Jamf Nation Community

I'm seeing this with in an AD environment with cached accounts, where a password change for one reason is recorded in AD (and changed from the computer using System Preferences) but FileVault doesn't recognize that the password has changed, thus the passwords are out of sync. The keychain is updated with the new credentials, the locally cached account has the new credentials, the directory has the new credentials, but FV is still using the old credentials.

I'm still trying to figure out why.

Has anyone figured out why FV still using the old credentials?

@thoule This is what we've discovered as well. We're probably complicating things by using a 3rd party directory utility/mobile accounts, but that's not usually a problem for us anymore. Most of the time, if you perform a live/networked login with the updated credentials, it updates FileVault.

What OS's are you seeing this with?

We were seeing this with some 10.8.x devices, but then once we upgraded those devices to 10.9.2 they were fixed.

APPLE RECOMMENDED WAY TO TRIGGER SYNC - UPDATING NON_SYNCED FV PREBOOT PASSWORDS
touch "/System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources"

or

I FOUND THE BELOW WAY TO TRIGGER IT IN SOME CASES AS WELL
in terminal have user login with new password:
type "login username" at the prompt, then password.

We use Native AD Plugin.

What OS's are you seeing this with?

*Were; date stamps give you an idea of when, in case you're curious. It's much more reliable these days (perhaps due to Apple and/or Centrify updates since then).

Did Apple support give you the tip about that file? Seems reasonable. As for the second tip, that's about the same as thoule's recommendation (triggering an authentication).

I have this issue with Mac 10.10.4+ 10.10.3 are working fine. Have tried what you said on here still no luck.