Posted on 01-24-2021 07:15 AM
We've been noticing a trend of machines with a valid recovery key suddenly transitioning from valid to invalid.
We monitor this with 3 smartgroups via email notifications
FV2 key is known
FV2 PRK is known, key is unknown
FV2 key is unknown.
When a devices transitions from FV2 known to > FV2 is unknown 2 recons seem fix this and the device ends up in the correct group, however the same devices can transition back a
A device which transition out of known then back into known does not have the actual key change at all.
Doesn't seems to be any pattern i can see which cause this
We use a config profile for escrow scoped to all managed clients. For key re-issues we use this script https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh
From what i can see we don't have any policies or config profile in place that could be causing it.
On raising a ticket with Jamf this seems to be a long existing issues PI-001962, this on the offical PI issue as it's direct with apple.
Anyone experiencing this at all? Half tempted to disable the email notifications for these smart groups if it's not anything that can be fixed
All our devices are 10.15 or above.
Posted on 10-01-2021 06:16 AM
We seem to be experiencing this as well (along with not getting valid recovery keys on first inventory). I can't seem to find that PI listed anywhere. @sammatthews could you point me in the right direction for information on the PI-001962, please?
Posted on 10-01-2021 07:49 AM
I don't have a direct link to the PI it was provided to me via JAMF Support. I believe it's been a long ongoing issues according to the macadmins slack.
Best way i've figured of checking devices that don't have an actual FV2 key in Jamf is a advanced searched.
Posted on 02-14-2022 12:05 AM
Any new info on this thread? we seem to be getting this still... even on BS and Monterey