Frage: Mac OS X High Sierra 10.13.1: No user with secure token activated

Hi there,

I have the following situation on my MacBook Pro 13" 2017 and did not yet find an appropriate solution:

  1. I have installed Mac OS X High Sierra 10.13.1 from a bootable USB drive using the official installer app from the Mac App Store
    1. During installation I chose to assign my total Flash Drives capacity to one APFS Case-sensitive, encryptet container. During this process I had to assign a password for disk encryption
    2. I created the user $ADMINUSER during installation process as the main administrator
  2. Now I activated the root user via Directory Utility and I added another standard user
  3. In the end I wanted to delete the initial admin user since I now had activated the root user. First it wouldn't let me neither through Directory Utility nor through dscl . delete /Users/$ADMINUSER.

    So I came across diskutil apfs listCryptoUsers and saw that admin user is listed here. Using fdesetup remove -uuid $ADMINUSER-UUID exited successfully and now allowed me to remove user $ADMIN through Directory Utility.

  4. Only after that I came across the sysadminctl tool, checked for users on my system with a secure token enabled - and had to realize I just had deleted the only user for which Secure token was ENABLED

So far I have not been able to assign a secure token to neither root nor any other user on my system.

  • I tried sysadminctl -secureTokenOn <user name> -password <password> so far - it wouldn't let me: Operation is not permitted without secure token unlock.
  • Also fdesetup add -usertoadd added_username did result in an error: Unable to add one or more users to FileVault. (-69594)
  • Also I tried to boot in recovery mode, deleted /var/db/.AppleSetupDone using Terminal. Then I booted normally. The setup process started. I was asked to enter details on the new main systems administrator user. After that was completed a GUI popped up and asked for the drives encryption password. I tried several times to enter it but it just was not accepted. No error message nothing, only the GUI popping up again and again.

Any idea how I could enable secure token for any user left on my system without wiping my flash drive and reinstalling everything?

Currently the issue is not very critical since I still have the password initially used for encrypting the whole drive. But I have the feeling that I might come across a situation where this might be a road blocker for normal use of the system (major system update etc.).


MacBook Pro mit Retina display, macOS High Sierra (10.13.1), APFS encrypted, no secure token

Gepostet am


Seiteninhalt wurde geladen

Benutzerprofil für Benutzer: propertychangelistener

Frage: Mac OS X High Sierra 10.13.1: No user with secure token activated