Error Adding Users to FileVault

nwiseman
Contributor

Just recently we've noticed an issue where accounts are not able to be added to FileVault. I have a case open with Apple at the moment, but wanted to see if anyone here had noticed this issue.

The problem happens when FileVault is already enabled for a user and you try to enable other users from System Preferences. The users password is accepted, but when you click "done" you are immediately presented this message.

12273ec6703e4808a7df7c0b8698cf5c

I've also attempted to enable the user through Terminal to no prevail.

1 ACCEPTED SOLUTION

nwiseman
Contributor

Found the issue! BeyondTrust Powerbroker agent had enabled a Shell policy that was causing all of the problems. God help you if anyone else is running that POS agent. :)

View solution in original post

5 REPLIES 5

kendalljjohnson
Contributor II

Has the disk finished encrypting fully? I believe that's the error I received when trying to add users before it had finished the entire encryption process.

nwiseman
Contributor

That was my first reaction too when the tech brought up the issue. Unfortunately, it doesn't seem to be that easy. It appears that the drive is fully encrypted and there seems to be no issue with the user that's currently able to unlock the drive.

I am starting to notice that this only seems to be an issue on the new TouchBar Macs.

dferrara
Contributor II

Maybe related, maybe not at all, but twice now I've seen a Touch Bar MacBook Pro fail to boot after turning on FileVault via Self Service, showing the prohibitory symbol instead about half way through startup. I wasn't able to decipher the output from Verbose Mode, but in both cases a reimage was needed. Other Touch Bar MBPs are encrypting without issue.

nwiseman
Contributor

Found the issue! BeyondTrust Powerbroker agent had enabled a Shell policy that was causing all of the problems. God help you if anyone else is running that POS agent. :)

Pacers31Colts18
New Contributor

I've had two Mac Mini's (older versions) that have now experienced this issue. I noticed in the JSS it does not show our admin account as a FV enabled user, even though the policy says so.