Meraki

Community

Issues deploying Filevault 2 to MacOS devices via Meraki Systems Manager

Solved
Jose-MK1
Here to help
‎May 31 2022 2:36 PM
‎May 31 2022 2:36 PM

Issues deploying Filevault 2 to MacOS devices via Meraki Systems Manager

Hello, I'm trying to follow this Meraki documentation to set up FileVault on all my MacOS devices, but I'm having issues.

 

https://documentation.meraki.com/SM/Profiles_and_Settings/Using_File_Vault_2 

 

I'm trying to do method 3 of having both the Institutional and Personal Recovery Keys and using Meraki for the FileVault key escrow to store Personal Recovery Keys. I was able to follow the directions to create a self-signed certificate and create a profile for it that included the FileVault Recovery Key Escrow config. I got that profile installed onto my test units. However, when I try to create the other profile to actually enable FileVault on the endpoint I keep receiving "Error: The operation couldn't be completed (CPDomainPlugin error 101.) in the Activity log for installing that profile.

 

I opened a ticket with Meraki Support, but they haven't been able to tell me why this error is occurring or how to resolve it. Has anyone else encountered this issue or implemented FileVault through the Systems Manager before here? 

Labels:
0 Kudos
1 Accepted Solution
Jose-MK1
Here to help
‎Jun 15 2022 3:54 PM
‎Jun 15 2022 3:54 PM

I was able to eventually fix this by changing the option under FileVault > Defer Settings > Maximum number of times users can by pass enabling FileVault before being required to enable it to login from -1 to 0. After I made this change the FileVault profiles installed without issue and I no longer received the CPDomain error.

View solution in original post

2 Replies 2
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎May 31 2022 6:21 PM
‎May 31 2022 6:21 PM

I know many people are moving away from institution keys, Jamf recommend against using them. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Jose-MK1
Here to help
‎Jun 15 2022 3:54 PM
‎Jun 15 2022 3:54 PM

I was able to eventually fix this by changing the option under FileVault > Defer Settings > Maximum number of times users can by pass enabling FileVault before being required to enable it to login from -1 to 0. After I made this change the FileVault profiles installed without issue and I no longer received the CPDomain error.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.