Posted on 10-29-2014 07:18 AM
any else having this issue? Machines that i'm upgrading to 10.10 and encrypting are no longer visible in our filevault 2 status smart group. did something change in how it reports? this is machines that were encrypted already, and machines that i'm encrypting that were not encrypted prior to upgrading.
Posted on 10-29-2014 07:25 AM
I have an Extension Attribute available that may help here. I recently tested it and verified that it works with Yosemite:
Posted on 10-29-2014 07:35 AM
Having the same problem. This is a pretty serious thing for my company since we rely on that for trusted mobile devices having access to the VPN. This needs to be fixed soon
Posted on 10-29-2014 07:59 AM
Same issue in 9.6 as well for 10.10 Macs. Workstations with FileVault 2 deployed with the JSS that have been upgraded from OS X 10.9 to OS X 10.10 show FileVault 2 status as Encrypted, but FileVault 2 under management shows not configured and the recovery key is inaccessible via the GUI.
I decrypted and encrypted again in 10.10 using the JSS in case this was a problem with the upgrade process, no effect.
Submitting this as a bug!
Posted on 10-29-2014 09:09 AM
Known bug, should be fixed soon (from my account manager):
This is actually a known defect (D-007885) and a fix is tentatively planned for our next release.
Posted on 10-31-2014 01:15 PM
I'm having the same problem and it is very serious because we restrict software based on this. If they are not encrypted, then they don't get to use a lot of things. I do see something in the inventory under Storage that says FileVault 2 State. This used to be FileVault 2 Status, I believe. Anyway all of my computers are showing as not encrypted using FileVault 2 Status. There is not a search criteria for FileVault 2 State. I did find something called 'FileVault 2 Partition Encryption State' with search values or 'Encrypted', Encrytping, Decrypted, etc. I am now using this to search and criteria for Smart Groups. Looks to be working.
Posted on 11-14-2014 01:22 PM
Does anybody have any estimates on when this update will be released? I finally got something from Jamf to the effect of "we hope by the end of the month". Is that what everybody else is hearing?
Posted on 11-18-2014 12:59 PM
We are seeing this on our 10.10 test machines with JSS 9.61 as well: "FileVault 2 Status" not working as well as some machines upgraded from 10.9.5 to 10.10 losing their FV2 recovery keys in the JSS. Fortunately using the built in "re-issue recovery key" tool in a policy works well as long as our local admin user is a FV2 user. I have it set to automatically run on any eligible 10.10 machines automatically (we are blocking 10.10 aside from test units). JSS 9.62 can't come soon enough!!
Posted on 03-06-2015 02:01 PM
Anyone else still seeing this? We're getting this issue more and more, and we're not sure if there's a fix out there. Even if you have the local admin as a FV2 user (we don't for security reasons), that doesn't change the fact that the issue is happening.
Posted on 03-06-2015 02:28 PM
This has been patched since 9.63 I believe. Running 9.65, recommend it so far. Don't run 9.64 that was a pile of puke.
We were able to regenerate and escrow all the keys easily using the built-in features. Naturally you're mileage may vary, but probably better to upgrade and try than to not have them.
Cheers!
Posted on 03-06-2015 02:40 PM
We're on 9.63 right now and still seeing it. We've put in a call to our guy at JAMF to double check what's going on. But we do have some catching up to do on the server upgrade. Thanks for the warning on .64!
Posted on 09-08-2015 02:16 AM
I've checked the release notes of every version from 9.64 to 9.72 and that defect number D-007885 doesn't appear (according to Acrobat "find") :-(
Anyone attest that, regardless, the problem has been fixed?
Spent a day decrypting/re-encrypting a 10.10 device to no effect. sometimes it would fail to provide a valid individual key (which I think is what causes the OP issue) sometimes I would get a reported individual key BUT it wouldn't work (!)
BTW, is it standard that on Yosemite the "log out to authenticate" thing doesn't work - you have to restart?
Posted on 09-08-2015 02:44 AM
(As a workaround I have successfully used an "issue new recovery key" policy on those 10.10 machines with "Individual Recovery Key Validation:Invalid". I checked the new keys with fdesetup validate recovery)
BTW, may not be relevant, but I've found this in the 9.62 doc…
[D-007823] Policies configured to require users to enable FileVault 2 in a disk encryption payload fail to do so on a computer with OS X v10.10.
and its still there in the 9.72 docs under
The following issues are a result of bugs in third-party software. Defects have been filed for these bugs and are awaiting resolution