Hi,
Yeasterday I turned off my FileVault. And now I want to turn it on again but I am getting this error:
"Authentication server refused operation because the current credentials are not authorized for the requested operation."
I am running MacBook Pro (Retina, 13-inch, Early 2015) on High Sierra 10.13
Thanks,
Kristian
MacBook Pro (Retina, 13-inch,Early 2015), macOS High Sierra (10.13)
I was having the same issue and done a bit of digging.
I found that iCloud was listed as an encrypted user so I signed out of iCloud on my Mac, and then turned FileVault back on the usual way, and it created a recovery key without any issues and then began the encryption process.
Let us know how you go 🙂
I was having the same issue and done a bit of digging.
I found that iCloud was listed as an encrypted user so I signed out of iCloud on my Mac, and then turned FileVault back on the usual way, and it created a recovery key without any issues and then began the encryption process.
Let us know how you go 🙂
Same thing here: I formatted my drive from the recovery partition (the internet recovery partition wasn’t necessary for me) as APFS, reinstalled High Sierra 10.13.1, created an admin account during the setup, used that to recover my user home folders from the backup (manually, without migration assistant, since last time it caused all this mess), created new users from System Preferences and now everything is working again. With this method the only things I lost are applications, that can be easily downloaded again.
I did this after trying to force a rebuilding of the user database, by deleting the folder /private/var/dscl and it’s backup and reinstalling the system. Unfortunately it seems that doing the latter doesn’t create a new dscl database, so I erased everything and started from scratch.
Now that my dscl database is not corrupted anymore FileVault can be enabled again.
I made a time machine backup, booted from usb stick with high sierra installer, erased drive as APFS, installed high sierra, restered from backup, chose yes when asked if I would like drive to be encrypted.
Works fine now.
Probably this will be fixed later, but who knows when.
Just to update my earlier post, I gave in and nuked my machine. I started getting other problems with file permissions (Trash kept resetting to no write access after every restart) and history (couldn't clear Terminal command history) so decided to start over.
Erased disk, used Internet Recovery to reinstall High Sierra from scratch, and restored my last known good TM backup. It seems to have solved this problem - so far. My account has been restored with secureTokenStatus set to ENABLED, and I've created another administrator account which also has this status. FV has been trying to encrypt the disk for several hours now but at least I've had no errors. Although this time I have used separate login and iCloud passwords rather than using the latter for both.
check the status of file vault within Terminal copy & paste :
fdesetup status
Terminal will report back with a message telling if you FileVault is on or off. This is a quick and simple way of checking the status.
Enabling FileVault
To enable FileVault copy & paste:
sudo fdesetup enable
Do the UUIDs of those Crypto Users correspond to of the UUIDs of any of your actual users? You can get the UUID by right-clicking on one of your users in System Preferences and selecting Advanced Options.
In my case there is no correspondence.
Lorenzo
When i do ran diskutil apfs listcryptousers /dev/disk1s1
I get three different uuid
Cryptographic users (3 found)
|
+-- UUID
| Type: Local Open Directory
|
+-- UUID
| Type: iCloud
|
+-- UUID
Type: iCloud Recovery
Apple update 10.13.1 for MacOS added support for unlocking a FileVault-encrypted APFS volume using a recovery keychain file. For details, enter
man diskutilhttps://www.macworld.com/article/3235181/macs/apple-releases-macos-10-13-1-high- sierra-update.html
I having exactly same issue
I want to turn it on again but I am getting this error:
"Authentication server refused operation because the current credentials are not authorized for the requested operation."
Any one has got solution?
After updating the system to 10.13 it asked me to change the machine password. I used one of the 'default' password and then I've changed the password again via the 'Security and Privacy' menu. Then it became a total mess: the computer, the password chain and the FileVault passwords been different. Three password been used.
Then I turned off the FileVault and wanted to re-enable it back and now I can't do that due to "Authentication server refused operation because the current credentials are not authorized for the requested operation."
I hope this bug will be fixed soon as it's total disaster to have the portable device unsecured.
I did try twice.. I logout from icloud account and then try to on FileVault. It gives two option
1- login to icloud
2- without using icloud..
I choose 2 and no luck, receives same error Operation not valid..
If i choose option 1 then reaches the same loop as it was original
I think I will live like that untill I erase the disk completely.
Status says that the Vault is off - FileVault is Off.
Trying to enable it from terminal return following error:
Error: A problem occurred while trying to enable FileVault. (-69550)
I did try the
sudo sysadminctl -secureTokenOn USER -password PWDAnd got the same error as yours: Operation is not permitted without secure token unlock.
Good point!
I see 3 crypto-users. One of them is of type Local Open Directory and its UUID corresponds exactly to my account's UUID (the only admin ever been on this machine)
Thanks
Has anyone got solution to get rid of this issue?
High Sierra could not turn on FileVault after turning it off