Help

FileVault 2 Displays "Not Configured" in JSS OSX 10.13.4

Kmartin
New Contributor III

Posted on ‎04-25-2018 10:15 AM

I have 2 Macbooks that I recently clean installed 10.13.4 and imaged with JAMF that did encrypt but in the JSS under management the FileVault2 key is displaying "Not Configured." The management profile that was setup is applied and the Macbooks are properly encrypting. I have previous Macbooks that were initially setup on 10.13.3/JAMF 10.2, and those do display the key properly. Currently JAMF 10.3.1 is installed.

deb8c2200747423e8e16761dd46b7f12
4ca5ee5fef8f49bab731c1d88e7a3e0d
e6da0b4b8d2a44bc8a00db58e1b232aa

Reply
7 REPLIES 7

scottb
Honored Contributor

Posted on ‎04-25-2018 10:24 AM

No answer, but "me too".
Drives me nuts. Screws up smart groups as well.

0 Kudos
Reply

bmarks
Contributor II

Posted on ‎04-25-2018 10:49 AM

There are a number of threads regarding similar issues. I had posted to a few of them. Then, after working with Jamf we think we isolated a potential issue. I posted about it at length here recently:

https://www.jamf.com/jamf-nation/discussions/27635/potential-cause-and-solution-for-missing-filevault-keys

If you have access to your database, you can try those commands on one of your Macs to see what happens.

0 Kudos
Reply

bmortens115
New Contributor III

Posted on ‎04-25-2018 12:26 PM

I have found that I need to run an inventory update locally on a machine once 10.13 machines have been encrypted via a configuration profile to get the FileVault key into the jamf pro server.

0 Kudos
Reply

scottb
Honored Contributor

Posted on ‎04-25-2018 12:33 PM

You def need to have an updated recon after to get anything of use. Sometimes it seems to work, others not.
We've tried deleting Macs from the JSS and then re-enrolling which has fixed some.
Even some with keys that are valid and show under management tab may show not under the general tab (I have to look at that and show a screen shot as I may be off on what's where...).

0 Kudos
Reply

Kmartin
New Contributor III

Posted on ‎04-25-2018 12:36 PM

There are a number of threads regarding similar issues. I had posted to a few of them. Then, after working with Jamf we think we isolated a potential issue. I posted about it at length here recently: https://www.jamf.com/jamf-nation/discussions/27635/potential-cause-and-solution-for-missing-filevault-keys If you have access to your database, you can try those commands on one of your Macs to see what happens.

I have tried recon with no luck, multiple times. I just took a look at the SQL database and I do not even see an entry in there for either of the Macbooks that are having the problem. So I cannot update the "key_deleted" entry. I do however see the rest of the Macbooks that are functioning properly.

0 Kudos
Reply

Kmartin
New Contributor III

Posted on ‎04-27-2018 08:26 AM

So I re-encrypted the Macbook and although the Status says "Unknown" in the JSS the key is properly reporting now. I also setup another Macbook and that one was successful the first time and even the status showed "verified." So it seems there is much inconsistency with filevault 2 and reporting to the JSS.

0 Kudos
Reply

mesmerli
New Contributor

Posted on ‎08-20-2019 07:07 PM

I got the same issue. Our help desk said no key_deleted field in the record of the database. Does the schema change after the post? Thanks.

0 Kudos
Reply