I've been using homebysix's reissue_filevault_recovery_key.sh script in a policy to recover lost FV2 recovery keys, but lately the keys that are recovered are these crazy long strings:
Has anyone seen anything like this? What could be causing this?
Question
FileVault 2 Key Escrow + Long String
+8
+12Which version of Jamf Pro are you running? There was an issue fixed in 10.10.0 (PI-006374 http://docs.jamf.com/10.10.0/jamf-pro/release-notes/Bug_Fixes_and_Enhancements.html) that could lead to the recovery key being stored in that form if a certificate on the server reached its expiration date. If that's the issue you are running into then upgrading to 10.10.0 or higher should fix the keys that were stored like that on the upgrade so that they're again presented in a form that is usable for you.
+9So, this EXACT issue happened to me last month. After I stopped hyperventilating I worked with the folks at Jamf (who were great) and it was due to the FV cert expiring inside my Jamf Pro server. Basically, to fix it, I had to do the following:
-Assess the situation by creating a smart group, looking for people who's keys were "Invalid"
-Create a new configuration profile for FV Key Redirection
-Create a policy for those folks with the invalid keys which reissue a new key
-Validate the key issue is fixed after they run the policy
Shout out to Benjamin Julian on Jamf Support who talked me off the ledge on this one. Hope that helps.
+18@steve.summers - We've encountered perfectly formatted FV keys being declared as "Invalid" - not certain that's a bulletproof methodology. But I suppose it's better than nothing.
+15I had this same problem - found out it was due to certificate expiration - created a new institutional key as per apple - https://support.apple.com/en-us/HT202385
added it to jamfs - distributed it with jamf & wallah - problem solved. not on Jamf 10.10 either. hope this helps.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.