Support Center

Authentication server failed to complete the requested operation

As of agent version 0.9.684 released 2018-06-19, see Managing users with High Sierra, Filevault, and APFS 

Symptom

When enabling a user for FileVault on macOS High Sierra 10.13 and higher you may see the error below:

Authentication server failed to complete the requested operation

Applies To: Mac systems using macOS 10.13 or higher with APFS formatted drives with FileVault encryption enabled.

Cause

With the release of macOS High Sierra, Apple implemented a new security feature called secureToken. The error above is presented when a user account that does not have a secureToken is used to enable FileVault.
 
Note: All user accounts that are provisioned via JumpCloud do not receive a secureToken.

Solutions

There are different solutions outlined below contingent upon the scenario, however, the Administrator account used to unlock the FileVault Preference Pane must have a secureToken. The terminal command below can be run to verify whether an account has a secureToken:

sudo sysadminctl -adminUser $adminUser -adminPassword $adminPassword -secureTokenStatus $username

Where $username is the username of the user in question

Scenario 1: New macOS High Sierra System

  1. Use the guided Setup Assistant to create the initial user account - By default, this account will have a secureToken created.
  2. Install the JumpCloud Agent
  3. Enable FileVault for the new user account in System Preferences > Security & Privacy > FileVault
  4. Bind the User to JumpCloud

Scenario 2: Existing macOS High Sierra System, Adding A New User

  1. Ensure that the JumpCloud Agent is installed on the macOS system
  2. Create a new user in the JumpCloud Administrator Console, and set a password for the user
  3. Bind the user to the macOS system
  4. Open System Preferences > Security & Privacy > FileVault
  5. Unlock the Padlock using the Administrator account that has a secureToken
  6. Enable the new user account for FileVault, and when prompted, enter the password for the user.

Scenario 3: Existing macOS High Sierra System, Enabling FileVault For An Existing User

Note: This method requires both the JumpCloud Administrator, and the End-User to be present

  1. Ensure that the JumpCloud Agent is installed on the macOS system
  2. Navigate to: System Preferences > Security & Privacy > FileVault
  3. The JumpCloud Administrator will need to unlock the Padlock with the credentials of the Administrator account that has a secureToken
  4. Enable the user for FileVault- The user will need to enter their password at this time

Additional Considerations:
  • Users who are created by an Administrator that has a secureToken will also receive a secureToken
  • Enabling a user for FileVault using one of the methods above will create a secureToken for the user.
  • Please review: typical password reset experience for JumpCloud Users
 

Last Updated: Jun 19, 2018 04:05PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete