Skip to main content
Question

Escrowed Bootstrap Token disappearing

  • April 30, 2024
  • 3 replies
  • 110 views
aburrow007
Forum|alt.badge.img+4

I'm seeing an unusual issue (I think).  Our M1's are getting Bootstrap Tokens Escrowed correctly.  The for some reason (I've worked with Support on this), the Mac's are then becoming unmanaged ticking "Allow Jamf Pro to perform management tasks" as per Support brings the Mac back into managed.

I'm noticing that the Mac's that have gone through this process no longer have an Escrowed Token.  To fix this I was going to deploy a policy that users would run to re-escrow the token, however the Mac's still believe the token is escrowed as per terminal command.

While I'm still trying to work out the root cause as to why Mac's are becoming unmanaged, I'm not sure how best to move forward with the Bootstrap token issue?

    3 replies

    czarmark
    Forum|alt.badge.img+5
    • czarmark
    • New Contributor
    • April 30, 2024

    Consider Netflix's Escrow Buddy: https://github.com/macadmins/escrow-buddy/wiki

    I recently implemented it in sandbox and then production. We had less than 10 machines with an invalid key, and it took about a week, but eventually Escrow Buddy escrowed a new valid key.

    bgrant11
    aburrow007
    Forum|alt.badge.img+4
    • aburrow007
    • Author
    • Jamf Heroes
    • May 1, 2024

    Thanks for the suggestion.  I've already implemented that for filefault recovery keys.  I wasn't aware it did Bootstrap tokens as well.  I'll have another look at it.

    czarmark
    Forum|alt.badge.img+5
    • czarmark
    • New Contributor
    • May 1, 2024

    Thanks for the suggestion.  I've already implemented that for filefault recovery keys.  I wasn't aware it did Bootstrap tokens as well.  I'll have another look at it.


    My bad - my brain thought this was about escrowing FileVault recovery keys, not bootstrap tokens.

    Terms & ConditionsCookie settingsAccessibility statement