Mac OS X High Sierra 10.13.1: Disk Encryption, No user with secure token activated

Hi there,

I have the following situation on my MacBook Pro 13" 2017 and did not yet find an appropriate solution:

1. I have installed Mac OS X High Sierra 10.13.1 from a bootable USB drive using the official installer app from the Mac App Store
   1. During installation I chose to assign my total Flash Drives capacity to one APFS Case-sensitive, encryptet container. During this process I had to assign a password for disk encryption
   2. I created the user $ADMINUSER during installation process as the main administrator
2. Now I activated the root user via Directory Utility and I added another standard user
3. In the end I wanted to delete the initial admin user since I now had activated the root user. First it wouldn't let me neither through Directory Utility nor through dscl . delete /Users/$ADMINUSER.

   So I came across diskutil apfs listCryptoUsers and saw that admin user is listed here. Using fdesetup remove -uuid $ADMINUSER-UUID exited successfully and now allowed me to remove user $ADMIN through Directory Utility.

4. Only after that I came across the sysadminctl tool, checked for users on my system with a secure token enabled - and had to realize I just had deleted the only user for which Secure token was ENABLED

So far I have not been able to assign a secure token to neither root nor any other user on my system.

• I tried sysadminctl -secureTokenOn <user name> -password <password> so far - it wouldn't let me: Operation is not permitted without secure token unlock.
• Also fdesetup add -usertoadd added_username did result in an error: Unable to add one or more users to FileVault. (-69594)
• Also I tried to boot in recovery mode, deleted /var/db/.AppleSetupDone using Terminal. Then I booted normally. The setup process started. I was asked to enter details on the new main systems administrator user. After that was completed a GUI popped up and asked for the drives encryption password. I tried several times to enter it but it just was not accepted. No error message nothing, only the GUI popping up again and again.

Any idea how I could enable secure token for any user left on my system without wiping my flash drive and reinstalling everything?

Currently the issue is not very critical since I still have the password initially used for encrypting the whole drive. But I have the feeling that I might come across a situation where this might be a road blocker for normal use of the system (major system update etc.).

Thanks