Jamf Nation Community

I'm guessing these users forgot their password?

As usual, read FileVault.. Think derflounder: http://derflounder.wordpress.com/2014/10/26/resetting-an-accounts-ability-to-log-into-a-filevault-2-...

Yes I got that even though the machine was re-imaged and no filevault encryption was present. I fixed it by doing a PRAM reset. Hold down Alt/Option key + Command key + P + R During bootup. It should automatically reboot. Than let go of the keys.

@damienbarrett and @bentoms I thought it was possibly the Apple ID password reset option as well, but neither user had that set up, and also, as far as I'm aware, that is not an option to set up for AD accounts (all macs bound to AD, using mobile accounts). As far as forgetting their password, this screen came up before even having a chance to enter a password that could have been forgotten; the password reset screen came up instead of the FileVault preboot login screen.

I haven't seen this since the first two instances, but if I see it again I'll try a PRAM reset @sgoetz

We're seeing this in our environment, too, though our users are unable to change their password. We've contacted JAMF Support and they were able to reproduce the issue internally. JAMF has submitted a defect to Apple on this for us (D-008004).

We are seeing the same issue in our environment. Users are prompted to reset their passwords before it has actually expired. Trying to reset it at the Mac login window is not supported and it also fails. The only way to get around it is to reset your password the supported way.

@brandonpeek or JAMF please let us know what happens with that case that was opened with Apple. Thanks.

@brandonpeek and @leegalan thanks for the updates on your environments. Glad to know we're not alone - bummed to find out there is a defect. I haven't seen this come back up but I have seen a similar issue that is echoed in this thread: https://jamfnation.jamfsoftware.com/discussion.html?id=12188

i've seen this a few times as well, none of ours are connected to AD but managed locally.

the latest happened after i ran apple diagnostics, then selected restart and walked away, when i came back it was at the reset screen. i'm also curious about the second selection, is there some way to resync all the passwords when filevault is failing to login with a known good password?

I think it just shows up by default if the computer sits on the login screen for a while…

For those intererested, I have a post on this:

https://derflounder.wordpress.com/2015/01/17/yosemites-filevault-2-pre-boot-recovery-options/

Thanks @rtrouton. It's helpful to know that is actually a new function of Yosemite filevault pre-boot. I think we were also running into some issues with an opendirectoryd startup bug in Yosemite that got resolved in 10.10.2. The overlap of the two symptoms caused us (and our Apple TAM) to do a lot of tail chasing to figure out what was going on. Thankfully we're all good now!

Oh, also @emilykausalik you were definitely right. We didn't realize this was a new function of the FileVault pre-boot, we were used to machines automatically shutting down if no one logged into the pre-boot screen, but in the past starting back up always brought you back to the pre-boot rather than the Recovery HD and the password reset option. So now we know. Thanks for your insight!

When you boot the computer, hold down COMMAND and R keys on the keyboard. You must do this before apple logo appears, but after the startup chime. Keep holding these keys down until the apple logo and a progress bar appears. Let go of the keys. After a few seconds, the computer will say "OS X Utilities". If prompted, choose your desired language first. Now, on the menu bar click "Utilities", then click "Terminal". Inside terminal, type in "filevaultrecovery" WITHOUT quotes. This is not a joke, it will actually open the Password Reset screen where you can choose those three options you mentioned in your post.

Have Fun!!

@IdmsaX20,

Thanks for the heads-up about being able to manually launch the FileVault 2's Reset Password wizard from within Recovery HD. I've written a post about how that process works, available from here:

https://derflounder.wordpress.com/2015/05/10/accessing-the-filevault-2-reset-password-wizard-via-yos...

Does anyone know if this "password reset screen" can be disabled/suppressed? I have a user with an encrypted Air and Thunderbolt Display. For whatever reason all devices connected to the display do not communicate with the Air. The end user power cycled the laptop which forced the password reset screen to appear. I had to decrypt the drive to get back to the user's profile. I really hope there is a workaround for this.

@kirkd,

Talk to Apple Enterprise Support and see what they say. As far as I can tell, the answer is "Nope".

@rtrouton

Thanks, This "feature" isn't helping at all when the scenario I posted occurs. While rare, it can be a pretty serious PITA for end users.

@kirkd,

It's possible to get out of that Reset Password screen without having to decrypt. I have a post showing how to do that available from the link below:

https://derflounder.wordpress.com/2015/05/27/stopping-your-mac-from-booting-to-the-filevault-2-reset...

@rtrouton Oh hey thank you! You are helpful as always!