Jump to content


ukg_matt

Bitlocker - Drives not Encrypting

Recommended Posts

Good day Niall and everyone, I just replied since its the same topic as what I'm getting but different error msg (not error msg actually). I just got some machines that is not compliant but this machines has the same specs as any compliant machines I have. 

image.thumb.png.9d29b4782483409120d90fcc8e382c41.png

Share this post


Link to post
Share on other sites

are you saying they are reporting as non compliant but are in fact, compliant ? if so have you installed the hotfix available for 1910 in the console ?

Share this post


Link to post
Share on other sites

I have just resolved something like this in my environment. I looked in the BitlockerManagement_GroupPolicyHandler.log and I found errors ' Failed to open GPO (0x80004005)', I googled and found this, although it’s not an identical issue I thought it was worth a shot so I deleted C:\Windows\System32\GroupPolicy\Machine\Registry.pol after that I refreshed the policy on the machine a few time and the devices began to encrypt. 

I hope this helps!

Share this post


Link to post
Share on other sites

On 2/26/2020 at 4:30 AM, ukg_matt said:

I have just resolved something like this in my environment. I looked in the BitlockerManagement_GroupPolicyHandler.log and I found errors ' Failed to open GPO (0x80004005)', I googled and found this, although it’s not an identical issue I thought it was worth a shot so I deleted C:\Windows\System32\GroupPolicy\Machine\Registry.pol after that I refreshed the policy on the machine a few time and the devices began to encrypt. 

 

 

I hope this helps!

This works. Thanks.

Share this post


Link to post
Share on other sites

Hi Guys,

 

I have two problems with new SCCM Bitlocker solution.

We have succesfully deployed new SCCM 1910 Bitlocker Policy. Also we`ve deployed Configuration Baseline to Enforce Bitlocker Encryption.

For some stations all looks good for another unfortunatelly no.

We use XTS-AES-128 bit

All workstations have Windows 10

Some workstations have a problem with MBAMClientUI.exe. It is not popup for the local user

The same stations have a problem with encryption enforcement. It is not starts in the background...

 

I`ve tried to delete C:\Windows\System32\GroupPolicy\Machine\Registry.pol but nothing happens. It was just recreated after policies evaluation time.

But still the same result. Encryption is not starting

 

Do you have any ideas how we can resolve this issue? 

If we start MBAMClientUI.exe manually it works. We can click Postpone or Start. 

image.png.77d576fb66e21806db749bd8bbb09cf3.png

image.png.ef50f58fd0175db7638a3f9ef615efa3.png 

image.png.4f60b72eefaa796312c455a50b698a56.png

image.png.239e7a848880c7d46a82aaae551e3da2.png

image.png.e94e9edea09df1bfd65321397450443a.png

 

image.thumb.png.774e419ab1eaee71bd9088f5a350479c.png

 

image.thumb.png.2fadbe77557823897b70ed1e3028127c.png

image.png.7636b87757899019c29266f10348c8da.png

Share this post


Link to post
Share on other sites

We are have this error too Kirill_L but we install bitlocker through Intune, not from SCCM, the machines are co-managed. But for some weird thing 2% of our machines don't receive the encryption policy so 300 machines are still without encryption. The others went well

Share this post


Link to post
Share on other sites

Sorry, Guys. I have the issues with MBAM too.

MBAM event admin log is:

Unable to connect to the MBAM Recovery and Hardware service.

Error code:
-2147024809 

Details:
The parameter is incorrect.

And....

ReasonsForNoncompliance               : {1, 15, 3}

Could you please give some advices, I tried to google it, without any success. SCCM version is: 2103

I tried to delete C:\Windows\System32\GroupPolicy\Machine\Registry.pol and enforce MBAM by changing:

SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
OsEnforcePolicyPeriod
compliance rule = 0

SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
UseOsEnforcePolicy
compliance rule = 1

Thank you in advance and have a great weekend!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.