Help

FileVault Recovery Key Rotation Not Updating in Jamf

nwiseman
Contributor

Posted on ‎01-10-2018 10:10 AM

Has anyone else seen the FileVault key change command not updating in JAMF 9.101 for High Sierra (10.13.2 current testing) machines?

The command runs fine in Terminal and I can see the profile installed with the new gathering information, but the key does not update in JAMF.

Not sure if this is a Client side issue or JAMF???

Labels:
0 Kudos
Reply
2 REPLIES 2

crystallized
New Contributor III

Posted on ‎01-11-2018 11:31 AM

Nothing FileVault in terms of reporting works in Jamf on High Sierra, I've found. I have an FR to fix that here: https://www.jamf.com/jamf-nation/feature-requests/6820/ensure-accurate-reporting-for-filevault-users-on-10-13

0 Kudos
Reply

brunerd
Contributor

Posted on ‎01-16-2018 11:10 AM

@nwiseman Here's a question: What happens if you reboot the machine?

There was a bug back in 10.11, 10.12 (maybe earlier) in the service that sends the key, a reboot will cause it to reload and send the key

The trick to doing it without a reboot is to run this before generating a new key (or perhaps after if you are feeling lucky :)

launchctl unload /System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist

However I was just looking at the launchctl man page and apparently unload is a legacy command Apple... so these commands carry no guarantee, but this in theory would would load it...

sudo launchctl enable system/com.apple.security.FDERecoveryAgent
sudo launchctl bootstrap system /System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist
0 Kudos
Reply