Posted on 07-25-2018 11:47 AM
Hello!
Our environment has local standard accounts. When a password is changed, if the machine is rebooted the user can not log in with new or old password. Only thing I can tie to it is the password isn't syncing with FV2 properly. When they are locked out I have to grab the FV2 key and go though the process again. We checked policies they looked ok. Is this a sync bug? Thanks in advance for any help or solutions!
Posted on 07-26-2018 01:27 AM
I have the same problem too
Posted on 07-26-2018 06:26 AM
If you haven't already, I would say grab the os versions, your FV process, and any other relevant info and submit it to jamfsupport. Is it reproducible every time?
The FV sync has been an issue since high sierra launched in my opinion. Our process was hit or miss, sometimes it was fine and others it would lose the password and take a few reboots to resolve. If you search here you'll find everything from MySQL db issues, to the password policy, to FV losing keys or simply not enabling.
Our solution was getting as many machines on DEP with the "new" HS config profiles. (We also implemented a longer pw expiration which helped indirectly.) I also lived on Rich's wonderful blog https://derflounder.wordpress.com/?s=file+vault
Posted on 07-27-2018 08:58 AM
We have found, that waiting until the machines is fully encrypted before changing the password cuts down this issue...
Also we have found that changing the password in the system pref helps too... if you change it on the recovery partition or at wake from sleep screen, then you have to change it again in the system pref back to back...
We have a ticket open with Apple for this... however it might be a few issues looking like one issue or multiple issues with one symptom...
C
PS we are seeing less locked out users, after the July security update too. : )