No Popups Displayed

[manicslothpdx]

A while ago (maybe last year,) this script or a previous version of it would not show the popups when set to run via a "recurring check-in" policy in Casper. Did this issue potentially start happening again? I hadn't tried this in a while, but I just recently updated our existing policy with the newest version of the script. When I set this script to run via such a policy, I get the following logs but the user never saw the popup. The target Mac is running 10.11.6 and I followed the instructions exactly as specified:

Executing Policy SFDC Reissue FileVault Key (Check-in) Running script SFDC Reissue New FileVault Key... Script exit code: 239 Script result: Alerting user ed.cripps about incoming password prompt... 0Prompting ed.cripps for their Mac password... Prompting ed.cripps for their Mac password (attempt 2)... Prompting ed.cripps for their Mac password (attempt 3)... Prompting ed.cripps for their Mac password (attempt 4)... Prompting ed.cripps for their Mac password (attempt 5)... [ERROR] Password prompt unsuccessful after 5 attempts. Error running script: return code was 239.

[manicslothpdx]

However, just like before, if I manually call the policy via sudo jamf policy -event name_of_policy it works fine.

[manicslothpdx]

I found this previous thread from the older version of the script, but it looks to me like the new script may have regressed: https://github.com/homebysix/misc/pull/8

Also, I found this comment: https://github.com/homebysix/misc/commit/9a6cb4ccda6853b9d90840d617c86e191bb02a35

And, this comment: "Thanks to @benmartel for the "run AppleScript as current user" idea."

[manicslothpdx]

I diff'd the "fixed" version with the one currently located here, made some changes and it immediately started working. However, I may still need to assistance because now, after clicking "OK" on the first window, it appears you always get an incorrect password error as the first version of the 2nd popup. Entering the password results in success, but I can't figure out why the first of that popup says "incorrect password."

[manicslothpdx]

Following up on my last comment, the "incorrect password" popup only is displayed when the script is executed via Casper. If I copy the script to my Mac and run it manually, it successfully shows the "Enter Password" popup.

[manicslothpdx]

By the way, the only thing I had to change to your script to make it work was to line 76:

LOGO_ICNS="$(/usr/bin/osascript -e 'tell application "System Events" to return POSIX file "'"$LOGO_ICNS"'" as text')"

I think by specifying the full path to /usr/bin/osascript just once, that resolves the initial issue. I think. But, I still have no idea why the issue with the "incorrect password" is occurring. Other than customizations to the body text and links to icons, line 76 was the only change I made.

[homebysix]

Hi @manicslothpdx,

Thanks for the troubleshooting! I took your advice and added the full path to osascript to the latest version of this script. Can you try out version 1.7 and let me know how it goes? Thanks!

[m3ir]

Hi @homebysix

been trying using v1.7.1 , with no change and without using logo/icons I get the same issue , no popup and prompt of wrong password .

Script exit code: 1 Script result: /Library/Application Support/JAMF/tmp/reissue_filevault_recovery_key: line 1: ill: command not found Alerting user perfecto about incoming password prompt... Prompting perfecto for their Mac password... Prompting perfecto for their Mac password (attempt 2)... Prompting perfecto for their Mac password (attempt 3)... Prompting perfecto for their Mac password (attempt 4)... Prompting perfecto for their Mac password (attempt 5)... [ERROR] Password prompt unsuccessful after 5 attempts. Displaying "forgot password" message... Error running script: return code was 1.<

[homebysix]

Hi @m3ir,

This line tells me something's wrong:

Script result: /Library/Application Support/JAMF/tmp/reissue_filevault_recovery_key: line 1: ill: command not found

Please make sure you copied/pasted the script in its entirety to the JSS "scripts" interface. You shouldn't get any "command not found" errors if it's working correctly.

[homebysix]

@manicslothpdx Have you tried version 1.7+ recently? Interested to hear whether your original issue is solved.

[manicslothpdx]

Hmmm, sorry. I thought I posted my results. I guess not. I tried version 1.7 but not version 1.7.1. The 1.7 version worked fine for our environment. Thanks for making that change.

However, I’ll be honest. I ended up switching this process to a silent alternative called "fde-rekey" which has worked well for us too:

https://github.com/square/fde-rekey

It's a package you deploy that silently accomplishes the same thing as this script.

[m3ir]

@homebysix

I need no logo/icons , so the script copied without these lines . the script runs on computer , I get the first popup banner that explain about this script , clicking next popup to the last error banner "you made five incorrect password attempts" . seems it bypass to input user password right to the error message . I testing it on latest Sierra 10.12.4.

Running script reissue_filevault_recovery_key... Script exit code: 1 Script result: Alerting user perfecto about incoming password prompt... Prompting perfecto for their Mac password... Prompting perfecto for their Mac password (attempt 2)... Prompting perfecto for their Mac password (attempt 3)... Prompting perfecto for their Mac password (attempt 4)... Prompting perfecto for their Mac password (attempt 5)... [ERROR] Password prompt unsuccessful after 5 attempts. Displaying "forgot password" message... Error running script: return code was 1.

[homebysix]

@manicslothpdx Thanks for letting me know about fde-rekey! That's pretty nifty, and I'm testing it out myself.

@m3ir I haven't tested the script's behavior when the logo variables are removed, since the script is meant to be company-branded. If you don't want to use your company logo, I suggest using a generic FileVault icon:

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/FileVaultIcon.icns

[m3ir]

@manicslothpdx nice find! , just tested it and it works smoothly and most important silently . @homebysix I will give it a try .

Thanks you both!