FIleVault Key is Unknown M2 Mac

user-LYBGeLSLLt
New Contributor

Hello Everyone, i have a Problem with 2 Devices, one of them ist with the new M2 Chip and the other One is an Intel Mac. Both of them show me that in jamf:  Personal Recovery Key Validation:Unknown

But FileVault 2 Partition Encryption State:Encrypted.

I am able to see the Personal Recovery Key in terminal but there is a Problem with the transfer to Jamf. Ihad tried with jamf recon but nothink happens. Can anyone help please.

6 REPLIES 6

Minerva
New Contributor

Decrypt and encrypt again. 

Jason33
Contributor III

On one of the systems, run a policy with the Disk Encryption payload and the Action set to "Issue new Recovery Key", and the Recovery Key type as "Individual".  As long as your initial FileVault profile/policy was set to send the keys to Jamf Pro, it should issue and escrow a new key.

There's also a Jamf script that uses the Jamf Helper to prompt the user for their password and then creates a new recovery key.  Check the script at https://github.com/jamf/FileVault2_Scripts/blob/master/reissueKey.sh and modify for your needs.  It should still work on Apple Silicon.

user-LYBGeLSLLt
New Contributor

Thank you Very Much, i had tried it on the Device directly with two commands:
sudo fdesetup changerecovery -personal

and then Sudo jamf recon, it works :) 

Also, if possible help me with that; I've tried those 2 commands, runs good, I could see the RecoveryKey on terminal but still showing as unknown on Jamf

user-LYBGeLSLLt
New Contributor

i have another question, we also have a hidden Admin Account, whwhich is created during the enrollment, by some Users, i see the Admin Account as FileVault User, how can i change thhis easily ? 

Hey, can you explain how to create this hidden Admin Account?