After our last JSS update (9.101) and upgrade to High Sierra, I started noticing that IRKs were disappearing from the JSS. Disk Encryption says IRK Validation is Unknown. FileVault2 section in Management tab shows "FileVault 2 is Not Configured". I've been using this script from homebysix: [https://github.com/homebysix/jss-filevault-reissue](link URL) and it works great.
However, I have a couple of employees who have since left and did not reissue their keys. Are these keys still somewhere in the database? If so, how can I uncover and retrieve them?
@jriv did the mac submit inventory after the key was re-issued? You can also check if the machine actually has the key
sudo fdesetup haspersonalrecoverykey
If that reports as false, I'm pretty sure you can re-issue a key with the following command, and as long as the "Escrow Profile" is installed it will "escrow" back into Jamf Pro? Have you tried reaching out to support to see what they think?
sudo fdesetup changerecovery -personal