Help

FileVault2 failing at random

Go to solution
ShakataGaNai
New Contributor III

Posted on ‎02-21-2013 12:33 PM

I have 2 base images, MacBook Air and MacBook Pro w/ Retina. The images were made on the latest generation of boxes running 10.8.2, and are being imaged onto their brethren devices. The images are basically 100% clean (nothing is done other than doing the OSX required setup process). The machines are imaged via NetBoot.

There is a policy in JSS to enable FileFault2 on all machines with an instituional key, this works most of the time. However, I've got a decent percentage of machines where this policy executes (I get the popup saying save your work, computer is going bye bye), but fails to actually encrypt the drive. This is mixed between both my MBA's and my MBP's (So I know it's not image specific).

When I tried to enable FileVault in the GUI manually after this policy application, it fails. I checked the system.log file and found this:

CoreStorage conversion failed with mainError: -69700; detailError: 0

Anyone seen anything like this?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
rtrouton
Release Candidate Programs Tester

Posted on ‎02-21-2013 12:39 PM

The first thing I'd check is if you have a working Recovery HD partition on the machines where it's failing. FileVault 2 won't turn on without having Recovery HD available.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
rtrouton
Release Candidate Programs Tester

Posted on ‎02-21-2013 12:39 PM

The first thing I'd check is if you have a working Recovery HD partition on the machines where it's failing. FileVault 2 won't turn on without having Recovery HD available.

0 Kudos

Go to solution
alex_merenyi
New Contributor II

Posted on ‎02-21-2013 01:45 PM

Also, do a Verify disk in Disk Utility. If there's errors, I've seen FileVault refuse to encrypt.

0 Kudos

Go to solution
ShakataGaNai
New Contributor III

Posted on ‎02-21-2013 03:45 PM

@Rtrouton - Looks like I am missing the Recovery partition. I found a guide online to recreating the recovery partition: http://www.brunerd.com/blog/2012/03/21/update-create-lion-recoveryhd-partition-quickly-without-reins... and used that. The machine now FileVault's.

So the second question is, anyway to capture the Recovery partition when making a machine image so I dont have this problem again?

0 Kudos

Go to solution
gachowski
Valued Contributor II

Posted on ‎02-21-2013 04:34 PM

Jon, I have a question for you.

How do you get the Mac to reboot for the FileVaut? When I was testing when X.8 was released, the only way I could the box that asks for the user's password is a reboot that had to be done in the GUI?

To answer your question see Scenario 3

https://jamfnation.jamfsoftware.com/article.html?id=173

0 Kudos

Go to solution
ShakataGaNai
New Contributor III

Posted on ‎02-21-2013 05:41 PM

@Gachowiski My Filevault policy is set so that it gives a 5mn warning before reboot. While the message pops up, it never actually forces a reboot (not once have I seen that portion work). So far all the FV2 deployments have been to machines in my hand, so as soon as the popup shows, I send them down for reboot manually (either in the GUI or sudo reboot if I'm already in CLI).

RE Link - Thanks. That looks about exactly what I want. All my machines that come back are encrypted and I don't bother decrypted (takes too long) so I just use DiskUtil to destroy the drives... which is why I keep losing the recovery partition.

0 Kudos