Jamf Nation Community

rmakkapa · ‎09-23-2021

Hello All,

I am having a problem with the FileVault personal keys which are being saved to Jamf pro server.

All keys appear with a long string of characters. I got stuck with recovery screen and need to have recovery key to proceed. I did check multiple articles but couldn't find much information on the key retrieval. Here are my FileVault configuration profile settings.

Can you please help me on this?

steve_summers · ‎09-24-2021

Hello @rmakkapa . I've dealt with this also and it's totally fixable.

First, there's a couple things you could do. 1) Not sure if you're on prem vs. cloud, but you "may" be able to contact Jamf Support and see if they can help you run some commands against the database to make the key appear again. I've heard (not seen) that this might be an option in some situations. 2) There is a script you can run which will prompt each customer it's scoped against to enter their password and then a new key is issued and you're done.

I've done this, currently tracking some remaining users who need new keys and it works. I would suggest though, since you have to prompt customers for their passwords, it may take a little thought and prep by crafting an email addressing the fact that you'll be prompting customers for their PWs and that you're legit. Below is a link to the script I used recently to accomplish this. I hope this helps. Good luck.

https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh

rmakkapa · a month ago

Hi @steve_summers. Thank you for your response. We are using cloud instance and raised this with jamf, waiting for their response.

Tried executing the script from https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh and new key was issued. However, the new key is also encrypted and consists of multiple characters whereas we need the recovery key of 24 characters.

FileVault 2 Key showing long string of characters instead of 24 characters key