Issuing a Personal Recovery Key rotate command to macOS High Sierra through MDM fails with the below error. According to Documentation, it's available from macOS 10.9+.
Sample Error Response:
Command Sent to the device:
We have ensured that the Personal Recovery Key sent in Command under the key name 'Password' is Correct. The Command works fine in macOS Catalina and macOS BigSur.
Also, Apple has not documented possible error code sent as a response to issuing this command to devices.
Sample Error Response:
Code Block ** <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>RotateFileVaultKey</string> <key>ErrorChain</key> <array> <dict> <key>ErrorCode</key> <integer>34</integer> <key>ErrorDomain</key> <string>NSTaskExitCode</string> <key>LocalizedDescription</key> <string>The operation couldn’t be completed. (NSTaskExitCode error 34.)</string> </dict> </array> <key>Status</key> <string>Error</string> <key>UDID</key> <string>XXXX-XXXX-XXXX-XXXX-XXXX</string> </dict> </plist>
Command Sent to the device:
Code Block <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CommandUUID</key> <string>RotateFileVaultKey</string> <key>Command</key> <dict> <key>RequestType</key> <string>RotateFileVaultKey</string> <key>KeyType</key> <string>personal</string> <key>ReplyEncryptionCertificate</key> <string>********</string> <key>FileVaultUnlock</key> <dict> <key>Password</key> <string>XXXX-XXXX-XXXX-XXXX-XXXX</string> </dict> </dict> </dict> </plist>
We have ensured that the Personal Recovery Key sent in Command under the key name 'Password' is Correct. The Command works fine in macOS Catalina and macOS BigSur.
Also, Apple has not documented possible error code sent as a response to issuing this command to devices.