Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4340: FileVault 2 GP does not activate FileVault on some machines

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:07 AM

Applies to: Centrify DirectControl version 5.1.1 and higher on Mac OS X 10.8 and higher

Problem:

The FileVault 2 group policy has been configured and the target AD users has been converted to Mobile Accounts on the desired Mac systems.
The following conditions have also been met for each Mac system:
However, while FileVault is activating correctly on some machines, it is still failing to enable on other machines.

All Mac systems are in the same "Mac Computer" OU, all AD accounts are in the same "Mac Users" OU and the group policy has been confirmed to be successfully downloaded onto the Mac.


Cause:

On the working machines, the assigned users were stored as "Firstname Lastname".

On the machines where the FileVault GP was not working correctly, the assigned AD users were stored in ADUC as "Lastname, Firstname". When the AD account name is stored in this format, the group policy fails to recognise that this AD user is the account that will be using FileVault on the Mac and so skips over the instruction to invoke FileVault.


Workaround:
  1. Go to ADUC and navigate to the affected AD account(s)
     
  2. Right-click and select "Rename" > Change the name from:

    "Lastname, Firstname" to "Firstname Lastname"
     
  3. Go back to the Mac and login with the target Mobile Account.
     
  4. Logout and the FileVault activation prompt should now appear.


Resolution:

This is fixed as of Centrify Suite 2014.1 / Mac Agent version 5.2.1.

For more information on how to use the FileVault group policy, see:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.