Jamf Nation Community

SMR1 · 2 weeks ago

We're doing some testing in our QA environment and configured all our Config Profiles to match what is in Prod. We've enrolled 4 Mac's and they show Invalid and the Recovery key is super long. I did try the github reissue filevault key, also escrowbuddy and ran the files and processes command, but neither work. When I run the reissue command and type in password and it's successful and I run a jamf recon, the recovery key validation changes to Valid, but the recovery key is still wrong and when you refresh it, it goes back to Invalid.

jamf-42 · 2 weeks ago

Ive seen this when the certificate created automatically when you create the Filevault config profile has issues. My fix was to bin the config profile and let the system create a new cert, then use FV Buddy to re-issue key.

Since we had FV Buddy setup things are a lot better with the invalid and unknown keys.

View solution in original post

RaxiaDK · 2 weeks ago

That a know issue. Then you filevault before enroll. Or server dont respont

I use ecrow buddy from Netflix to fix that

jamf-42 · 2 weeks ago

Ive seen this when the certificate created automatically when you create the Filevault config profile has issues. My fix was to bin the config profile and let the system create a new cert, then use FV Buddy to re-issue key.

Since we had FV Buddy setup things are a lot better with the invalid and unknown keys.

SMR1 · 2 weeks ago

During the enrollment after we enter our Azure logon credentials, we get the prompt to enable filevault.

SMR1 · 2 weeks ago

Turns out FV was configured in our QA environment using the key that was setup under our Prod site.

Jamf Nation Community

Personal Recovery Key Validation: Invalid