Some FileVault operations, such as enabling, migrating, and adding users, fail on macOS High Sierra (with APFS) if the user does not have secure token enabled for their account on a system with Symantec Endpoint Encryption 11.1.3 MP1 or Symantec Encryption Desktop 10.4.2 installed.
Note: Run the following command to check if the user has secure token enabled:
#sysadminctl interactive –secureTokenStatus <username>
This command prompts for administrator username and password in the credentials dialog box.
This problem can occur in any of the following scenarios specific to Symantec Endpoint Encryption 11.1.3 MP1:
Symantec Endpoint Encryption 11.1.3 MP1 or Symantec Encryption Desktop 10.4.2 and macOS High Sierra with Apple File System (APFS)
Workaround: To resolve this issue, enable secure token by performing the following steps with administrative rights:
1. Run the following command on the command line interface:
#sysadminctl interactive –secureTokenOn <username> -password –
This command first prompts for administrator credentials, followed by the password for the username.
2. Log out from the system, and log on again for the FileVault operations to run successfully.