If you see authentication server errors when turning FileVault on in macOS High Sierra
When you try to turn FileVault on for mobile or non-mobile accounts, you might see authentication server error messages.
This article is intended for system administrators. If you want to use FileVault on your Mac, learn how to encrypt the startup disk on your Mac.
To turn FileVault on, follow the instructions below for the type of account you’re using.
For mobile accounts
If your user account is a mobile account, you’ll see the following error message when trying to enable FileVault:
Authentication server refused operation because the current credentials are not authorized for the requested operation.
To turn FileVault on for mobile accounts:
Log in as another admin account.
Turn on FileVault. Click the Enable User button next to your mobile account and enter the mobile account’s password.
For non-mobile accounts
If your user account is not a mobile account, and has either been created or had its password set by a command line process running as root, you may see the following error message when trying to enable FileVault:
Authentication server failed to complete the requested operation.
To turn FileVault on for non-mobile accounts:
Log in as another admin account.
Reset the password for your account using the instructions under "Reset the password for another user."
With non-mobile accounts, avoid resetting user passwords or creating new users using a command line process running as root. Here are some examples of commands you should avoid:
sudo passwd jappleseed
sudo dscl . -passwd /Users/jappleseed
sudo sysadminctl -addUser jappleseed -password temppass
To reset passwords or create new users, authenticate as an admin user. You can do this in System Preferences, or with commands like these:
passwd -u localadmin jappleseed
dscl -u localadmin -p . -passwd /Users/jappleseed
sysadminctl interactive -addUser jappleseed -password temppass