Solved

Reissuing FileVault keys Issue

Forum|Forum|9 years ago
November 16, 2016
6 replies
22 views

BigToeKnee810
Contributor

So I am using the Reissuing FileVault keys with the Casper Suite. Followed this to the T (except the DMG for the ICONS). I am getting the follwoing error:

Executing Policy Reissue invalid or missing FileVault recovery key
Downloading AppleCustomScriptIcon.pkg...
Downloading 

Verifying package integrity...
Installing AppleCustomScriptIcon.pkg...
Successfully installed AppleCustomScriptIcon.pkg.
Running script reissue filevault recovery key...
Script exit code: 0
Script result: Alerting user USER about incoming password prompt...
Prompting USER for their Mac password...
Successfully prompted for Mac password.
Issuing new recovery key...
**[WARNING] FileVault key was generated, but escrow did not occur.
Adding personal recovery key.**

Submitting log to https://comapny.jamfcloud.com/

Any ideas why the escrow doesn't occur? And not getting the key uploaded to my JSS?

Best answer by mm2270

Hi @BigToeKnee810 (interesting screen name) I haven't used the script myself, but, just curious if you've set up a Config Profile for these Macs to have FileVault Recovery Key redirection? Its toward the bottom of the payloads list when setting up a Config Profile. See image below

You need to set it to the following option:

I'm pretty sure that is a requirement to have any new keys redirected and escrowed back to the JSS, but again, I haven't really looked at the script created by homebysix to know for sure. Maybe I'm wrong, but I'd at least check into that avenue, assuming you don't already have that profile setting in place.

+24

mm2270
Legendary Contributor
Answer
Forum|Forum|9 years ago
November 16, 2016

You need to set it to the following option:

+14

perrycj
Valued Contributor
Forum|Forum|9 years ago
November 16, 2016

@BigToeKnee810 Yes, what @mm2270 says is correct... you have to have that configuration profile set up like he mentioned in order for it to work and redirect the Keys back to the JSS. Otherwise, it will just fail.

+14

perrycj
Valued Contributor
Forum|Forum|9 years ago
November 17, 2016

BigToeKnee810
Author
Contributor
Forum|Forum|9 years ago
November 17, 2016

Yep that is currently enabled.

BigToeKnee810
Author
Contributor
Forum|Forum|9 years ago
November 17, 2016

Weird. It's working this morning, just tried out of curiosity.

m3ir
Contributor
Forum|Forum|8 years ago
May 7, 2017

Hi @BigToeKnee810 What os do you running it on ? I've been trying running it on latest sierra , but after the first "Next" , I get no password to type . just an error of 5 attempts .
did you change anything in the script before running it?

Script exit code: 1 Script result: /Library/Application Support/JAMF/tmp/reissue_filevault_recovery_key: line 1: ill: command not found Alerting user perfecto about incoming password prompt... Prompting perfecto for their Mac password... Prompting perfecto for their Mac password (attempt 2)... Prompting perfecto for their Mac password (attempt 3)... Prompting perfecto for their Mac password (attempt 4)... Prompting perfecto for their Mac password (attempt 5)... [ERROR] Password prompt unsuccessful after 5 attempts. Displaying "forgot password" message... Error running script: return code was 1.

Regards ,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded