With FileVault "Off" I can log in via any of the 3 accounts. NewMBPM1:~ Long-T01_UID$ diskutil cs list No CoreStorage logical volume groups found NewMBPM1:~ Long-T01_UID$ diskutil apfs list APFS Containers (3 found) | +-- Container disk3 5172FF0C-FE12-43BC-B785-A343469065D7 ==================================================== APFS Container Reference: disk3 Size (Capacity Ceiling): 994662584320 B (994.7 GB) Capacity In Use By Volumes: 432616132608 B (432.6 GB) (43.5% used) Capacity Not Allocated: 562046451712 B (562.0 GB) (56.5% free) | +-< Physical Store disk0s2 11251327-2EEE-4067-B25E-8C19F4714C9E | ----------------------------------------------------------- | APFS Physical Store Disk: disk0s2 | Size: 994662584320 B (994.7 GB) | +-> Volume disk3s1 32EED8C6-88B4-424B-B83E-93AF0BCDEDAC | --------------------------------------------------- | APFS Volume Disk (Role): disk3s1 (System) | Name: NewM1 MBP14 HD (Case-insensitive) | Mount Point: Not Mounted | Capacity Consumed: 15704408064 B (15.7 GB) | Sealed: Yes | FileVault: No (Encrypted at rest) | | | Snapshot: 6BF4B01C-1BDB-4773-8052-1640F34D4AF1 | Snapshot Disk: disk3s1s1 | Snapshot Mount Point: / | Snapshot Sealed: Yes | +-> Volume disk3s2 22E54FF2-EFEC-4216-A845-86288F5DE151 | --------------------------------------------------- | APFS Volume Disk (Role): disk3s2 (Preboot) | Name: Preboot (Case-insensitive) | Mount Point: /System/Volumes/Preboot | Capacity Consumed: 188669952 B (188.7 MB) | Sealed: No | FileVault: No | +-> Volume disk3s3 E6EAFA08-D775-43F5-80EE-14DF77AA6408 | --------------------------------------------------- | APFS Volume Disk (Role): disk3s3 (Recovery) | Name: Recovery (Case-insensitive) | Mount Point: Not Mounted | Capacity Consumed: 856158208 B (856.2 MB) | Sealed: No | FileVault: No | +-> Volume disk3s5 D6B7417E-F2D5-450B-A63F-1CBFC16E3CCF | --------------------------------------------------- | APFS Volume Disk (Role): disk3s5 (Data) | Name: Data (Case-insensitive) | Mount Point: /System/Volumes/Data | Capacity Consumed: 415659524096 B (415.7 GB) | Sealed: No | FileVault: No (Encrypted at rest) | +-> Volume disk3s6 91371F95-D2E4-474A-8395-1A8AD666E210 --------------------------------------------------- APFS Volume Disk (Role): disk3s6 (VM) Name: VM (Case-insensitive) Mount Point: /System/Volumes/VM Capacity Consumed: 20480 B (20.5 KB) Sealed: No FileVault: No NewMBPM1:~ Long-T01_UID$ diskutil list /dev/disk0 (internal): #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme 1.0 TB disk0 1: Apple_APFS_ISC ⠨⠩ 524.3 MB disk0s1 2: Apple_APFS ⠨Container disk3⠩ 994.7 GB disk0s2 3: Apple_APFS_Recovery ⠨⠩ 5.4 GB disk0s3 /dev/disk3 (synthesized): #: TYPE NAME SIZE IDENTIFIER 0: APFS Container Scheme - +994.7 GB disk3 Physical Store disk0s2 1: APFS Volume ⠨NewM1 MBP14 HD⠩ 15.7 GB disk3s1 2: APFS Snapshot ⠨com.apple.os.update-...⠩ 15.7 GB disk3s1s1 3: APFS Volume ⠨Preboot⠩ 188.7 MB disk3s2 4: APFS Volume ⠨Recovery⠩ 856.2 MB disk3s3 5: APFS Volume ⠨Data⠩ 415.7 GB disk3s5 6: APFS Volume ⠨VM⠩ 20.5 KB disk3s6 NewMBPM1:~ Long-T01_UID$ fdesetup status FileVault is Off. FileVault master keychain appears to be installed. NewMBPM1:~ Long-T01_UID$ sudo fdesetup list Password: T02_UID,D76FB1E2-DA8F-11D9-9B82-000A95ACF9D2 Long-T01_UID,962402C7-B1D6-4F0D-9110-593E228EEF7F S01_UID,C039F77B-4AD5-11D8-952E-000A95ACF9D2 NewMBPM1:~ Long-T01_UID$ sudo sysadminctl -secureTokenStatus S01_UID 2021-12-26 12:08:40.901 sysadminctl[10415:463820] Secure token is ENABLED for user S01_UID NewMBPM1:~ Long-T01_UID$ sudo sysadminctl -secureTokenStatus T_01_UID 2021-12-26 12:08:48.920 sysadminctl[10417:463858] Secure token is ENABLED for user T_02_UID NewMBPM1:~ Long-T01_UID$ sudo sysadminctl -secureTokenStatus " T_02_Long_UID " 2021-12-26 12:10:27.032 sysadminctl[10451:465207] Secure token is ENABLED for user T_02_Long_UID ********* Then I turned on FileVault in account T_01_UID. Then one can only login via S01_UID Then I logged in as T_01_UID to enter these commands NewMBPM1:~ Long-T01_UID$ fdesetup status FileVault is On. FileVault master keychain appears to be installed. NewMBPM1:~ Long-T01_UID$ sudo fdesetup list Password: T02_UID,D76FB1E2-DA8F-11D9-9B82-000A95ACF9D2 Long-T01_UID,962402C7-B1D6-4F0D-9110-593E228EEF7F S01_UID,C039F77B-4AD5-11D8-952E-000A95ACF9D2 NewMBPM1:~ Long-T01_UID$ sudo fdesetup haspersonalrecoverykey Password: false NewMBPM1:~ Long-T01_UID$ sudo fdesetup hasinstitutionalrecoverykey true NewMBPM1:~ Long-T01_UID$ sudo fdesetup removerecovery -institutional Password: Enter the user name:S01_UID Enter the password for user 'S01_UID': NewMBPM1:~ Long-T01_UID$ sudo fdesetup hasinstitutionalrecoverykey false But with FileVault re-enabled we still had the same login issue, and turning on FileVault again gave the message about an institutional key being set