Filevault 2 key - changes from valid to invalid

sammatthews
New Contributor

We've been noticing a trend of machines with a valid recovery key suddenly transitioning from valid to invalid.

We monitor this with 3 smartgroups via email notifications
FV2 key is known
FV2 PRK is known, key is unknown
FV2 key is unknown.

When a devices transitions from FV2 known to > FV2 is unknown 2 recons seem fix this and the device ends up in the correct group, however the same devices can transition back a
Later on

A device which transition out of known then back into known does not have the actual key change at all.

Doesn't seems to be any pattern i can see which cause this

We use a config profile for escrow scoped to all managed clients. For key re-issues we use this script https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh

From what i can see we don't have any policies or config profile in place that could be causing it.

On raising a ticket with Jamf this seems to be a long existing issues PI-001962, this on the offical PI issue as it's direct with apple.

Anyone experiencing this at all? Half tempted to disable the email notifications for these smart groups if it's not anything that can be fixed

All our devices are 10.15 or above.

0 REPLIES 0