Recovery Partition not being reported?

JoySeeley
New Contributor III

Hello all!

Newbie here and I am tackling the recovery partitions with High Sierra and Mojave. I have a question.

I have Macintoshes running High Sierra and Mojave and when I do the diskutil list, it shows all of them having a recovery partition, with the exact same disk name (/dev/disk1s3) yet Jamf is stating that half of them don't have one and will fail if I try to kick off File Vault on them. Yet, I can go to the machine itself, and go to system preferences and it will start up File Vault, without issue.

I can also boot to the recovery partition. Am I missing something??

Thank you in advanced,
Joy

9 REPLIES 9

sdagley
Esteemed Contributor II

@JoySeeley What version of Jamf Pro are you running? If not for your comment about "Jamf is stating half of them" I'd guess you have an older version that isn't APFS aware.

JoySeeley
New Contributor III

I am running 10.8 as we are just getting up and running on it so it is a brand new install.

The disk encryption for the Macs that Jamf is stating don't have a recovery partition, is working, so I'm not sure why they are reporting they don't have a recovery partition. The keys are being stored on the server, so I guess it's working...

anpender
New Contributor

I am on Jamf 10.7.1 and my Mojave machines all report ineligible for encryption due to no recovery partition, even the ones that are already encrypted. I would blame APFS but the same problem does not appear on High Sierra APFS systems. I was thinking I would do the 10.8 upgrade and that would probably address it, but sounds like that may not do the trick.

daniel_hayden
New Contributor III

I too am seeing this on 10.8

JoySeeley
New Contributor III

I'm glad to know I am not alone!! Now if we can find the solution.

dwilks_
New Contributor

I know this is a relatively old post, but I thought I would share my experience. Our machines on 10.13 and 10.14 in APFS format were not showing that a recovery volume / partition was present.

Like you, I ran a diskutil list and saw that /dev/disk1s3 was there as the Recovery Volume. I don't think the JSS is able to detect it or that particular portion of the machine inventory isn't getting granular with the available volumes in the container. Regardless, I decided to run a diskutil mount /dev/disk1s3 and then ran a recon. The JSS detected that the recovery volume was present. I've done this successfully with several machines showing the same behavior.

Why this happens, I don't know. But at least there's a bit of a workaround to get consistent reporting.

Hope this helps!

Headbolt
New Contributor II

I have an Extension Attribute Script, that i use to report on the presence of a Recovery Partition.

Feel free to use it, you can find it here if you wish to download it.

I will post it below as well.

#!/bin/bash
#
###############################################################################################################################################
#
#   This Script is designed for use in JAMF as an Extension Attribute
#
#   - This script will ...
#       Look at the Machines OS Version and use it to check in the correct
#   location for a Recovery Partition
#
###############################################################################################################################################
#
# HISTORY
#
#   Version: 1.2 - 04/11/2019
#
#   - 14/10/2018 - V1.0 - Created by Headbolt
#
#   - 01/04/2019 - V1.1 - Updated by Headbolt
#               Updated for Mojave
#   - 04/11/2019 - V1.2 - Updated by Headbolt
#               Updated for Catalina and later by checking for the 
#               crossover points rather than individual OS Versions
#
###############################################################################################################################################
#
OS_ver=$(sw_vers | grep ProductVersion | cut -c 17-) # Get the OS we're on
MajorVer=$(/bin/echo "$OS_ver" | awk -F. '{ print $1; }') # Split Out Major Version
MinorVer=$(/bin/echo "$OS_ver" | awk -F. '{ print $2; }') # Split Out Minor Version
PatchVer=$(/bin/echo "$OS_ver" | awk -F. '{ print $3; }') # Split Out Patch Version
#
if [[ "${MinorVer}" -lt 12 ]] # Check Minor Version is Sierra or Lower
    then
        disk=0 # If Sierra or Lower we need to look at Disk 0
    else
        disk=1 # If High Sierra or Higher we need to look at Disk 1
fi
#
# Check for Relevant Recovery Partition
recoveryHDPresent=$(/usr/sbin/diskutil list | grep "Recovery" | grep $disk) 
#
if [ "$recoveryHDPresent" != "" ] # Check and Output presence of Recovery Partition
    then
        /bin/echo "<result>Present</result>"
    else
        /bin/echo "<result>Not Present</result>"
fi

stevenjklein
Contributor II

For what it's worth, I found this discussion because I noticed the same problem.

All of our Macs:

  • Are formatted APFS, and
  • Are running Catalina

Most of them are encrypted using a config profile. But even some of those don't show the recovery partition.

stevenjklein
Contributor II

@Headbolt : Why does it matter if the Recovery partition is on 1 or 2?

Won't this always find it, no matter which disk it's on?

diskutil list | grep Recovery

I just tested it on my work Mac (2019 MBP running Catalina) and my personal Mac (2009 MPB running El Capitan) and it worked for both.

What am I missing here?