Skip to main content
Solved

There was a problem enabling FileVault on your computer

J
Forum|alt.badge.img+10

We are working on getting FileVault enabled. I have the process working on several test Catalina devices. However, we have a single device that even though it prompts the user for their password to enable FileVault, it never actually enables. One thing I have noticed that is unique on this one device is that there are 3 partitions,
while all the others that do not have trouble have 2 partitions.

Could this be the issue? Or is there something else going on?

Best answer by jtrant

This means the 'admin' user is the only account that can grant Secure Tokens and/or enable FileVault. Logging in and back out as the 'admin' user should successfully begin FileVault encryption.

You should also enable the additional users in the FileVault tab under Security & Privacy (while logged in as admin) as this will grant them a Secure Token.

View original
    Did this topic help you find an answer to your question?

    5 replies

    J
    Forum|alt.badge.img+10

    One thing I just realized... the other devices I have tested on so far came with Catalina pre-installed. The one device that is giving me trouble, had Mojave installed and was upgraded to Catalina prior to me trying to enable FileVault... I"m not sure if that makes a difference.

    J
    Forum|alt.badge.img+14
    • jtrant
    • Honored Contributor
    • 408 replies
    • March 3, 2020

    Does the user account being used to enable FileVault have a Secure Token?

    List users with Secure Tokens by GUID:

    diskutil apfs listcryptousers /

    List user accounts with corresponding GUID:

    dscl . list /Users GeneratedUID

    If not, you'll see the error you described (and I ran into previously).

    J
    1 person likes this
    • J
      JefferyAnderson
    J
    Forum|alt.badge.img+10

    @jtrant There is not a SecureToken assigned to the user. The only SecureToken is assigned to the "admin" user account. What do I need to do to fix this?

    J
    Forum|alt.badge.img+14
    • jtrant
    • Honored Contributor
    • 408 replies
    • Answer
    • March 3, 2020

    This means the 'admin' user is the only account that can grant Secure Tokens and/or enable FileVault. Logging in and back out as the 'admin' user should successfully begin FileVault encryption.

    You should also enable the additional users in the FileVault tab under Security & Privacy (while logged in as admin) as this will grant them a Secure Token.

    J
    Forum|alt.badge.img+10

    I finally got it working. Thanks for pointing me in the right direction. I had to log into the admin account and run the following command:

    $sysadminctl -adminUser "$GUIAdmin" -adminPassword "$GUIAdminPw" -secureTokenOn "$username" -password "$user_password"
    T
    1 person likes this
    • T
      tsimmons22

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings