Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Can't turn off Filevault

Problem Context

I am having trouble turning off Filevault from one of my admin users. The button does not do anything when I select "Turn Off FileVault..."


Basic usage instructions: https://support.apple.com/en-ng/HT204837


Attempted Solutions

I have read that I need to be in the admin which initiated the Filevault in order to obtain a Secure Token and turn off the application. I am recovering that admin here.


I have also read that I can attempt to restart without FileVault login and possibly disable it from there terminal without a key.


Pending Resolution


  • Can I get the original admin back and turn it off from there?
  • Can I go into the single user mode and turn it off?
  • Can I go into recovery mode and turn it off?

Macbook (2015 or later)

Posted on Jan 14, 2019 5:06 AM

Reply
6 replies

Jan 14, 2019 8:59 AM in response to John Galt

Thanks for the reply. I think "writing" might be easier for diagnoses and solving this issue.


Request accepted: I'll keep everything in this thread.


As far as the user account, I did see one other alternative which was to delete the plist file and attempt to regenerate the user in system preferences.


rm /var/db/dslocal/nodes/Default/users/shortusername.plist


I believe this was the folder you attempted to restore in single user mode, which I had to actually revert to the old version to restore the login account.


I do have a time machine back up but it is from many months ago and I would like to do one more back up before I restore.


One question in regards to the user account creation in system preferences:


In the case that I delete and regenerate the plist above along with a restart, what is the difference in the methods of creating a new vs renaming an existing user account from system preferences?


In other words, when I follow the steps here: https://support.apple.com/en-us/HT201548 what are the differences ? Would it be beneficial to rename an alternate admin to replace the folder with the contents of my user folder. The reasoning behind that is because the warning message states that it may damage the existing folder. So I assume it would delete the "admin" user and replace those files with the contents of the path I am providing.


Alternatively, creating a new user with Use Existing Folder seems like it would indeed use the existing folder (however would enter into new user processes potentially generating plist data) Does deleting that potentially plist fix those processes?


Jan 14, 2019 8:18 AM in response to cjroe

I reviewed your other Discussions. As I understand it, a User Account seems to have disappeared for reasons unknown, and you are attempting to recover that Account for the sole purpose of turning off FileVault for that User.


  • Can I get the original admin back and turn it off from there?


The quick answer is "maybe". Perhaps for some reason that User Account became hidden, and if that's the case you can un-hide it. Determine if that's the case with


dscacheutil -q user


The quick answers to the other two questions are "no"... not unless you provide a valid FileVault key to unlock the startup disk. You can't get anywhere without that. Temporarily bypassing the FV lock for a subsequent login as you described earlier (using fdesetup) won't help either, since you need to start with a previously unlocked disk, and it would have been unlocked using a key from a different User Account. I don't believe that will be productive.


A request: for this limited purpose kindly reply to this Discussion, not the others you started. Creating multiple Discussions is OK because I understand you are also seeking answers to related questions. If other site participants choose reply to them that's great but I don't want the burden of following and having to reply to multiple Discussions. This Discussion may lead to possible alternatives, or not, I don't know, but first determine if that particular User Account became hidden. There may be an easy fix.


I doubt it though, because a User Account shouldn't spontaneously become hidden or disappear altogether. That symptom hints of media corruption that can't be fixed. The ideal solution would be to restore a Time Machine backup.

Jan 15, 2019 9:08 AM in response to cjroe

Would it be beneficial to rename an alternate admin to replace the folder with the contents of my user folder.


It's worth a try. The Apple Support document's warning is applicable only to those who don't follow its instructions. What you're proposing seems reasonable... given that you really have nothing to lose. I still think the underlying problem is a corrupted startup volume.


Post the output of


dscacheutil -q user


I know it's long. You'll probably have to use the "text" icon (looks like a sheet of paper). Or just look for the potentially hidden user on your own. If that's the "easy fix" I alluded to earlier the solution will be obvious.

Jan 15, 2019 10:14 AM in response to cjroe

What user should I be looking for with that command?


The User Account that went missing. Specifically, its "short name". If it is not present, then it did not simply become hidden, and that's it for the "easy fix" I've been alluding to.


What do you recommend for that if I am getting errors?


Replace the defective drive. They can't be fixed.


I looked in your other Discussions for a description of those errors. I seem to recall you saying something about it but it's difficult for me to find. If Time Machine is reporting errors it's more justification to conclude hardware failure is the cause of an inability to back up, as well as the spontaneous User Account disappearance that seems to be the subject at hand.

Can't turn off Filevault

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.