This week I have run a macOS 10.13 Support Essentials Course. As part of the course, we cover security features of macOS and especially FileVault. Now during the exercise for this lesson, I encountered a problem that did not allow us to set up FileVault.
Below is the error:
To set the device layout in context, we had 8 MacBook Pro (13 "mid 2012) and a lonely MacBook Pro (13" late 2011) were all depicted using DeployStudio and the same image – an image that has also been used repeatedly without any problems.
This error message appeared on only six of the devices, including late 2011 Mac. Of course, I have investigated this error message and found Apple Support Article HT208171. According to the article, this error is due to the use of mobile accounts that are fun, considering that we do not use a directory service. The resolution of this error was logged in as another admin and turned on FileVault. Unfortunately, I was the only administrator on the device.
Now for the resolution!
In 10.13 FileVault authentication for FileVault encrypted volumes requires a user to have a secure token. This Secure Token should be added to the first Admin account created under Setup Assistant, which was unfortunately the account I used. I remembered reading an article by Rich Trouton on his derflounder blog about this new FileVault authentication system.
Using the sysadminctl command I checked if the security setting was applied to my setup assistant created Admin account.
The local administrator had the secure token disabled. I tried to enable it using the command below:
This gave me the following errors:
I decided to check if any of the default users had enabled security code and low and see one of them did. Using System Preferences> Users and Groups I made the user an admin
At restart, this enabled me to enable FileVault and finally continue the course! When I had an administrator with the security key, I also allowed to activate the security code for other users.
How this actually happened is a wonder, but hopefully this will help solve the problem for others in the future.
If you & # 39; Become an IT-professional supportive Mac in your company or educational institution, so take a look at our training options. MacOS Support Essentials is Apple Certified Course to Support Users.