Issue with FV-enabled local admin not showing up after upgrade to High Sierra

carlo_anselmi
Contributor III

Hello
I am testing inplace upgrade from Sierra (10.12) to High Sierra (10.13) using a test computer with a local admin and a mobile network user (bound to AD) with FV enabled
Both users show up at startup, can unlock the disk and automatically login in Sierra but - once updated to High Sierra - only the mobile account is visible at login window (that is able to unlock the disk and startup)
I have found some other old threads where the AD account was the one missing from unlocking FV at startup, not the local admin
The weird thing is the mobile account user still appears within the list of users that can be enabled in System Preferences (despite it can already unlock the disk) while the local admin is not available and cannot be manually added
Is this a known issue?
Securetoken is enabled for local admin user after the upgrade and I have already tried to change the user picture to see if it fixes something (since the error message below refers to something and this was a reported solution in older threads)

testclient:~ ADuser$ sysadminctl -secureTokenStatus admin
2019-03-19 14:50:05.446 sysadminctl[999:6854] ### Error:kDSNAttrJPEGPhoto has multiple values! That is not supported yet, only 1st will be read! File:/BuildRoot/Library/Caches/com.apple.xbs/Sources/Admin/Admin-679/DSNode.m Line:396
2019-03-19 14:50:05.448 sysadminctl[999:6854] Secure token is ENABLED for user admin

I have also tried adding the local admin with this

sudo fdesetup add -usertoadd admin

And local admin was already present in fdesetup users list

[Last login: Tue Mar 19 14:53:37 on ttys000
testclient:~ admin$ sudo fdesetup list
Password:
ADuser,74BCC1DD-2965-4C1D-BBD1-493767B1E4E3
admin,E164A585-EC3E-43AA-9054-C21CE56D25E4]

And also tried

sudo diskutil apfs updatePreboot /

Any help will be greatly appreciated!
have a great day everyone
Carlo

4 REPLIES 4

sshort
Valued Contributor

You might have to update to 10.14.2 (or later) for a resolution, there were some adjustments to how secureToken and FileVault interact. Check out this post: https://travellingtechguy.eu/mojave-10-14-2-and-secure-tokens-it-works/

carlo_anselmi
Contributor III

Hello @sshort and many thanks for your reply
I haven't tried with Mojave yet. The problem is with High Sierra.

prodservices
New Contributor III

I know this sounds odd, but try changing the user account picture in System Preferences. If I remember correctly it did the trick for us.

carlo_anselmi
Contributor III

@prodservices thank you, that’s one of the things I have tried!
Will try to see if upgrading to Mojave instead will fix the issue