FileVault Issue

New Contributor III

Hi All,

Wondering if anyone has any suggestions re. an issue I am seeing with filevault (which is fully encrypted) on a 10.13.3 iMac as follows;

No key resides on JamF and its showing as "FileVault 2 is Not Configured"

Recreating the individual key with the JamF script makes no difference although this script does work as its successfully recreated keys in the past.

If I try and add any users to FileVault to unlock the disk I see the error "Error adding users to FileVault unknown error"

If I run the sysadminctl util it states that the user doesn't have a secure token (the local admin account does however), if I attempt to create a token for the user I get an error similar to "NSLocalizedFailureReason=Credentials could not be verified, username or password is invalid."

If I try remove FileVault I get the message "FileVault was not disabled (-69595)"

Any ideas? I would rather not rebuild if I don't have to.



New Contributor

Hey, just a question, first have you ensured you set the Escrow option I the payload to redirect key to your Jamf server? Tis is required going forward with 10.13.3. Basic redirect function only wrks with 10.2 machines or older..See image below:


New Contributor III

Hi, yes, thats all set and the other Macs are fine, again on 10.13.*

New Contributor III

Well upgrading to 10.13.4 sorted enabling additional users but still no key is sent back to JSS!

New Contributor III

Does your configuration Profile have the required certificates included? Working with JAMF I had to add the following Certs to the Profile:
Institutional Key 1-2018
JSS FileVault Recovery Key Escrow Certificate
JSS FileVault Recovery Key Redirection Certificate

New Contributor III


Can I chime in with what's probably a noob question, What's the difference between enabling FV via policy VS configuration profile. So far I've only used it via policy.


New Contributor III

I just have "Enable Escrow Personal Recovery Key" as it was my understanding that was what was needed for 10.13.*