/”non-duplicable” TPM keys. These “non-shareable“ keys are not backed up on the SES database, and as a result cannot be retrieved from SES.
Shareable keys can be backed up to the SES server and reinstated from the server.
NON-Shareable keys can only be backed and reinstated using the Export and Import functionality on the MagicEndpoint Client application.
The following scenarios apply only to Shareable keys.
Work-around 1:
Use the MagicEndpoint client's export/import features to backup and restore TPM keys on the same device.
Work-around 2:
There is an option to change this default behavior by adding the following setting into the ME profile settings file.
[MagicEndpoint]
DuplicableTpmKeys=0
Without a value of 1 for this setting (either DuplicableTpmKeys=0 or this setting/value set is missing from the Profile) the following are the scenarios for the device owner's own device, and for a loaner device.
On the owner's device: Registering ME-TPM/Software keys will be successful. Exporting ME tokens will be successful.
- If the user uninstalls then re-installs MagicEndpoint, then MagicEndpoint is linked with SecureDoc, upon successful communication with the SES Server, any MagicEndpoint-created TPM/Software security keys do not display in the Registered sites dialog.
- However if the user had exported the tokens, then upon performing an Import successfully, the missing The ME-TPM keys will be displayed in the Registered sites dialog, and the user will be able to login to Service Providers protected by those keys keys successfully.
On a Loaner device: Right-click on the MagicEndpoint icon and click on ‘Sync with server’ after Owner had successfully registered one or more MagicEndpoint TMP/Software security keys on the owner's own deivce.
→ Go to ME>Configure>Registered sites → Any MagicEnpoint TPM/Software security keys created on the owner's own device will not have been synchronized onto the Loaner device (but could be imported to it via a manual process).
[MagicEndpoint]
Case 2: DuplicableTpmKeys=1
Registering ME-TPM keys will be successful. Exporting ME tokens will be successful.
- If the user uninstalls then re-installs MagicEndpoint, then MagicEndpoint is linked with SecureDoc, upon successful communication with the SES Server, any MagicEndpoint-created TPM/Software security keys WILL appear in the Registered sites dialog (without any need for having been exported and re-imported as in Case 1 above). The user will be able to log in to the Service Providers protected by those keys.
On a loaner device: Right-click on the ME icon and click on ‘Sync with server’ after the Owner had registered one or more MagicEndpoint TPM/Software security keys.
Check the MagicEndpoint Client's Configure>Registered sites panel. The MagicEndpoint TPM/Software security keys that exist on the owner device will have been synchronized to the loaner device, and the user will be able to log in to the Service Providers protected by those keys.
1973
- Updated on Feb 6, 2026
- 2 minute(s) read
- VN
Was this article helpful?