Incomprehensible error message

[jby]

I get this, rather incomprehensible message, on a newly updated machine:

Script result: [WARNING] This script is still in BETA in High Sierra, because the fdesetup binary has changed significantly. Please use with caution.<br/>(null),EBC6C064-0000-11AA-AA11-00306543ECAC<br/>oskarw,59ABC2FF-2AB8-4FA0-A7C3-00B8198585F7<br/>toadmin,D30AC4BD-9DF1-4A32-BFA7-58CC11C9AC46<br/>[ERROR]:  is not on the list of FileVault enabled users:<br/>
--

This is the output of fdesetup list:

sudo fdesetup list
Password:
oskarw,59ABC2FF-2AB8-4FA0-A7C3-00B8198585F7
toadmin,D30AC4BD-9DF1-4A32-BFA7-58CC11C9AC46

Do you have any idea what might be causing this?

[homebysix]

Well, there are a few things going on here.

• You can thank Jamf for the <br/>s in the output. Those are line endings.
• The "still in beta" message is normal, and just means you're on High Sierra.
• The (null) user can be ignored. It seems to be a stand-in for the personal recovery key in the output of fdesetup list
• [ERROR]: is not on the list of FileVault enabled users: is interesting — it implies the user you were logged in as was recorded as a blank or null value.

When you ran this script on this particular Mac, was the Mac logged in as a standard user, or was it at the loginwindow? Which user was it logged in as?

[homebysix]

I'd also be interested to see the output of these two commands on the Mac in question:

/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'

vs

/usr/bin/stat -f%Su /dev/console

[jby]

Sorry, I did realise that it was the 'ERROR' that was the only important part. On your first question, about who was logged in, I do not know. It's a users mac, that I won't have access to until I'm back in the office Monday. I might be able to ssh into it and run the additional commands that you requested.

I'll get back to you.

[homebysix]

Sounds good. If you SSH in, be sure to add sudo in front of the commands. Jamf runs the script in root context, so the test commands also need to be run in root context.

[jby]

Output as requested:

toadmin$ /usr/bin/stat -f%Su /dev/console
root
toadmin$ sudo /usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'

toadmin$

[jby]

I now have two different macs with the same behaviour. One running 10.13.1 and one 10.12.6

[jby]

Hmm, the 10.13.1-host have recovered on it's own and does not report the error any more.

Is it as easy as no-one was logged on when the script was run? Since it says:

[ERROR]: is not on the list of FileVault enabled users which I'm now interpreting as " " is not on the list of enabled users

Could that be it?

[homebysix]

Hi @jby — it certainly could be that simple. If you see the error occur again, I'd be very interested whether an actual user is logged in, or if the Mac is simply sitting at the login window.

It also occurs to me that I should build some protection for this situation into the script, which I've done in b7e1788.

[jby]

Hmm, I seem to have an old version. I don't have that commit in my script. I'll update and try again.

[homebysix]

I just updated the version with a few improvements. 1.9 is the latest as of now.