Help

Retrieve Individual Recovery Key when it becomes Unknown

jriv
New Contributor III

Posted on ‎02-05-2018 04:22 PM

After our last JSS update (9.101) and upgrade to High Sierra, I started noticing that IRKs were disappearing from the JSS. Disk Encryption says IRK Validation is Unknown. FileVault2 section in Management tab shows "FileVault 2 is Not Configured". I've been using this script from homebysix: [https://github.com/homebysix/jss-filevault-reissue](link URL) and it works great.

However, I have a couple of employees who have since left and did not reissue their keys. Are these keys still somewhere in the database? If so, how can I uncover and retrieve them?

Thanks!

98cf4f9a32ec4b2fa226a67b911d05dc
10dd2639541d44cd8e2db34a99489918

0 Kudos
3 REPLIES 3

yoopersteeze
New Contributor II

Posted on ‎02-07-2018 03:00 PM

Hey @jriv is the Escrow IRK Profile installed to the machine? This would be done with a Config Profile > Security & Privacy > FileVault. If the IRK was in the database it would be most likely hashed.

0 Kudos

jriv
New Contributor III

Posted on ‎02-07-2018 03:13 PM

@yoopersteeze Yup. It's installed. I don't remember if I read it here or on Slack of a similar situation. The person "found" the keys in the database and said that the keys were hidden. Not sure what that meant and I cannot find that thread anymore.

0 Kudos

yoopersteeze
New Contributor II

Posted on ‎02-08-2018 03:42 PM

@jriv did the mac submit inventory after the key was re-issued? You can also check if the machine actually has the key

sudo fdesetup haspersonalrecoverykey

If that reports as false, I'm pretty sure you can re-issue a key with the following command, and as long as the "Escrow Profile" is installed it will "escrow" back into Jamf Pro? Have you tried reaching out to support to see what they think?

sudo fdesetup changerecovery -personal