Jamf Nation Community

Having the same problem. This is a pretty serious thing for my company since we rely on that for trusted mobile devices having access to the VPN. This needs to be fixed soon

Same issue in 9.6 as well for 10.10 Macs. Workstations with FileVault 2 deployed with the JSS that have been upgraded from OS X 10.9 to OS X 10.10 show FileVault 2 status as Encrypted, but FileVault 2 under management shows not configured and the recovery key is inaccessible via the GUI.

I decrypted and encrypted again in 10.10 using the JSS in case this was a problem with the upgrade process, no effect.

Submitting this as a bug!

Known bug, should be fixed soon (from my account manager):
This is actually a known defect (D-007885) and a fix is tentatively planned for our next release.

I'm having the same problem and it is very serious because we restrict software based on this. If they are not encrypted, then they don't get to use a lot of things. I do see something in the inventory under Storage that says FileVault 2 State. This used to be FileVault 2 Status, I believe. Anyway all of my computers are showing as not encrypted using FileVault 2 Status. There is not a search criteria for FileVault 2 State. I did find something called 'FileVault 2 Partition Encryption State' with search values or 'Encrypted', Encrytping, Decrypted, etc. I am now using this to search and criteria for Smart Groups. Looks to be working.

Does anybody have any estimates on when this update will be released? I finally got something from Jamf to the effect of "we hope by the end of the month". Is that what everybody else is hearing?

We are seeing this on our 10.10 test machines with JSS 9.61 as well: "FileVault 2 Status" not working as well as some machines upgraded from 10.9.5 to 10.10 losing their FV2 recovery keys in the JSS. Fortunately using the built in "re-issue recovery key" tool in a policy works well as long as our local admin user is a FV2 user. I have it set to automatically run on any eligible 10.10 machines automatically (we are blocking 10.10 aside from test units). JSS 9.62 can't come soon enough!!

Anyone else still seeing this? We're getting this issue more and more, and we're not sure if there's a fix out there. Even if you have the local admin as a FV2 user (we don't for security reasons), that doesn't change the fact that the issue is happening.

This has been patched since 9.63 I believe. Running 9.65, recommend it so far. Don't run 9.64 that was a pile of puke.

We were able to regenerate and escrow all the keys easily using the built-in features. Naturally you're mileage may vary, but probably better to upgrade and try than to not have them.

Cheers!

We're on 9.63 right now and still seeing it. We've put in a call to our guy at JAMF to double check what's going on. But we do have some catching up to do on the server upgrade. Thanks for the warning on .64!

I've checked the release notes of every version from 9.64 to 9.72 and that defect number D-007885 doesn't appear (according to Acrobat "find") :-(

Anyone attest that, regardless, the problem has been fixed?

Spent a day decrypting/re-encrypting a 10.10 device to no effect. sometimes it would fail to provide a valid individual key (which I think is what causes the OP issue) sometimes I would get a reported individual key BUT it wouldn't work (!)

BTW, is it standard that on Yosemite the "log out to authenticate" thing doesn't work - you have to restart?

(As a workaround I have successfully used an "issue new recovery key" policy on those 10.10 machines with "Individual Recovery Key Validation:Invalid". I checked the new keys with fdesetup validate recovery)

BTW, may not be relevant, but I've found this in the 9.62 doc…

[D-007823] Policies configured to require users to enable FileVault 2 in a disk encryption payload fail to do so on a computer with OS X v10.10.

and its still there in the 9.72 docs under

The following issues are a result of bugs in third-party software. Defects have been filed for these bugs and are awaiting resolution