Hi,
Yeasterday I turned off my FileVault. And now I want to turn it on again but I am getting this error:
"Authentication server refused operation because the current credentials are not authorized for the requested operation."
I am running MacBook Pro (Retina, 13-inch, Early 2015) on High Sierra 10.13
Thanks,
Kristian
MacBook Pro (Retina, 13-inch,Early 2015), macOS High Sierra (10.13)
I was having the same issue and done a bit of digging.
I found that iCloud was listed as an encrypted user so I signed out of iCloud on my Mac, and then turned FileVault back on the usual way, and it created a recovery key without any issues and then began the encryption process.
Let us know how you go 🙂
Time being turn on the firewall
I have the same issue, ie can't enable FileVault.
I restored from another Mac with 10.12.6 using Setup Assistant after I created a local admin user.
Wonder if I re-install os without erasing the disk..will that sort out this issue?
It might be worth a try. I will make a second TM backup and format and restore from backup because I need to solve this.
re-install of OS do not help 😠
You did a full reinstall with disk cleanup or with data keep?
I just want to perform full reinstall and want to be sure it worth it
I did install without wipping anything. Does not help.
let me know if you or anyone got success
Has anyone found a solution for this?
Its hit and trial as for as i see in this case.
I'm also having this issue. No luck with any solution.
I had FV enabled, changed my login/iCloud password (to strengthen it) and the passwords got out of sync, leaving me having to input separate passwords (one for FV, one to login). I'd read that one solution is to disable FV then re-enable it, but when I try to re-enable FV I get the error described in the OP.
Having dug further it appears that the one administrator account on the machine has lost its secure token somehow. If I create a new administrator it still doesn't get the secure token.
I've raised a support call with Apple but I'm not hopeful having read the above.
what I did, my user is admin. I changed the mac password, which will complain about icloud not in sync, not to worry
then turn of FV, choose not to use icloud account (second option), Once FV starts then sync the icloud account.
mine still going on...
In the end i started from scratch, reformatted the disk as APFS encrypted and it installed OK. However I had the guest account appear and had to use the trick in another thread to switch is off, also had an icon appear at startup saying ’disk password’. Don’t know a fix for this so I’ve started another thread. So what’s the best way to install without errors then? Install Sierra and upgrade? It’s a mess isn’t it!
Same problem here. The cause is different for me, though: I clean installed High Sierra and then migrated my accounts from a time machine backup. Previously my disk was encrypted with filevault but after the new installation, of course, it wasn't. Trying to enable filevault now gives me the same error as you. According to this reddit thread and this macrumors blog page, the issue should be that our users don't have a security token.
When trying to enable this security token with:
sudo sysadminctl -secureTokenOn USER -password PWD
I get:
No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
and
Operation is not permitted without secure token unlock.
Which is exactly related to FileVault activation.
Any idea how to go on from this?
