R2u File Decrypt
Mohammed Huberty
Test machines is Sonoma 14.2. The machine seems to set up fine but doesn't get a machine certificate from my ADCS connector. The WiFi payload which would normally deliver it - gives 'unable to decrypt profile'
Just a point of clarification: you mean the ADCS server itself needs to be bound--not the Jamf-managed Mac endpoints, correct? Because isn't that the whole point of ADCS--to be able to deliver certs to unbound, but managed, devices?
It could be that if it is, the LB is intercepting the conneciton and breaking the MTLS auth - the traffic needs to be allowed through without any inspection or altering of the connection in anyway, else the MTLS breaks. (As per my understanding, I'm not a network engineer so very basic understanding!)
Do you see 403 errors in the logs on your ADCS server?
If you do, then it could suggest that Jamf Cloud can connect to the ADCS Connector server, else how would it know to attempt to retrieve a cert, and then get an error back?
We are also having problems. We have asked our network team to setup a NAT rule in the firewall to allow the Jamf Pro IP addresses to be allowed on our ADCS server but still getting 'Unable to decrypt' error after they made the change.
Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.
This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.
Hi - by high number I mean it is happening frequently, but not all the time. So, it's not a general decryption issue but I'm having a hard time isolating it to any specific client or webserver behind the PA.
I updated my zoom last year in November I think. Soon after that on my group chats people's messages were coming through as "Cannot decrypt message". It progressively got worse across more and more of the members. across my team. I could read it on my mobile, but today I started to receive the same message on my mobile. In the interim i have uninstalled zoom and reinstalled but the problem persists. Does anyone have a solution for this?
Hi @ShaunDJ when using advanced chat encryption, there may be situations where a sent message cannot be decrypted and viewed. This is often due to both users not being connected at the same time and thus being unable to share the key that is used to decrypt the message. As soon as both users are online, the key will be automatically shared between them, and the message decrypted.
If a message is sent and the user clears their chat messages or uninstalls the Zoom client before the message is decrypted and viewed, then the key that was used to encrypt the message(s) is lost and cannot be recovered. This means that the sent message cannot be decrypted, as the key to do so no longer exists on either device.
Thanks for your response. The problem is that we are both currently online and we will send a message in a live chat to each other it still happens. In the example below we were all online at the same time. The people whose messages were encrypted could not read the messages from from the other people.
This is often due to both users not being connected at the same time and thus unable to share the key that is used to decrypt the message. As soon as both users are online, the key will be automatically shared between them and the message decrypted.
Thank you for your response. this is happening while both parties are online. It started with just me. This happened son after a zoom update. The rest of my company (about 30 people) did not have the issue. From about November the same thing was happening to people across my company. We at a point where zoom is not working for us and we currently creating chat groups on WhatsApp. Crazy.
It can be done. The encryption key is stored in a block near the end of the raw disk (raw = not in the enclosure). That key is encrypted, based on your password, or if none is used, on a factory-set key. Here is a paper that describes the setup:
I just want to say that Thomas saved my precious data. He helped me to decrypt my WD My book via email. He spent hours helping a noob like me doing all of this in Ubuntu. I have never used any version of Linux before, so I must say it was very interesting. My drive had a Symwave chip and it worked. The first sector was also corrupt so he helped me with that aswell. I sent my first e/mail at 1 PM and it was solved at 1 AM. So I must say he was fast and very professional. He did it completely free of charge to. Amazing! Thanks Thomas!
I want to say to everyone that Thomas Kaeding helped me save all the data from a friends hard drive. It was a MyBook Essential 2TB USB3.0, model number wdbacw0020hbk-00. The USB-to-SATA board fried and did not start the disc, nor it got recognized by the computer. I testes with different power supply and USB cable and nothing worked. This board has a Symwave SW6316 chipset which applies hardware encryption of AES-256 to all data. After a few minutes of sending the disc blocks containing the key to Thomas, he was able to point me with the unscrambled key and how to use it in Linux (I used Ubuntu Mate).
This guy deserves to be contracted by WD and receive big money from them. WD should provide a tool, made by this guy, to help all the people solve this problem in the event of a failed external case. This is a well known problem and many people loose invaluable data because of this problem. If this only works in Linux, at least WD should provide a virtual machine made from this guy, so that people can retrieve their data. After that, the drive can be formatted and used without encryption, in a typical USB-to-SATA external case.
How can I determine the enclosure model if it has since been lost and I only have the drive?
This is a 500 GB WD Caviar GP WD5000AAVS - Can you tell me which model I will need to get?
The link does not provide this information.
All I see is how to put files on Sandisk Secure Access but nowhere does it say how you decrypt and get them off again so they will be just like the original you put on there. Can anyone help? Nothing aboiut this in the startup guide.
My problem I think is similar to those already mentioned. When I copy files into SecureAccess 2.0 vault there is no problem but when I try to pull a file out of the vault, my file is an Excel spreadshet it fails. It fails in a particular manner, inside the vault my file is 14 kb in size but when I copy or move this file out of the vault the size shrinks to 2 kb and I receive this error message:
I had the same problem but was able to get through it by doing a drag and drop. The trick was to drag the file over to where you are pasting and continue holding the right mouse button until the cursor turns into what looks like a folder (sort of) and then release. It wouldnt decrypt and move the file without the holding of the button. Hope this helps.
Generally, some people never keep their stick plugged in, especially online. Rather, they keep it hidden in a secretive place depending on the level of sensitivity, and may not encrypt the data at all. On the other hand, if the stick is carried about with the possibility of being lost or stolen, or contains serious documentation, then it would be wise to do both, i.e., encrypting and enshrouding the device beyond detection of its presence. In extreme cases, you can encrypt at least one character of your password by using a foreign letter you cannot type. But, the ability to remove the flash-drive is well enough for common security.
As for the lost files, something may have gone wrong during the encryption process. Perhaps, cutting these files from the vault folder and temporally pasting them elsewhere, then reverse the action by cutting and pasting back into the vault may work. Do this procedure without logging in. Normally, I usually leave a copy of an unencrypted file before encryption. If OK, I then overwrite (not delete as nothing is truly deleted) the original with a blank file which can be used for other data later on. Hope all of this helps.
BTW, I mentioned encrypting passwords with a letter that cannot be typed. This means with the use of standard fonts enter a key-code. When you look at a character map each block with a letter outside the normal keyboard has a code. Some blocks are empty but have a code. For example: in a situation where you cannot separate two words with a space, you can enter a blank character (no-break-space): abbybritton would be entered, abby Alt+0160 britton = abby britton. But, look on the bright side. Testing the encryption first before you dismiss the original is a good idea. And in a truly severe case, I still transfer data to a disk only I know of its whereabouts. Good Luck!
I want to export my data/profile, but do so without any encryption. I am wondering if it is possible to turn off encryption once you have enabled it, and if so how to actually get the notes decrypted. [I have access to the app, and can read the notes, but I do not remember the old password].
How do I force it to decrypt the entire saved database, so that if I manually copy that it is in plain text. Do I just have to do a new sync? Or do I have to set up an entirely new sync target (new folder) so that it can make an unencrypted copy?
If you can SEE the notes, they are decrypted. If you add a note, especially a larger one and then do a sync on a mobile device you will actually see the brief DECRYPTING message flash by. Once it's decrypted and stored locally you can make your changes.
c80f0f1006