Exit Error Code 99 Issue.

homebysix / jss-filevault-reissue

A framework for re-escrowing missing or invalid FileVault keys with Jamf Pro.

Apache License 2.0

186 stars 56 forks source link

Exit Error Code 99 Issue. #58

Closed charlespineda closed 1 year ago

charlespineda commented 1 year ago

Summary

@homebysix I mass deployed the script to a large group of employees who are coming from a previous MDM after testing with a group of 40 users most of them completed successfully. Deploying to the rest of the required computers many of them exited with exit code 99 and I am unable to understand what this means at this time. Any assistance would be appreciated.

Steps to Reproduce

Steps to reproduce the behavior.

Expected/Desired Behavior

to escrow and complete successfully A clear and concise description of what you expected to happen.

Screenshots

Versions

reissue_filevault_recovery_key.sh version: Latest version
macOS version: 10.13 and up

Additional Information

Any other context you'd like to share.

homebysix commented 1 year ago

According to this page, that's a pretty generic "internal error."

What happens if you manually run sudo fdesetup changerecovery -personal on an affected Mac?

charlespineda commented 1 year ago

fdesetup: do not return recovery key
fdesetup: use personal recovery key
fdesetup: device path = /
Enter the user name: `user`
Enter the password for user 'user':
Error: Unable to change key.
Error: User could not be authenticated.
Error: Unable to unlock or authenticate to FileVault.

mpermann commented 1 year ago

Do the user trying to run the command have a secure token?

charlespineda commented 1 year ago

Yes all of them do but I am noticing underlying issues here since these machines use MOBILE profiles a lot of them and I would say majority of them have sync issues and are using two separate passwords to login to their machines.

mpermann commented 1 year ago

I have no experience with bound machines using mobile profiles. Apple recommends against those anymore. If people have to enter two passwords to get into their computers then you defined have password sync issues which could explain why the FileVault re-keying is failing. You need to get the passwords back in sync.

charlespineda commented 1 year ago

Correct, I am working through some to confirm that is the case.

charlespineda commented 1 year ago

Confirmed that after syncing the MOBILE profile passwords and pushing out the Script again it worked fine.

homebysix commented 1 year ago

Glad to hear it!