You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Cannot mount encrypted APFS partition in external SSD

I did my first Time Machine backup of my macbook pro to my new crucial X10 pro external SSD.

Time Machine took care of formating the new SSD, in the process it asked whether I wanted to encrypt the disk and I said yes, I provided a passphrase (which I noted carefully) and the first backup finished successfully. The new APFS encrypted partition was named "X10 Pro"


After the backup finshed I tried to eject the SSD, but macOS would not allow this because some application was using the drive (which was not the case). So I rebooted the macbook. After that, my SSD does not show up on my desktop. Disk Utility sees the external disk, but cannot mount the "X10 Pro" partition. It complains with the following error: "The disk X10 Pro can't be unlocked" - see image below



Indeed this partition is encrypted, and I know the passphrase, but macOS does not ask for it.


I tried to unlock it manually via the command line as follows


$ diskutil apfs unlockVolume disk5s2
Passphrase:
Unlocking any cryptographic user on APFS Volume disk5s2
Passphrase incorrect or user does not exist


The problem could be the passphrase, but I did check carefully.

Rather, the problem seems to be that there is no cryptographic user...


$ diskutil apfs listCryptoUsers disk5s2
Error getting list of cryptographic users for APFS Volume: Unable to get list of crypto users for this APFS Volume (-69552)


Is there a way to unlock and mount this encrypted APFS volume ?

Or should I erase it and create a new one ?

And in that case, what should I do to prevent this from happening again if I create a new APFS encrypted partition ?


Best,


uxl2


PS1: The crucial X10 pro external SSD is advertised as supporting "Password protection and 256‐bit AES hardware encryption". However no official documentation shows how to do this. The disk was delivered in exFAT format. And Time Machine reformatted it with a single APFS encrypted partition devoted to Time Machine.


PS2: My system is a macbook pro M1 Max with macOS Sonoma 14.7.1

MacBook Pro 14″, macOS 14.7

Posted on Nov 16, 2024 4:57 PM

Reply
Question marked as Top-ranking reply

Posted on Nov 17, 2024 8:52 AM

Have a look at Barney's reply, there are some clean up tasks that Time Machine needs to do. I don't know how big your backup was but it could have needed some time, although ~ hours seems longer than anything I have experienced. In any case, it is moot because the backup disk was not properly prepared so all bets are off, a variety of things can go wrong when disks set up for PC use with third party software/firmware embedded are used for Macs "as is." I wold have expected Time Machine to have automatically reformatted it as you indicated in your first post, but it maybe needed to be fully cleared out with Disk Utility.


In fact, I think rebooting your Mac when a disk won't unmount has been a safe approach to me in the past, although I don't see that error any more, it used to happen once in a while after copying many files but I haven't seen that for years. Still, I think the command you want is


sudo lsof | grep /Volumes/diskname  where disk name is the name of your disk, and it has to be carefully entered if the disk name has spaces, using \ to signify a space, e.g. disk\ name. You are prompted for your password, when I use this command I see SCORES of files that are active. Many of them involve mds and Spotlight and I think those have to complete for the Time Machine backup to be a valid one, hence your Mac was not letting you unmount. However I also think the setup of that drive was flawed and one or more of those processes may have been hung. We will probably never know for sure.


I have seen discussions online where people note that sometimes the QuickLook services can become hung for an external drive and prevent unmounting. You would see several of those running with the lsof command above. The "fix" was to kill all the QuickLook services running in Activity Monitor. One could also use this Terminal command


/usr/bin/killall -KILL QuickLookUIService && sudo qlmanage -r  


to kill the QuickLookUI service and reset the QuickLook Server and the cache of all QuickLook clients. If in fact QuickLook is causing the disk to refuse to unmount.


Otherwise, I would have done what you did, reboot the computer, as that normally closes down all processes gracefully.


I would watch that disk to make sure it behaves normally as you do Time Machine backups. You can also check it with Disk Utility First Aid and also DriveDX (which checks its physical health). All disks eventually fail and some are defective (even new ones) so I always have at least two Time Machine backups active (MacOS rotates the backups between them), plus a clone type backup, and also storage or key files in the cloud (I use Dropbox). This looks like overkill until something goes wrong and you need a backup then you will thank your lucky stars for redundancy.

