Help

FileVault Issue

andymallins
New Contributor III

Posted on ‎04-11-2018 01:41 AM

Hi All,

Wondering if anyone has any suggestions re. an issue I am seeing with filevault (which is fully encrypted) on a 10.13.3 iMac as follows;

No key resides on JamF and its showing as "FileVault 2 is Not Configured"

Recreating the individual key with the JamF script makes no difference although this script does work as its successfully recreated keys in the past.

If I try and add any users to FileVault to unlock the disk I see the error "Error adding users to FileVault unknown error"

If I run the sysadminctl util it states that the user doesn't have a secure token (the local admin account does however), if I attempt to create a token for the user I get an error similar to "NSLocalizedFailureReason=Credentials could not be verified, username or password is invalid."

If I try remove FileVault I get the message "FileVault was not disabled (-69595)"

Any ideas? I would rather not rebuild if I don't have to.

Cheers,
Andy

Reply
6 REPLIES 6

rjohnson83jr
New Contributor

Posted on ‎04-11-2018 06:42 AM

Hey, just a question, first have you ensured you set the Escrow option I the payload to redirect key to your Jamf server? Tis is required going forward with 10.13.3. Basic redirect function only wrks with 10.2 machines or older..See image below:

526978581a964849ac496abe9fa4182f

0 Kudos
Reply

andymallins
New Contributor III

Posted on ‎04-11-2018 09:11 AM

Hi, yes, thats all set and the other Macs are fine, again on 10.13.*

0 Kudos
Reply

andymallins
New Contributor III

Posted on ‎04-14-2018 03:37 AM

Well upgrading to 10.13.4 sorted enabling additional users but still no key is sent back to JSS!

0 Kudos
Reply

daniel_hayden
New Contributor III

Posted on ‎04-15-2018 07:46 AM

Does your configuration Profile have the required certificates included? Working with JAMF I had to add the following Certs to the Profile:
Institutional Key 1-2018
JSS FileVault Recovery Key Escrow Certificate
JSS FileVault Recovery Key Redirection Certificate

0 Kudos
Reply

thomH
New Contributor III

Posted on ‎04-16-2018 07:28 AM

Hello,

Can I chime in with what's probably a noob question, What's the difference between enabling FV via policy VS configuration profile. So far I've only used it via policy.

Thanks,

0 Kudos
Reply

andymallins
New Contributor III

Posted on ‎04-27-2018 12:06 AM

I just have "Enable Escrow Personal Recovery Key" as it was my understanding that was what was needed for 10.13.*

0 Kudos
Reply