Posted on 02-05-2018 04:22 PM
After our last JSS update (9.101) and upgrade to High Sierra, I started noticing that IRKs were disappearing from the JSS. Disk Encryption says IRK Validation is Unknown. FileVault2 section in Management tab shows "FileVault 2 is Not Configured". I've been using this script from homebysix: [https://github.com/homebysix/jss-filevault-reissue](link URL) and it works great.
However, I have a couple of employees who have since left and did not reissue their keys. Are these keys still somewhere in the database? If so, how can I uncover and retrieve them?
Thanks!
Posted on 02-07-2018 03:00 PM
Hey @jriv is the Escrow IRK Profile installed to the machine? This would be done with a Config Profile > Security & Privacy > FileVault. If the IRK was in the database it would be most likely hashed.
Posted on 02-07-2018 03:13 PM
@yoopersteeze Yup. It's installed. I don't remember if I read it here or on Slack of a similar situation. The person "found" the keys in the database and said that the keys were hidden. Not sure what that meant and I cannot find that thread anymore.
Posted on 02-08-2018 03:42 PM
@jriv did the mac submit inventory after the key was re-issued? You can also check if the machine actually has the key
sudo fdesetup haspersonalrecoverykey
If that reports as false, I'm pretty sure you can re-issue a key with the following command, and as long as the "Escrow Profile" is installed it will "escrow" back into Jamf Pro? Have you tried reaching out to support to see what they think?
sudo fdesetup changerecovery -personal