Addigy Support has identified several unique FileVault errors that have little documentation.
FileVault deferred enablement often results in a loop behavior for the end-users as they do not see the full verbose error generated.
A generic error is usually presented to the end user along the lines of the following images:
In most cases, even if you try and enable FileVault Encryption from the device itself in System Preferences > Security & Privacy - it will present an error:
If you have encountered this error or similar, and the FileVault status shows that 'deferred enablement is active' on the device still - we will need to disable the FileVault enablement and address the issue on the macOS device that is causing the error.
Unfortunately, there isn't one definitive reason for this error, we have seen it pertain to a number of items - the following two have been confirmed by Addigy Support to present the above errors:
- The User trying to encrypt the drive is a JumpCloud User
- The disk that is being encrypted is on a macOS device that doesn't have a recovery partition
- An existing keychain file is present in /Library/Keychains which should be removed
First step to remediate this would be to disable deferred filevault enablement by running the following command:
'fdesetup disable'
Once the command is successfully executed, the device should be rebooted to clear the status.
After the status is cleared, you would want to address what is causing the FileVault error.
FileVault can then be re-enabled from the Addigy Console on the device, which should allow for a successful encryption and escrow of the FV Key.
If you are unsure of what error is generated when enabling FileVault, use the following option to return it in the Addigy Interface: