Escrowed Bootstrap Token disappearing

aburrow007
New Contributor II

I'm seeing an unusual issue (I think).  Our M1's are getting Bootstrap Tokens Escrowed correctly.  The for some reason (I've worked with Support on this), the Mac's are then becoming unmanaged ticking "Allow Jamf Pro to perform management tasks" as per Support brings the Mac back into managed.

I'm noticing that the Mac's that have gone through this process no longer have an Escrowed Token.  To fix this I was going to deploy a policy that users would run to re-escrow the token, however the Mac's still believe the token is escrowed as per terminal command.

While I'm still trying to work out the root cause as to why Mac's are becoming unmanaged, I'm not sure how best to move forward with the Bootstrap token issue?

3 REPLIES 3

czarmark
New Contributor III

Consider Netflix's Escrow Buddy: https://github.com/macadmins/escrow-buddy/wiki

I recently implemented it in sandbox and then production. We had less than 10 machines with an invalid key, and it took about a week, but eventually Escrow Buddy escrowed a new valid key.

aburrow007
New Contributor II

Thanks for the suggestion.  I've already implemented that for filefault recovery keys.  I wasn't aware it did Bootstrap tokens as well.  I'll have another look at it.

czarmark
New Contributor III

My bad - my brain thought this was about escrowing FileVault recovery keys, not bootstrap tokens.