Posted on 02-01-2017 10:30 AM
Just recently we've noticed an issue where accounts are not able to be added to FileVault. I have a case open with Apple at the moment, but wanted to see if anyone here had noticed this issue.
The problem happens when FileVault is already enabled for a user and you try to enable other users from System Preferences. The users password is accepted, but when you click "done" you are immediately presented this message.
I've also attempted to enable the user through Terminal to no prevail.
Solved! Go to Solution.
Posted on 02-03-2017 12:41 PM
Found the issue! BeyondTrust Powerbroker agent had enabled a Shell policy that was causing all of the problems. God help you if anyone else is running that POS agent. :)
Posted on 02-01-2017 12:36 PM
Has the disk finished encrypting fully? I believe that's the error I received when trying to add users before it had finished the entire encryption process.
Posted on 02-01-2017 01:13 PM
That was my first reaction too when the tech brought up the issue. Unfortunately, it doesn't seem to be that easy. It appears that the drive is fully encrypted and there seems to be no issue with the user that's currently able to unlock the drive.
I am starting to notice that this only seems to be an issue on the new TouchBar Macs.
Posted on 02-01-2017 01:20 PM
Maybe related, maybe not at all, but twice now I've seen a Touch Bar MacBook Pro fail to boot after turning on FileVault via Self Service, showing the prohibitory symbol instead about half way through startup. I wasn't able to decipher the output from Verbose Mode, but in both cases a reimage was needed. Other Touch Bar MBPs are encrypting without issue.
Posted on 02-03-2017 12:41 PM
Found the issue! BeyondTrust Powerbroker agent had enabled a Shell policy that was causing all of the problems. God help you if anyone else is running that POS agent. :)
Posted on 02-23-2017 07:32 AM
I've had two Mac Mini's (older versions) that have now experienced this issue. I noticed in the JSS it does not show our admin account as a FV enabled user, even though the policy says so.