FileVault2 Encryption fails on macOS High Sierra

0 users found this article helpful

Applies to:
- Parallels Device Management
Last Review: Jun 10, 2018
Available Translations:
Get updates Download

Symptoms

FileVault2 Encryption fails when domain mobile account is used.
Local administrator account is able to force the encryption just fine.
Issue is presented on machine running macOS High Sierra

pma_agent.log file on affected machine contains following entries:

/FileVaultUtils:1001:1153/ Command is failed : /usr/bin/fdesetup [enable -inputplist -outputplist]
/FileVaultUtils:1001:1153/ ExitCode : 38
/FileVaultUtils:1001:1153/ ErrorCode : 5

Attempt to turn on FileVault2 encryption manually from System Preferences - Security & Privacy using domain mobile account will result in following error:
```
Authentication server refused operation because the current credentials are not authorized for the requested operation.
```

Cause

Domain mobile account can no longer be used to force FileVault2 encryption on Macs running High Sierra. This limitation was implemented with one of recent macOS High Sierra updates. More information can be found in KB article from Apple Support

Resolution

There is no possibility to bypass this limitation when using Parallels Mac Management hence starting from macOS High Sierra only local administrator accounts should be used to enable FileVault2 encryption on the Mac running macOS High Sierra

Was this article helpful?

Tell us how we can improve it.