Help

Disk Encryption Recovery Key Status: Not Present / No encryption key

temafey
New Contributor

Posted on ‎08-25-2022 02:33 AM

Hi everyone!

Recently we faced with a problem - one of the user after enrolment in the  Disk Encryption tab don't see Recovery Key, it says Disk Encryption Recovery Key Status: Not Present

Rest of the user normally encrypting and receive recovery keys for restore.

now we have problem - user laptop asked for reboot after some actions and macbook asked for the key. but in the profile its empty, but status is encrypted. Pls kindly assist! How its possible with jamf to decrypt this mac and hard drive?? is there any way? 

Thank you in advance! Best regards!

temafey_0-1661419692338.png

 

0 Kudos
4 REPLIES 4

mojo21221
Contributor II

Posted on ‎08-25-2022 08:57 AM

We had a scenario similar to yours a while back. Luckily we were still able to sign into the the device and use this tool. https://github.com/homebysix/jss-filevault-reissue

 

temafey
New Contributor
In response to mojo21221

Posted on ‎08-25-2022 06:18 PM

Hi. thank you for the solution. 

You say that was able to sign in into devise - how you could able if mac ask for the key in the beginning of the boot

Th

0 Kudos

elliotjordan
Contributor III

Posted on ‎06-15-2023 04:54 PM

Hi all! I'm the maintainer of the jss-filevault-reissue workflow referenced above, and I've got a quick update that may be of interest to you.

My team has published a new tool called Escrow Buddy, which regenerates FileVault keys at the loginwindow, thus avoiding the need to prompt users for their password later. It should be suitable as a drop-in replacement for my previous jss-filevault-reissue workflow at most organizations.

You can read more in this announcement on the Netflix Tech Blog, and this post on my site specifically covers migrating from my old workflow to Escrow Buddy. Escrow Buddy's source code and installer are available on GitHub.

Thanks!

0 Kudos

elliotjordan
Contributor III

Posted on ‎06-16-2023 09:24 AM

Hi all! I'm the maintainer of the jss-filevault-reissue workflow referenced above, and I've got a quick update that may be of interest to you.

My team has published a new tool called Escrow Buddy, which regenerates FileVault keys at the loginwindow, thus avoiding the need to prompt users for their password later. It should be suitable as a drop-in replacement for my previous jss-filevault-reissue workflow at most organizations.

You can read more in this announcement on the Netflix Tech Blog, and this post on my site specifically covers migrating from my old workflow to Escrow Buddy. Escrow Buddy's source code and installer are available on GitHub.

Thanks!