BitLocker Could not be enabled. WIN10Pro Build 1709 SGN8

Question

Hi 
 We have just upgraded to SGN8 
 
 When trying to install SGN8 (with C/R) on a client with WIN10 Pro Build 1709, it goes through fine and then reboots after the config install. 
 
 I then login as the user, get the initial user sync and i'm asked to enter a PIN/Password for BitLocker. I do this and then hit the Encrypt and Reboot 
 
 when I reboot I don't get the BitLocker Screen to enter the PIN/Password (normally at this point I would see the BitLocker login screen) it goes straight to the Windows login screen 
 
 I log back in as the user and I get the following error message 
 "BitLocker could not be enabled. the BitLocker encryption key cannot be obtained from the startup key or recovery password. verify that you have the correct startup key or recovery password and try again. C: was not encrypted)" 
 
 When installing without C/R it will encrypt fine. Also if I install SGN8 with C/R on an older build of WIN10 it with encrypt fine 
 
 I've logged it with Sophos and they have said it Group Policy setting but I'm struggling to fine them 
 
 Can anyone recommend these settings 
 
 Thanks 
 Daniel

MichaelMcLannahan · Answer

Morning Derek - If you manually enabled BitLocker and it worked then I would point the finger of blame at C/R I think. 
 
 I had lots of issues with C/R - similar to what you described and sadly the list of true hardware that's listed/recognised as compatible with Sophos SafeGuard C/R is small. 
 
 If you want to continue using C/R make sure it fits these requirements. For me it was easier to disable the function. 
 
 https://community.sophos.com/kb/en-us/120433 Note here that ALL HP's (which we have a lot of) are listed as NOT compatible! 
 
 I would recommend that you try this same procedure but without C/R (either by switch for the MSI or manually installing the client and disabling the C/R in the BitLocker section)