This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to activate encryption on high sierra

We're having this new issue. Apple finally started shipping macbooks with High Sierra and now we're trying to install safeguard 8.0.3 on our first HS machine and we're getting an error after we drag the client configuration zip file. 

Safeguard Management Center Version 8.00.2.16

Machine OSX version 10.13.1

Safeguard Client version: 8.00.3.9

Cert is SHA2 256

Installing as domain user

Filevault is not enabled

I know there is an article based off of this error

https://community.sophos.com/kb/en-us/122152

I tried the step 3. Use the following command "fdesetup changerecovery -personal -verbose" and it comes back saying "Filevault not turned on" 

 

I created a new client config package just to see if that was the problem but it's not. Same package and client works on Sierra. I reached out to support multiple people have remoted onto the machine and server and they can't seem to figure it out. My question is, is anyone else able to install a fresh copy of safeguard on high sierra. 

 



This thread was automatically locked due to age.
  • I have SafeGuard installed and running well on a good handful of High Sierra Macs and I've not seen this issue yet. 

     

    The drive isn't in a crazy format is it - are you using APFS?

     

    I would suspect this is a FV2 error and not Sophos as such, but that Sophos is struggling to enable/turn FV2 on for some reason?

     

    If you enable FV2 manually ( System Prefs - Security & Privacy - FileVault) does that work?

  • Hi Michael,

    FV2 does not work if I enabled it as a domain AD account. I can install safeguard/FV2 with a local admin account. I'm reading that this is an issue on High Sierra and this was suppose to be resolved on 10.13.2 but it didn't... How are you installing yours on High Sierra?

     

  • We are aware of an issue with Apple macOS 10.13.x that by using an Active Directory user you might not be able to get FV2 enabled. 

    And if you enable FV2 with a local macOS admin and later you try to add the Active Directory user - the system preference pane might get crashed. You can check the local system.log and search for "fdesetup". We expect that you will find an fdesetup activation error 38 or similar. So please get in contact with Apple support and check with them what can be done to get FV2 enabled by using an Active Directory user object incl. using the mobile account profile for this user.

  • Hello,

     

    I am experiencing the same behaviour on our Macs.

     

    MacOS HighSierra (10.13.2)

    Safeguard Client version: 8.00.3.9

     

    We are activating Safeguard using a local user. After switching to a mobile user (ActiveDirectory User) we get the following error when adding the user using Safeguard:

     

     

    This is the console.app log:

     

     

     

    So I think that this is a Sophos Safeguard issue? Is it a already known problem?

     

     

    EDIT:

    The user seems to be added succesfully to the Management Center:

     

    Also to mention, that our setup was properly working before dealing with HighSierra.

     

    EDIT#2:

     

    Ok, it really seems to be a Apple Bug:

    https://www.jamf.com/jamf-nation/discussions/25692/high-sierra-10-13-encrypted-users-not-showing-at-filevault-login-screen

  • Sophos publish a KBA in regards to this topic - please check the following article for more details:

    https://community.sophos.com/kb/en-us/128052