Some FileVault operations fail on a system with macOS High Sierra (10.13.x) (with APFS) and Symantec Endpoint Encryption 11.1.3 MP1/Symantec Encryption Desktop 10.4.2 installed

book

Article ID: 171048

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Some FileVault operations, such as enabling, migrating, and adding users, fail on macOS High Sierra (with APFS) if the user does not have secure token enabled for their account on a system with Symantec Endpoint Encryption 11.1.3 MP1 or Symantec Encryption Desktop 10.4.2 installed.

Note: Run the following command to check if the user has secure token enabled:

#sysadminctl interactive –secureTokenStatus <username>

This command prompts for administrator username and password in the credentials dialog box.

 

This problem can occur in any of the following scenarios specific to Symantec Endpoint Encryption 11.1.3 MP1:

  • When you upgrade your operating system to macOS High Sierra (with APFS) on a system with Symantec Endpoint Encryption 11.1.3 MP1 installed.
    Note: This problem will not occur for the existing FileVault users and for those users that have Secure Token enabled.
  • When you install Symantec Endpoint Encryption 11.1.3 MP1 on a system with macOS High Sierra (with APFS) installed and FileVault is enabled or not enabled. 

Environment

Symantec Endpoint Encryption 11.1.3 MP1 or Symantec Encryption Desktop 10.4.2 and macOS High Sierra with Apple File System (APFS)

Resolution

Workaround: To resolve this issue, enable secure token by performing the following steps with administrative rights:

1. Run the following command on the command line interface:

  #sysadminctl interactive –secureTokenOn <username> -password –

    This command first prompts for administrator credentials, followed by the password for the username.

2. Log out from the system, and log on again for the FileVault operations to run successfully.