SecureToken *present* but FileVault 2 encryption never begins

PhilS
New Contributor III

I have one computer in my environment I haven't been able to get to encrypt.

We have a single Disk Encryption Configuration which runs at enrollment, and is also available in Self Service. This Mac was enrolled as a backfill and picked up the config there...and has also run it a couple of times from Self Service...and at every restart the user sees the required approve-or-shut-down sequence and approves it...and still fdesetup reports encryption OFF with deferred enablement ON for the user for whom it should be. And that user shows SecureToken ENABLED.

All suggestions gratefully accepted.
--
Phil Saunders
Myriad Genetics

3 REPLIES 3

junjishimazaki
Valued Contributor

Is the user the first user account that got created? Also, how was the mac enrolled? prestage or user-initiated? 

Johns987
New Contributor II

PhilS
New Contributor III

Okay, did either of you pay attention? The SecureToken is ON, ON, ON, PRESENT, PRESENT, PRESENT. Lack of SecureToken is NOT, repeat NOT the reason encryption is not turning on, unless there is some way of assigning Schrödinger's token which is ON and OFF at the same time.

Purely incidentally: I have no idea which was the first user created, as I inherited this Mac, and enrolled it via invitation. But to reiterate yet again for any others who may not be paying attention, SecureToken is ON for the end user, according to sysadminctl, and deferred enablement is active for her, according to fdesetup. It just won't turn on.