This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BitLocker Could not be enabled. WIN10Pro Build 1709 SGN8

Hi

We have just upgraded to SGN8

 

When trying to install SGN8 (with C/R) on a client with WIN10 Pro Build 1709, it goes through fine and then reboots after the config install.

 

I then login as the user, get the initial user sync and i'm asked to enter a PIN/Password for BitLocker. I do this and then hit the Encrypt and Reboot

 

when I reboot I don't get the BitLocker Screen to enter the PIN/Password (normally at this point I would see the BitLocker login screen) it goes straight to the Windows login screen

 

I log back in as the user and I get the following error message

"BitLocker could not be enabled. the BitLocker encryption key cannot be obtained from the startup key or recovery password. verify that you have the correct startup key or recovery password and try again. C: was not encrypted)"

 

When installing without C/R it will encrypt fine. Also if I install SGN8 with C/R on an older build of WIN10 it with encrypt fine

 

I've logged it with Sophos and they have said it Group Policy setting but I'm struggling to fine them

 

Can anyone recommend these settings

 

Thanks

Daniel



This thread was automatically locked due to age.
Parents
  • I may have this, but not with C/R installed.

    Have you used an image on your machines ? I experienced the same as you when trying to enable encryption on machines that had been imaged in BIOS mode on our Dell machines. On re-imaging in UEFI mode, i was then able to encrypt.

    To check what mode your machine is in.

    start>msconfig - Under system summary look for the entry BIOS Mode. 

     

    Another thing - is the machine a tablet devide with detachable keyboard? if so, look here

     

    blogs.technet.microsoft.com/.../

     

Reply
  • I may have this, but not with C/R installed.

    Have you used an image on your machines ? I experienced the same as you when trying to enable encryption on machines that had been imaged in BIOS mode on our Dell machines. On re-imaging in UEFI mode, i was then able to encrypt.

    To check what mode your machine is in.

    start>msconfig - Under system summary look for the entry BIOS Mode. 

     

    Another thing - is the machine a tablet devide with detachable keyboard? if so, look here

     

    blogs.technet.microsoft.com/.../

     

Children
No Data