Jamf Nation Community

pmcavey · ‎11-29-2018

I have been using configuration profiles to require FV2 and redirect the personal key to the on-prem JAMF Pro server (10.8)
I have not bee able to get this to work in Mojave and while I have found other users on the web having the same problem I haven't found a solution. Is there a new way FV2 with key redirection needs to be done with Mojave?

Thanks in advance.

-PSM

marlink · ‎11-30-2018

We just discovered this same issue today. We have been blocking Mojave installs, but just received a repaired Mac back from Apple that was returned with Mojave installed. When trying to re-add our FileVault config profile (which escrows the recovery key to our on-prem JSS), the profile fails to install (JAMF Pro 10.8).

Anyone else know of a fix?

Lotusshaney · ‎12-04-2018

Have got the same. The escrow does not work at encryption.

However running https://github.com/homebysix/jss-filevault-reissue works and the redirect works.

Looking into it the problem it appears that the /var/db/FileVaultPRK.dat is not made after the FV2 Encryption is finished.

Lotusshaney · ‎12-06-2018

Hi All, This appears to be fixed in 10.14.2

JayD · ‎01-03-2019

not yet im having issue with it now. Not being able to configure or run filevault. This is what shows in the log files

Error: A problem occurred while trying to enable FileVault. (-69576)

Lotusshaney · ‎01-03-2019

That’s a different problem. Not the recovery key

bnelson06 · ‎01-04-2019

Has there been any update on this? I'm working on this now and getting this error:

[WARNING] FileVault key was generated, but escrow cannot be confirmed. Please verify that the redirection profile is installed and the Mac is connected to the internet.

KMak84 · ‎04-16-2019

I am having similar issues myself, when testing https://github.com/homebysix/jss-filevault-reissue it worked on 10.11 0 to 10.13.6.

So when testing that method on 10.14.4 the keys are not escrowing in.

Has anyone else had a similar experience

phredman · ‎05-01-2019

@k84 - I'm seeing the same behaviour.

Lotusshaney · ‎05-01-2019

Escrow is working fine for me in 10.14.4.

Are these upgrades to 10.14 ? If so try reapplying the escrow profile and see if that helps

m3ir · ‎05-01-2019

I know it's obvious but just in case, did you create a new payload for Mojave escrow key under "Security & Privacy"?
if it still doesn't escrow, restart the machine and do recon, It might fix the problem

phredman · ‎05-02-2019

you ever create the config profile and test and test and get nowhere, then realize you forgot to add the scope? Asking for a friend.

scottb · ‎05-02-2019

^^^ :)

theguvnor · ‎06-28-2019

Escrowing immediately on 10.14.5 for me. I am, however, seeing a different issue, whereby, after the FileVault config profile is applied to the machine, at the next user logout they successfully put in their password to initiate the encryption, it comes up with a message displaying the recovery key but they can't click the 'Continue' button using the mouse or keyboard of the machine, the mouse cursor doesn't appear. I had to remote to the screen and click it using Apple Remote Desktop.

Anyone else seeing that? Probably just me :(

EDIT: Found this actually only occurs on desktop Macs, whereas it's fine on MacBooks.

cyberspread_71 · ‎09-25-2019

Nope. Happens on MacBooks as well. Just pushed the profile to 2 machines and it did the same thing on both.

acaveny · ‎10-01-2019

Is happening to me too. I'm working on migrating our FV2 from just a policy to a config profile. Everything looked like it went fine, until that first reboot. FWIW, I was able to force kill the machine and it then continued with the encryption process, and did escrow the key, but that's not an acceptable user experience.

I just opened a support ticket to see if this is a known PI..

gachowski · ‎10-01-2019

I saw the same thing, older iMac grayed out 'Continue' buttons and newer iMac good buttons. I assumed it's a macOS issue.

C

Jamf Nation Community

Mojave and FileVault from configuration profile