FileVault2 - Machines not showing up in Smart Group, Management Account enable policy shows complete but not really?

New Contributor

I hope someone can help me out with this. I've been trying to FileVault machines that aren't currently and also enabling the JSS management and local admin account as Filevault users. I know this topic has come up before but I can't seem to get an accurate smart group going.

So I created a Configuration Profile scoped to has "boot partition" and"not encrypted" or "decrypted" machines (smart group).

Also created a policy to enable the management account scoped to smart group that "filevault user does not have admin"

it works on test machines but not others. Also I have a machine that the status comes up as "requires restart" but is encrypted?
Also the policy to enable admin shows completed but admin is not enabled when looking at system prefs filevault tab. Does this make sense to anyone?

Machine is 10.11
JSS 9.81