Bitlocker - Drives not Encrypting

[anyweb]

what policy settings have you configured and have you verified the client is indeed in the collection where you deployed it ?

[Syntax]

Good day Niall and everyone, I just replied since its the same topic as what I'm getting but different error msg (not error msg actually). I just got some machines that is not compliant but this machines has the same specs as any compliant machines I have. 

[anyweb]

are you saying they are reporting as non compliant but are in fact, compliant ? if so have you installed the hotfix available for 1910 in the console ?

[Syntax]

nope sorry to confuse you. It is reporting non-compliant and checked the machines and bitlocker is not implemented.

[ukg_matt]

I have just resolved something like this in my environment. I looked in the BitlockerManagement_GroupPolicyHandler.log and I found errors ' Failed to open GPO (0x80004005)', I googled and found this, although it’s not an identical issue I thought it was worth a shot so I deleted C:\Windows\System32\GroupPolicy\Machine\Registry.pol after that I refreshed the policy on the machine a few time and the devices began to encrypt. 

I hope this helps!

[Syntax]

On 2/26/2020 at 4:30 AM, ukg_matt said:

I have just resolved something like this in my environment. I looked in the BitlockerManagement_GroupPolicyHandler.log and I found errors ' Failed to open GPO (0x80004005)', I googled and found this, although it’s not an identical issue I thought it was worth a shot so I deleted C:\Windows\System32\GroupPolicy\Machine\Registry.pol after that I refreshed the policy on the machine a few time and the devices began to encrypt. 

 

 

I hope this helps!

This works. Thanks.

[Kirill_L]

Hi Guys,

 

I have two problems with new SCCM Bitlocker solution.

We have succesfully deployed new SCCM 1910 Bitlocker Policy. Also we`ve deployed Configuration Baseline to Enforce Bitlocker Encryption.

For some stations all looks good for another unfortunatelly no.

We use XTS-AES-128 bit

All workstations have Windows 10

Some workstations have a problem with MBAMClientUI.exe. It is not popup for the local user

The same stations have a problem with encryption enforcement. It is not starts in the background...

 

I`ve tried to delete C:\Windows\System32\GroupPolicy\Machine\Registry.pol but nothing happens. It was just recreated after policies evaluation time.

But still the same result. Encryption is not starting

 

Do you have any ideas how we can resolve this issue? 

If we start MBAMClientUI.exe manually it works. We can click Postpone or Start. 

 

 

 

[Pierre-Paul]

@Kirill_L
I have the exact same issue, the only difference is the Windows 10 build.  We are using 1809.  But other than that, everything is the same.

[Kingskawn]

We are have this error too Kirill_L but we install bitlocker through Intune, not from SCCM, the machines are co-managed. But for some weird thing 2% of our machines don't receive the encryption policy so 300 machines are still without encryption. The others went well

[AVP.Riga]

Sorry, Guys. I have the issues with MBAM too.

MBAM event admin log is:

Unable to connect to the MBAM Recovery and Hardware service.

Error code:
-2147024809 

Details:
The parameter is incorrect.

And....

ReasonsForNoncompliance               : {1, 15, 3}

Could you please give some advices, I tried to google it, without any success. SCCM version is: 2103

I tried to delete C:\Windows\System32\GroupPolicy\Machine\Registry.pol and enforce MBAM by changing:

SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
OsEnforcePolicyPeriod
compliance rule = 0

SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
UseOsEnforcePolicy
compliance rule = 1

Thank you in advance and have a great weekend!