Help

There was a problem enabling FileVault on your computer

Go to solution
JefferyAnderson
Contributor

Posted on ‎03-03-2020 09:08 AM

We are working on getting FileVault enabled. I have the process working on several test Catalina devices. However, we have a single device that even though it prompts the user for their password to enable FileVault, it never actually enables. One thing I have noticed that is unique on this one device is that there are 3 partitions, c2020dedd0a9435685267ee586234a20
while all the others that do not have trouble have 2 partitions.

281fd38ad9fb4199881d89b0e21032d4

Could this be the issue? Or is there something else going on?

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
jtrant
Valued Contributor

Posted on ‎03-03-2020 11:08 AM

This means the 'admin' user is the only account that can grant Secure Tokens and/or enable FileVault. Logging in and back out as the 'admin' user should successfully begin FileVault encryption.

You should also enable the additional users in the FileVault tab under Security & Privacy (while logged in as admin) as this will grant them a Secure Token.

View solution in original post

0 Kudos
Reply

Go to solution
JefferyAnderson
Contributor

Posted on ‎03-03-2020 11:42 AM

I finally got it working. Thanks for pointing me in the right direction. I had to log into the admin account and run the following command:

$sysadminctl -adminUser "$GUIAdmin" -adminPassword "$GUIAdminPw" -secureTokenOn "$username" -password "$user_password"

View solution in original post

Reply
5 REPLIES 5

Go to solution
JefferyAnderson
Contributor

Posted on ‎03-03-2020 09:11 AM

One thing I just realized... the other devices I have tested on so far came with Catalina pre-installed. The one device that is giving me trouble, had Mojave installed and was upgraded to Catalina prior to me trying to enable FileVault... I"m not sure if that makes a difference.

0 Kudos
Reply

Go to solution
jtrant
Valued Contributor

Posted on ‎03-03-2020 09:54 AM

Does the user account being used to enable FileVault have a Secure Token?

List users with Secure Tokens by GUID:

diskutil apfs listcryptousers /

List user accounts with corresponding GUID:

dscl . list /Users GeneratedUID

If not, you'll see the error you described (and I ran into previously).

Reply

Go to solution
JefferyAnderson
Contributor

Posted on ‎03-03-2020 10:24 AM

@jtrant There is not a SecureToken assigned to the user. The only SecureToken is assigned to the "admin" user account. What do I need to do to fix this?

0 Kudos
Reply

Go to solution
jtrant
Valued Contributor

Posted on ‎03-03-2020 11:08 AM

This means the 'admin' user is the only account that can grant Secure Tokens and/or enable FileVault. Logging in and back out as the 'admin' user should successfully begin FileVault encryption.

You should also enable the additional users in the FileVault tab under Security & Privacy (while logged in as admin) as this will grant them a Secure Token.

0 Kudos
Reply

Go to solution
JefferyAnderson
Contributor

Posted on ‎03-03-2020 11:42 AM

I finally got it working. Thanks for pointing me in the right direction. I had to log into the admin account and run the following command:

$sysadminctl -adminUser "$GUIAdmin" -adminPassword "$GUIAdminPw" -secureTokenOn "$username" -password "$user_password"
Reply