After updating our current JSS from 8.71 to 9.2 I have noticed the following:
** Individual Recovery Key Validation:Unknown
** Institutional Recovery Key:Not Present
Before the upgrade these fields populated correctly.
Has anyone else experienced this?
Any clue on how to make these keys be available again?
Thanks in advance....
Ouch! Are you seeing this on any and all Macs that should have FV2 Recovery Keys? Or just on certain ones?
If its happening on a lot of them, I'd get on a call with JAMF ASAP about it.
As for getting them back, if they are simply not getting correctly represented in the db due to a permissions issue or something like that, and JAMF can help you, you may be OK. If they are in fact gone, I'm sorry to say it, but your only recourse may be to decrypted and re-encrypt those Macs to recapture a new key. The Recovery Key isn't stored anywhere on the system to grab it again, due to security reasons. It gets picked up in an xml file generated by the Casper Suite disk encryption process, but once its sucked up into the db, the xml file is deleted.
Don't jump out of any windows just yet. :)
First, get a case open with your JAMF account manager right away if you haven't done so already.
Second, you do have a good backup of your previous 8.71 database, right? Right?
I'm going to assume yes and if so, JAMF may be able to work with you to re-do the upgrade and get the keys in. Its possible the table where the keys were stored simply didn't make it over correctly in the upgrade.
Lastly, did you happen to use both an Individual and Institutional Recovery key setup? If so, if it turns out you really do need to redo the encryption process, you at least have an additional method for emergency decryption if needed. Its more work with the Institutional key, but its something. If you only have Individual keys set up, well, then just hope that no-one forgets their password.
The important thing is, don't try to solve this on your own. Get with your TAM as soon as possible.
The FileVault Recovery Keys have been moved in version 9. They are now stored in the Management section of the computer inventory, within the FileVault 2 tab.
Please contact your Account Manager if they do not display there.
If you're a full admin in your JSS, let's click on System Settings>>Accounts and Groups>>Click On Your Account>>Edit>>Privileges and grant yourself full privileges. Let's then log out and back into the JSS.
@Potter I don't feel comfortable answering that question for you, since I don't know anything about your environment, server setup and OS, etc. Too many variables to account for and things that could go wrong. I'd advise you to get with JAMF support if you need the assistance. That's part of what your account manager is there for, especially since your first upgrade attempt didn't really go according to plan.
Hope that helps.