Lorenzo
I went a step farther and realised that running:
diskutil apfs listcryptousers /dev/disk1s1gives me:
Cryptographic user (1 found)
|
+-- 3B972A91-3649-4D68-A8C7-7FC2E4C77B2B
Type: Local Open DirectoryI have a feeling that UID corresponds to the UID of the admin user I used to setup my system BEFORE restoring my actual users. I then tried creating a new user and editing its assigned UID to match the one above, shut down, restarted in recovery mode and ran:
diskutil apfs updatepreboot disk2s1as per this discussion. I got this promising output:
-bash-3.2# diskutil apfs updatepreboot disk2s1
Started APFS operation
UpdatePreboot: Commencing operation to update the Preboot Volume for Target Volume disk2s1 Macintosh HD
UpdatePreboot: The Target Volume's OpenDirectory (non-special kind) user count is 1 and the Recovery (any of 3 kinds) user count is 0
UpdatePreboot: There are OpenDirectory user(s) but no Recovery user(s)
UpdatePreboot: The above is an abort condition for some purposes but not UpdatePreboot; continuing
UpdatePreboot: No custom Open Directory path given
UpdatePreboot: Using GivenVolumeMountPointOrNilIfNotMounted for the MacOSSearchPath
UpdatePreboot: Using MacOSSearchPath's child dslocal path for the OpenDirectorySearchPath
UpdatePreboot: MacOS Search Path = (nil=NotMounted) = /Volumes/Macintosh HD
UpdatePreboot: Open Directory Database Search Path = (nil=MacOSSearchPathNotMounted) = /Volumes/Macintosh HD/var/db/dslocal/nodes/Default
UpdatePreboot: Preserve EncryptedRootPList When No-OD = 0
UpdatePreboot: Successfully opened Open Directory database; setting AuthODNodeOrNil accordingly
UpdatePreboot: Mounting and ensuring as mounted the related Preboot Volume
UpdatePreboot: Preboot Volume = disk2s2 Preboot
UpdatePreboot: Preboot Volume Target Directory = /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C
UpdatePreboot: Considering APFS Crypto User 3B972A91-3649-4D68-A8C7-7FC2E4C77B2B
UpdatePreboot: Defaulting and requiring that this be an Open Directory User
UpdatePreboot: Treating this APFS Crypto User to be, and requiring to match, an Open Directory User
UpdatePreboot: Correlated APFS Volume Crypto User with Open Directory User 3B972A91-3649-4D68-A8C7-7FC2E4C77B2B aka "test"
UpdatePreboot: Reading JPEG user picture of length 31134 from Open Directory database
UpdatePreboot: All required data for this Open Directory user has been obtained
UpdatePreboot: Parameters for EFILoginUserGraphics count=1 "unlockOptions"="0"
UpdatePreboot: Before render EFILoginUserGraphics user (graphics/audio) resources Name=test PictureSize=(NoneIsOK)=31134 HintOptional=
UpdatePreboot: After render EFILoginUserGraphics Data=(0=Error)=0x7fe4ea509760=562192
UpdatePreboot: Before rendering EFILoginUserNamesData resources UserArrayCount=2
UpdatePreboot: After rendering EFILoginUserNamesData Data=(NULL=Skip)=0x7fe4ea509d90 DataItemCount=2
UpdatePreboot: Successfully added a macOS OD User to the building dictionary
UpdatePreboot: Successfully processed APFS Volume Crypto User 3B972A91-3649-4D68-A8C7-7FC2E4C77B2B
UpdatePreboot: Error for this processed user was 0
UpdatePreboot: Error among all processed users was 0
UpdatePreboot: The Encrypted Root PList File content is ready
UpdatePreboot: Not encrypting the Encrypted Root PList File content
UpdatePreboot: Encrypted Root PList File to be created path will or would be /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EncryptedRoot.plist.wipekey
UpdatePreboot: Proceeding to write Encrypted Root PList, creating a path as neccessary
UpdatePreboot: Successfully wrote Encrypted Root PList File
UpdatePreboot: DiskManagement Info PList File path will be /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/var/db/CryptoUserInfo.plist
UpdatePreboot: Successfully wrote DiskManagement Info PList File
UpdatePreboot: Checking for existence of Static EFI Resources directory /Volumes/Macintosh HD/usr/standalone/i386/EfiLoginUI
UpdatePreboot: Before copying contents of directory of Static EFI Resources at /Volumes/Macintosh HD/usr/standalone/i386/EfiLoginUI into directory /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/usr/standalone/i386
UpdatePreboot: After copying error=(0=success)=0
UpdatePreboot: Looking for locale list on macOS on Target Volume
UpdatePreboot: Locale list item count is 1
UpdatePreboot: Before rendering EFILoginInterfaceGraphics global localized resources
