Help

authenticated restart not working

page_229
New Contributor II

Posted on ‎03-31-2015 01:26 PM

I am trying to get my machines to restart back into 10.10 but the authenticated restart does not seem to be working. I have the option selected to "Perform authenticated restart on computers with FileVault 2 enabled" but when my policy restarts the computer it still go to the FileVault log in screen. If I manually try to do a authenticated restart in terminal everything works fine and it by passes the FV2 log in screen and goes straight into the 10.10 log in screen. Any ideas why this is not working?

0 Kudos
6 REPLIES 6

zanb
New Contributor III

Posted on ‎04-01-2015 07:48 AM

The local casperadmin account may not be authorized as a File Vault 2 user.

For instance, Casper may be asking OS X "Hey, store my credentials to decrypt the drive when you restart" and OS X may be responding in the background with "Sorry, you're not an authorized user."

0 Kudos

casper100
New Contributor II

Posted on ‎04-01-2015 08:19 AM

Just for clarity on a couple of items - not to hijack the post but hopefully shed some light on the caveats-
the authrestart (in JSS) uses the "management account"?

We have our hidden management account disabled for FV2 because otherwise it shows on the FV2 authentication screen - and therefore not hidden. The local admin and machine user accounts are enabled. Wish there was the option (in the policy) to restart using the institutional key.

Also, if you choose "Restart Immediately" (in the policy Restart Options) could that possibly send a "normal" restart command BEFORE the authrestart command executes?

0 Kudos

page_229
New Contributor II

Posted on ‎04-01-2015 09:04 AM

We use our local computer account as the Casper admin account so it can automatically be added as a File Vault 2 user. So I know it does unlock File Vault normally.

I have tried with the policy set to Restart and Restart Immediately with nothing changing.

0 Kudos

seanjsgallagher
Contributor

Posted on ‎06-01-2015 10:13 AM

Did you ever get this figured out? I am seeing something similar.

0 Kudos

jgalante
New Contributor III

Posted on ‎12-10-2015 11:06 AM

I believe authenticated restart is still not working.

I have my management account enabled for FV2 on all user computers. Policies that have "authenticated restart" checked still present pre-boot logon and require a password before continuing.

User systems are all running 10.10.5. JSS version 9.81

0 Kudos

page_229
New Contributor II

Posted on ‎12-10-2015 11:14 AM

I just got mine working about a week ago. This is what I ended up doing:

-Creating an institutional recovery key for my JSS (https://jamfnation.jamfsoftware.com/article.html?id=326).
-Created a policy that Issued a new recovery key using Individual and Institutional keys
-Computers checked in with new key information: -Individual Recovery Key Validation: Valid -Institutional Recovery Key: Present

0 Kudos