Some FileVault operations, such as enabling, migrating, and adding users, will fail on macOS High Sierra (with APFS) if the user does not have secure token enabled for their account on a system with Symantec Endpoint Encryption 11.1.3 MP1 or PGP Encryption Desktop for File Vault (Symantec Encryption Desktop).

Note: Run the following command to check if the user has secure token enabled:

#sysadminctl interactive –secureTokenStatus <username>

This command prompts for administrator username and password in the credentials dialog box.

This problem can occur in any of the following scenarios specific to Symantec Endpoint Encryption 11.1.3 MP1:

• When you upgrade your operating system to macOS High Sierra (with APFS) on a system with Symantec Endpoint Encryption is installed.
  Note: This problem will not occur for the existing FileVault users and for those users that have Secure Token enabled.
  
  
• When you install Symantec Endpoint Encryption on a system with macOS High Sierra (with APFS) installed and FileVault is enabled or not enabled. 

Workaround: To resolve this issue, enable secure token by performing the following steps with administrative rights:

1. Run the following command on the command line interface:

  #sysadminctl interactive –secureTokenOn <username> -password –

    This command first prompts for administrator credentials, followed by the password for the username.

2. Log out from the system, and log on again for the FileVault operations to run successfully.

 For further guidance, reach out to Symantec Encryption Support.