8 replies
Question marked as Top-ranking reply

Nov 17, 2024 8:52 AM in response to uxl2

Have a look at Barney's reply, there are some clean up tasks that Time Machine needs to do. I don't know how big your backup was but it could have needed some time, although ~ hours seems longer than anything I have experienced. In any case, it is moot because the backup disk was not properly prepared so all bets are off, a variety of things can go wrong when disks set up for PC use with third party software/firmware embedded are used for Macs "as is." I wold have expected Time Machine to have automatically reformatted it as you indicated in your first post, but it maybe needed to be fully cleared out with Disk Utility.


In fact, I think rebooting your Mac when a disk won't unmount has been a safe approach to me in the past, although I don't see that error any more, it used to happen once in a while after copying many files but I haven't seen that for years. Still, I think the command you want is


sudo lsof | grep /Volumes/diskname  where disk name is the name of your disk, and it has to be carefully entered if the disk name has spaces, using \ to signify a space, e.g. disk\ name. You are prompted for your password, when I use this command I see SCORES of files that are active. Many of them involve mds and Spotlight and I think those have to complete for the Time Machine backup to be a valid one, hence your Mac was not letting you unmount. However I also think the setup of that drive was flawed and one or more of those processes may have been hung. We will probably never know for sure.


I have seen discussions online where people note that sometimes the QuickLook services can become hung for an external drive and prevent unmounting. You would see several of those running with the lsof command above. The "fix" was to kill all the QuickLook services running in Activity Monitor. One could also use this Terminal command


/usr/bin/killall -KILL QuickLookUIService && sudo qlmanage -r  


to kill the QuickLookUI service and reset the QuickLook Server and the cache of all QuickLook clients. If in fact QuickLook is causing the disk to refuse to unmount.


Otherwise, I would have done what you did, reboot the computer, as that normally closes down all processes gracefully.


I would watch that disk to make sure it behaves normally as you do Time Machine backups. You can also check it with Disk Utility First Aid and also DriveDX (which checks its physical health). All disks eventually fail and some are defective (even new ones) so I always have at least two Time Machine backups active (MacOS rotates the backups between them), plus a clone type backup, and also storage or key files in the cloud (I use Dropbox). This looks like overkill until something goes wrong and you need a backup then you will thank your lucky stars for redundancy.

Nov 17, 2024 2:54 AM in response to mechanic1357

mechanic1357 wrote:

As a corollary to that, this site is very useful in providing a step-by-step process for setting up new external drives. The instructions offered on this (apple) site are, frankly, useless.
https://www.seagate.com/gb/en/support/kb/how-to-format-your-drive-apfs-on-macos-big-sur-and-later/

I don’t see anything in that link that is not listed here: Erase and reformat a storage device in Disk Utility on Mac - Apple Support

After the backup finshed I tried to eject the SSD, but macOS would not allow this because some application was using the drive (which was not the case).

When Time Machine finishes backing up, it’s not really finished. The newly copied snapshot is reconciled on the backup drive in the background.

Nov 16, 2024 8:29 PM in response to uxl2

I think you should use Apple Disk Utility to erase and reformat the disk and do a new backup. You will need to remove the old disk from your Time Machine target backup disk list as well and after reformatting it, enter the name of the "new" one.


I think the best route when starting from a new non-Apple formatted external drive is to immediately erase/reformat it before use. The "Password protection and 256‐bit AES hardware encryption" you read about is referencing Crucial's third party disk utility tools which you are better off not using. It is unclear how this drive was configured by Crucial but it might have had things embedded. Giving Time Machine a fresh, empty, properly formatted disk for use by MacOS is always the safest way.


I think rebooting the Mac while the operating system was finishing its setup of an encrypted drive was a mistake and the disturbing symptoms you are seeing may be reflecting the consequences of that interruption. We may never know exactly what happened and whether that interruption was the root cause but you will never be able to trust that disk unless you erase/format it as APFS and start over clean and fresh.

