Help

Recovery Key Dont Work

komissar_test
New Contributor

Posted on ‎06-15-2023 11:59 PM

I want to get a recovery key for an individual device. I went to Jamf resources and watched a video on how to get a recovery key, but I did not find this item in my management.

I have Filevault enabled in my configuration profile and I have Recovery Key Redirection enabled.

Please tell me what I need to configure so that I can watch the recovery keys just like in the video
When I enter management, I do not have an item with an Individual key

0 Kudos
Reply
7 REPLIES 7

jtrant
Valued Contributor

‎06-16-2023 06:24 AM - edited ‎06-16-2023 06:26 AM

Is FileVault enabled in the device in question? If not, Jamf won't escrow a Recovery Key. If FileVault is enabled, has the Mac inventoried since it was enabled?

Finally, FileVault Recovery Keys are listed under Inventory > Disk Encryption. The video is five years old, and I assume the UI has changed since then.

0 Kudos
Reply

komissar_test
New Contributor
In response to jtrant

Posted on ‎06-16-2023 06:37 AM

FileVault is enabled on the machine, when I go to the Inventory, I get Personal Recovery Key Validation:
Unknown and there is no individual recovery key

0 Kudos
Reply

jtrant
Valued Contributor
In response to komissar_test

‎06-16-2023 06:45 AM - edited ‎06-16-2023 06:46 AM

Create a targeted policy to issue a new FileVault Recovery key and update inventory on the Mac:
Screenshot 2023-06-16 at 9.45.03 AM.png

I have such a policy scoped to Macs with invalid recovery keys that attempts to rotate the key once a day until successful.

0 Kudos
Reply

komissar_test
New Contributor
In response to jtrant

Posted on ‎06-19-2023 02:46 AM

I have an error when i try to activate this policy

0 Kudos
Reply

howie_isaacks
Valued Contributor II

Posted on ‎06-16-2023 07:11 AM

Was this computer setup with FileVault before it was enrolled or before you setup the FileVault encryption on your Jamf Pro server? If it was already setup with FileVault, Jamf Pro won't escrow the recovery key. This computer needs to have the FileVault setup initiated through your Jamf Pro server. You can just turn off FileVault and then set it up again using the policy and profile you setup in Jamf Pro.

0 Kudos
Reply

Tribruin
Valued Contributor II
In response to howie_isaacks

Posted on ‎06-16-2023 01:12 PM

You might also want to look at this new utility:
https://netflixtechblog.com/escrow-buddy-an-open-source-tool-from-netflix-for-remediation-of-missing...

It allow you to re-escrow a FileVault key just by having the user login. 

Reply

komissar_test
New Contributor
In response to howie_isaacks

Posted on ‎06-19-2023 02:47 AM

it was activated by configuration profile after enrollment

0 Kudos
Reply