Help

Creating local FileVault enabled account does not work on Mojave.

mnickels
New Contributor III

Posted on ‎10-24-2018 11:51 AM

Running JAMF 10.7.1. I have a policy that has the local accounts payload configured as follows:
Create New Account
Username: FileVaultTest
Full Name: FileVaultTest
Password: [Hidden]
Home Directory Location /Users/FileVaultTest/
Allow user to administrer computer: yes
Enable user for FileVault 2: yes

This worked fine in High Sierra, but on Mojave the logs state:
Creating user FileVaultTest...
Adding user FileVaultTest to filevault
Error: Added users failed error.
Error adding user to FileVault: Added users failed error.

I cannot find any additional information in /var/log/system.log or in the jamf log file. We use personal recovery keys and they are escrowed in Jamf. The purpose of this is to create a local account for IT that can unlock FileVault on the Mac.

Could someone confirm if this is an issue for them on Mojave as well? Any ideas where I can find more information on this error?

Reply
5 REPLIES 5

dorellano
New Contributor III

Posted on ‎11-28-2018 03:37 PM

Did you ever figure this out ? Having the same issue.

0 Kudos
Reply

therealmacjeezy
New Contributor III

Posted on ‎11-29-2018 04:38 AM

What happens when you check the securetoken status for your management account and your fvtest account?

sysadminctl -secureTokenStatus <username> I believe is the command to check.

"Saying 'uhh..' is the human equivalent to buffering."
0 Kudos
Reply

dorellano
New Contributor III

Posted on ‎11-29-2018 08:06 AM

It's reporting as enabled. Weird thing is our workflow works fine on 10.13.x and filevault encrypts.

just discovered that it doesn't enable FileVault on 10.14.1 even though we click enable now when prompted.

0 Kudos
Reply

Sanchi
Contributor

Posted on ‎05-22-2019 07:02 AM

I'm having this issue with Mojave 10.14.5. In my case if the user account is created by the macOS login window I get the built-in prompter's to enable Secure Token for that user. User appears at the FileVault window as normal.

If I create the account using NoMAD Login AD, and then manually "enable" the user for FileVault using the Sys Preferences > Security > FileVault button, when I reboot the user does not appear at the FileVault window. sysadminctl reports secure token is enabled in both cases. Very frustrating this.

0 Kudos
Reply

Sanchi
Contributor

Posted on ‎05-22-2019 09:31 AM

I think I've solved my flavour of the issue by using this terminal command:

#!/bin/sh

diskutil apfs updatePreboot / > /dev/null

Once I ran that, my account now shows up at the FV login screen.

0 Kudos
Reply