FileVault - Some Users Weren't Added

Weird, so it looks like some forum mod removed my post with the solution... That's unfortunate and annoying...

There is a bug where new admin users don't have a secure token enabled which is required to gain permission to unlock a FileVault protected disk.

You can check whether a user has this permission by running this command in Terminal:

sudo sysadminctl -secureTokenStatus [username]

In my case, I had one admin user with the secure token enabled and another that wasn't. The enabled user would show up in the login window after a restart, the disabled user wouldn't. This is because the disk needs to be unlocked after a restart.

When logged on as the secure token disabled admin, I would see the "Unable to add one or more users to FileVault" error when trying to add that user via System Preferences.

The steps that worked for me, and which I shared earlier are:

1. Find the user that has the secure token using:

sudo sysadminctl -secureTokenStatus [username]

(for some reason, even the new admin was not getting the token created)

2. Make the user that has the token an admin user

3. Login as that user that has the secure token enabled

4. Change the password of the admin account that does not have the token. On changing the password, the admin now should also have the secure token. Now the user will be able to login at boot

These steps are taken from a comment in this discussion:

https://www.reddit.com/r/MacOS/comments/74ctc0/high_sierra_adding_new_admin_user _unable_to_boot/

I think I had to restart and try to add the previously disabled admin user to FileVault before it worked for me. So consider that as "step 5".

Hope that helps you.

(Apple forum mods, if you need to modify my post to meet some post guidelines please do so. But this solution is working for people and you're not helping by removing it. Thanks.)

if you are familiar with terminal, than you may glean some info from the man page.

to enable or disable FileVault, to list, add, or remove enabled FileVault users, copy and paste:

man fdesetup

On HFS+ this behaves as normal, one caveat— the APFS may have broken the command line, and hopefully get sorted soon.

Apple Feedback http://www.apple.com/feedback/

With your same Apple ID you can sign up for a free Developers Account and start a conversation with Apple engineers

Bug Reporter https://bugreport.apple.com/

I have the same problem and this didn't work for me. I've tried to enable Filevault access for an account using both the system preferences and terminal (fdesetup). Both report "Unable to add one or more users to Filevault". The terminal message addes error "-69594"

THANK YOU MATT! This worked perfectly well. Mods, this is an easy fix that I hope you help promote. The issue of disabled filevault users is causing a several widely reported problems, such as not being able to delete other admin accounts (presumedly because only they can unlock filevault but current admin account can't).

I was able to create a new user with a valid token by running the setup wizard again.

To do that, run this command in Terminal: sudo rm /var/db/.AppleSetupDone, and then reboot.

During setup, don't sign in with your iCloud account, and make sure to check the box that allows the new user to unlock your disk.

While you're logged in as the new user, change the password of your original user. Then log into your original user and run this command in Terminal: sudo fdesetup add -usertoadd [original_username]

I'm also having this problem, and not seeing it reported many places. Trying to get help from Apple phone and chat support. No luck so far.

Thank you Matt, it worked for me as well.