UpdatePreboot: After rendering EFILoginInterfaceGraphics FileNamesAndData=(0=error)=0x7fe4ea619de0=10
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/loginui.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/flag_picker.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/preferences.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/battery.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/appleLogo.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/unknown_userUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/disk_passwordUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/guest_userUI.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/Lucida13.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Writing localized EFI graphics resource file /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/System/Library/Caches/com.apple.corestorage/EFILoginLocalizations/Lucida13White.efires
UpdatePreboot: Successfully wrote EFI resource file
UpdatePreboot: Generating AdminUserList for Recovery purposes
UpdatePreboot: Considering admin user FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
UpdatePreboot: Considering admin user 0EDEC971-B05C-4A74-8DD7-D1B3BED1996B
UpdatePreboot: Considering admin user EA04C586-5C45-4BFC-892F-10EC20712C4B
UpdatePreboot: Considering admin user F5DE9511-A3ED-4EEB-BFBE-35660D3DBDF5
UpdatePreboot: Error among all processed admin users was -69569
UpdatePreboot: Writing Admin User Info File to path /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C/var/db/AdminUserRecoveryInfo.plist
UpdatePreboot: Successfully wrote Admin User Info File
UpdatePreboot: Checking for existence of Secure Access Token file /Volumes/Macintosh HD/var/db/dslocal/nodes/Default/secureaccesstoken.plist
UpdatePreboot: Unmounting Preboot Volume
UpdatePreboot: Exiting Update Preboot operation with overall error=(0=success)=0
Finished APFS operationUnfortunately the issue remained. I then did the same but after I deleted the forged user, getting this output:
-bash-3.2# diskutil apfs updatepreboot disk2s1
Started APFS operation
UpdatePreboot: Commencing operation to update the Preboot Volume for Target Volume disk2s1 Macintosh HD
UpdatePreboot: The Target Volume's OpenDirectory (non-special kind) user count is 1 and the Recovery (any of 3 kinds) user count is 0
UpdatePreboot: There are OpenDirectory user(s) but no Recovery user(s)
UpdatePreboot: The above is an abort condition for some purposes but not UpdatePreboot; continuing
UpdatePreboot: No custom Open Directory path given
UpdatePreboot: Using GivenVolumeMountPointOrNilIfNotMounted for the MacOSSearchPath
UpdatePreboot: Using MacOSSearchPath's child dslocal path for the OpenDirectorySearchPath
UpdatePreboot: MacOS Search Path = (nil=NotMounted) = /Volumes/Macintosh HD
UpdatePreboot: Open Directory Database Search Path = (nil=MacOSSearchPathNotMounted) = /Volumes/Macintosh HD/var/db/dslocal/nodes/Default
UpdatePreboot: Preserve EncryptedRootPList When No-OD = 0
UpdatePreboot: Successfully opened Open Directory database; setting AuthODNodeOrNil accordingly
UpdatePreboot: Mounting and ensuring as mounted the related Preboot Volume
UpdatePreboot: Preboot Volume = disk2s2 Preboot
UpdatePreboot: Preboot Volume Target Directory = /Volumes/Preboot/18566B06-F0D2-3F5A-A602-1AAE053C761C
UpdatePreboot: Considering APFS Crypto User 3B972A91-3649-4D68-A8C7-7FC2E4C77B2B
UpdatePreboot: Defaulting and requiring that this be an Open Directory User
UpdatePreboot: Treating this APFS Crypto User to be, and requiring to match, an Open Directory User
UpdatePreboot: This APFS Crypto User is not in the Open Directory database
UpdatePreboot: Error for this processed user was -69568
UpdatePreboot: Error among all processed users was -69568
UpdatePreboot: Aborting entire operation, regardless of abort mode, because an error occurred for one of more users and not even one contingency user was successfully processed
UpdatePreboot: Unmounting Preboot Volume
UpdatePreboot: Exiting Update Preboot operation with overall error=(0=success)=-69568
Error: -69568: An APFS crypto user was not found in the Open Directory user databaseI believe that the error I reported before in the creation of a secure token causes the absence of a 'Crypto User'.
I hope that with this new information someone could help us.
Lorenzo
High Sierra could not turn on FileVault after turning it off