Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 5848 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SafeGuard Server v 7 & importing existing FileVault2 keys - where are they stored?

JohnWood

I have a lot of already encrypted FV2 Macs in my environment and many keys are imported to SafeGuard with sgdeadmin.

The import process says successful, and the macs say "The system disk is encrypted and a centrally stored recovery key is available" in the Disk Encryption tab of the control panel. So I have two levels of verification on my endpoints.

Where are these keys stored as I cannot find them in the SafeGuard Management Center.

Also when I attempt recovery, with one of the macs (for test) it says "Missing POA or key information. Please check computer's inventory."

Please note that in many cases, decrypting the drive , reinstalling Safeguard and re-encrypting is NOT an option as I have many remote users. 

Thanks!



This thread was automatically locked due to age.
  • 0
    Hi JohnWood,

    Try this:

    You need to check and clean up all plist files from the Mac client.

    1. Run the Mac Terminal tool by using a Mac admin user account.

    2. Make sure that you are navigating to the root folder.

    3. Use the following command to check if there are some pending files with the following command:

    "open var/spool/sg/bad"

    4. If there are some *.plist files, please delete all of them.

    5. Change the directory from subfolder "bad" to "out".

    6. Run the synchronization, once, between the SGN Mac client and the SGN backend.
    You will see some *.plist files being created and after a few seconds they disappear.
    The folder should now be empty.

    7. Close the Terminal and the Finder, which is pointing to the "out" folder.

    8. Open System Preferences and create a new local Mac user account.

    9. Make sure that the network connection between the SGN Mac Client and the SGN backend works.

    9. Log out and log back in with the new Mac user account.
    Wait few seconds so that the new user profile build tasks have been completed.

    10. Open the SafeGuard Encryption app inside System Preferences.

    11. Check that the last server contact was only a few seconds ago and that it matches the timestamp in the latest user log.

    12. You should now be able to see the new user in the SGN MC (F5).

    After this, you should be able to perform a C/R for this Mac machine.

    You also have the option to delete the new Mac user as well.

    Thanks

    PaulD
Unfiltered HTML