Nov 18, 2024 3:31 AM in response to Barney-15E

Barney-15E wrote:


mechanic1357 wrote:

As a corollary to that, this site is very useful in providing a step-by-step process for setting up new external drives. The instructions offered on this (apple) site are, frankly, useless.
https://www.seagate.com/gb/en/support/kb/how-to-format-your-drive-apfs-on-macos-big-sur-and-later/
I don’t see anything in that link that is not listed here: Erase and reformat a storage device in Disk Utility on Mac - Apple Support
...

Did you write this Support page? You seem a little defensive...

Nov 18, 2024 3:33 AM in response to mechanic1357

mechanic1357 wrote:


Barney-15E wrote:


mechanic1357 wrote:

As a corollary to that, this site is very useful in providing a step-by-step process for setting up new external drives. The instructions offered on this (apple) site are, frankly, useless.
https://www.seagate.com/gb/en/support/kb/how-to-format-your-drive-apfs-on-macos-big-sur-and-later/
I don’t see anything in that link that is not listed here: Erase and reformat a storage device in Disk Utility on Mac - Apple Support
...
Did you write this Support page? You seem a little defensive...

No. None of us work for Apple. You seem like you didn't even use it as it says the same thing as the link you provided.

Nov 17, 2024 3:37 AM in response to steve626

Hi Steve,


Thanks a lot for your quick and thorough reply. I followed your advice, erased and repartitioned the whole disk with GUID partition map, and APFS case sensitive volume for time machine. Now it works fine. (I think I will go without encryption for the moment).

Trying to delete the encrypted APFS volume "X10 Pro", however, leads to an internal error (see screenshot below)

An internal error has occurred. : (-69623)

So I had to erase and reformat the whole drive as you suggested.


Concerning your comment...

I think rebooting the Mac while the operating system was finishing its setup of an encrypted drive was a mistake and the disturbing symptoms you are seeing may be reflecting the consequences of that interruption.

...this is not what actually happened. The drive setup and Time Machine backup were long finished (several hours) before I tried to unmount, then remove the drive. No other window or application seemed to be using that drive. So I had preferred rebooting the system rather than brutally removing the drive without unmounting it.


Next time what should I do if an external disk refuses to unmount ?

This discussion suggests to use

lsof /Volumes/TimeMachine

to find out which processes prevent the volume from unmounting, then kill those processes. But in my case this command provides no output, even when Time Machine is performing a backup.


Best,


uxl2


PS: screenshots



Nov 18, 2024 1:35 PM in response to uxl2

uxl2 wrote:

Next time what should I do if an external disk refuses to unmount ?
This discussion suggests to use
lsof /Volumes/TimeMachine
to find out which processes prevent the volume from unmounting, then kill those processes. But in my case this command provides no output, even when Time Machine is performing a backup.

You need to use "sudo " with the command or you will not get anything as @steve626 put in their post but did not explicitly call it out.

sudo  lsof  /Volumes/TimeMachine


Assuming your TM backup volume is called "TimeMachine".


The problem could be the passphrase, but I did check carefully.
Rather, the problem seems to be that there is no cryptographic user...

I'm not sure about this, but it doesn't surprise me with the stuff I have seen with the recent Macs and their security enclave chip.


Was this SSD dedicated solely to TM backups or were you also using it as an external data drive as well?


PS1: The crucial X10 pro external SSD is advertised as supporting "Password protection and 256‐bit AES hardware encryption". However no official documentation shows how to do this. The disk was delivered in exFAT format. And Time Machine reformatted it with a single APFS encrypted partition devoted to Time Machine.

As someone else mentioned, this requires the use of the manufacturer's proprietary software to utilize the built-in hardware encryption of the SSD. When this option is used, then the encrypted SSD will not show any partitions/volumes until unlocked by the manufacturer's software. If macOS happens to get an update patch which breaks the manufacturer's software, then you will be unable to unlock the SSD until the manufacturer updates their proprietary software. Plus if you forget the password, or are otherwise unable to unlock the SSD, then you will need to use the manufacturer's software to attempt to reset the SSD in order to re-use the SSD. You also need to the manufacturer's software to disable the use of the SSD's built-in hardware encryption feature to use the SSD as a plain SSD. The repeating part is if you utilize the built-in hardware encryption, then you will need the manufacturer's proprietary software until you disable the built-in hardware encryption feature.






Cannot mount encrypted APFS partition in external SSD

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.