Jamf Nation Community

BigToeKnee810 · ‎11-16-2016

So I am using the Reissuing FileVault keys with the Casper Suite. Followed this to the T (except the DMG for the ICONS). I am getting the follwoing error:

Executing Policy Reissue invalid or missing FileVault recovery key
Downloading AppleCustomScriptIcon.pkg...
Downloading 

Verifying package integrity...
Installing AppleCustomScriptIcon.pkg...
Successfully installed AppleCustomScriptIcon.pkg.
Running script reissue filevault recovery key...
Script exit code: 0
Script result: Alerting user USER about incoming password prompt...
Prompting USER for their Mac password...
Successfully prompted for Mac password.
Issuing new recovery key...
**[WARNING] FileVault key was generated, but escrow did not occur.
Adding personal recovery key.**

Submitting log to https://comapny.jamfcloud.com/

Any ideas why the escrow doesn't occur? And not getting the key uploaded to my JSS?

mm2270 · ‎11-16-2016

Hi @BigToeKnee810 (interesting screen name) I haven't used the script myself, but, just curious if you've set up a Config Profile for these Macs to have FileVault Recovery Key redirection? Its toward the bottom of the payloads list when setting up a Config Profile. See image below

You need to set it to the following option:

I'm pretty sure that is a requirement to have any new keys redirected and escrowed back to the JSS, but again, I haven't really looked at the script created by homebysix to know for sure. Maybe I'm wrong, but I'd at least check into that avenue, assuming you don't already have that profile setting in place.

View solution in original post

mm2270 · ‎11-16-2016

Hi @BigToeKnee810 (interesting screen name) I haven't used the script myself, but, just curious if you've set up a Config Profile for these Macs to have FileVault Recovery Key redirection? Its toward the bottom of the payloads list when setting up a Config Profile. See image below

You need to set it to the following option:

I'm pretty sure that is a requirement to have any new keys redirected and escrowed back to the JSS, but again, I haven't really looked at the script created by homebysix to know for sure. Maybe I'm wrong, but I'd at least check into that avenue, assuming you don't already have that profile setting in place.

perrycj · ‎11-16-2016

@BigToeKnee810 Yes, what @mm2270 says is correct... you have to have that configuration profile set up like he mentioned in order for it to work and redirect the Keys back to the JSS. Otherwise, it will just fail.

perrycj · ‎11-17-2016

@BigToeKnee810 Yes, what @mm2270 says is correct... you have to have that configuration profile set up like he mentioned in order for it to work and redirect the Keys back to the JSS. Otherwise, it will just fail.

BigToeKnee810 · ‎11-17-2016

Yep that is currently enabled.

BigToeKnee810 · ‎11-17-2016

Weird. It's working this morning, just tried out of curiosity.

m3ir · ‎05-07-2017

Hi @BigToeKnee810 What os do you running it on ? I've been trying running it on latest sierra , but after the first "Next" , I get no password to type . just an error of 5 attempts .
did you change anything in the script before running it?

Script exit code: 1 Script result: /Library/Application Support/JAMF/tmp/reissue_filevault_recovery_key: line 1: ill: command not found Alerting user perfecto about incoming password prompt... Prompting perfecto for their Mac password... Prompting perfecto for their Mac password (attempt 2)... Prompting perfecto for their Mac password (attempt 3)... Prompting perfecto for their Mac password (attempt 4)... Prompting perfecto for their Mac password (attempt 5)... [ERROR] Password prompt unsuccessful after 5 attempts. Displaying "forgot password" message... Error running script: return code was 1.

Regards ,

Jamf Nation Community

Reissuing FileVault keys Issue