Posted on 04-11-2018 01:41 AM
Wondering if anyone has any suggestions re. an issue I am seeing with filevault (which is fully encrypted) on a 10.13.3 iMac as follows;
No key resides on JamF and its showing as "FileVault 2 is Not Configured"
Recreating the individual key with the JamF script makes no difference although this script does work as its successfully recreated keys in the past.
If I try and add any users to FileVault to unlock the disk I see the error "Error adding users to FileVault unknown error"
If I run the sysadminctl util it states that the user doesn't have a secure token (the local admin account does however), if I attempt to create a token for the user I get an error similar to "NSLocalizedFailureReason=Credentials could not be verified, username or password is invalid."
If I try remove FileVault I get the message "FileVault was not disabled (-69595)"
Any ideas? I would rather not rebuild if I don't have to.
Posted on 04-11-2018 06:42 AM
Hey, just a question, first have you ensured you set the Escrow option I the payload to redirect key to your Jamf server? Tis is required going forward with 10.13.3. Basic redirect function only wrks with 10.2 machines or older..See image below:
Posted on 04-11-2018 09:11 AM
Hi, yes, thats all set and the other Macs are fine, again on 10.13.*
Posted on 04-14-2018 03:37 AM
Well upgrading to 10.13.4 sorted enabling additional users but still no key is sent back to JSS!
Posted on 04-15-2018 07:46 AM
Does your configuration Profile have the required certificates included? Working with JAMF I had to add the following Certs to the Profile:
Institutional Key 1-2018
JSS FileVault Recovery Key Escrow Certificate
JSS FileVault Recovery Key Redirection Certificate
Posted on 04-16-2018 07:28 AM
Can I chime in with what's probably a noob question, What's the difference between enabling FV via policy VS configuration profile. So far I've only used it via policy.
Posted on 04-27-2018 12:06 AM
I just have "Enable Escrow Personal Recovery Key" as it was my understanding that was what was needed for 10.13.*