Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 7 subscribers
  • Views 10631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bitlocker not encrypting, bad password?

Steven Spray

Hi all

I'm having a problem encrypting one of our laptops.

I have installed all three packages; Prerequisite, Client setup and Client config. I have successfully contacted the SafeGuard server, synced and registered the user. When the laptop gets rebooted for a final time, just before encryption kicks off, I receive a Windows error message stating that "Bitlocker could not be enabled" followed soon by a Sophos error message stating that the pin I entered before reboot was not the same as the pin I entered at boot. I have attached both screenshots to this thread.

                  

Now, I have tried...

1) To manually enabled/activate Bitlocker but Sophos keeps taking ownership of this upon the next reboot and the problem is realised again.
2) Enter basic/simple passwords like qwerty or 1234567890 so I know for sure I entered it correctly and to avoid the EN-US keyboard hubub shortcoming of Bitlocker.
3) Reinstall all three packages.

But I still get the same issue.

Any ideas anyone?

Thanks for reading



This thread was automatically locked due to age.
  • 0

    We have two of these laptops showing the same issue. It is the same laptop as the one in this thread but not showing the same symptoms. This thread is still unanswered though...

    https://community.sophos.com/products/safeguard-encryption/f/sophos-safeguard-products/76435/asus-ux-303-u-laptop-with-windows-10-bitlocker-question

    Any help anyone?

  • 0

    Okay so I experience the exact same behaviour as the other user in the other thread now.

    I again uninstalled all Sophos files and rebooted. After reboot I tried to manually enable Bitlocker. After another reboot, I could see that Bitlocker was finally happy and started encrypting the drive. After encryption and yet another reboot, I then proceeded to again install the Sophos files. My hope was that Sophos will merely take over at this point (having struggled to take ownership as before) and at first this is what it looked like.

    After the Sophos install and reboot, I started getting very disconcerting errors at boot, saying something to the extent of "something's changed, you need to enter your Bitlocker recovery key. Right, fortunately I have saved this. I had to enter this extremely long number in twice but finally I managed to successfully boot into Windows.

    I saw a new Sophos Bitlocker screen (attached below) that looked rather truncated compared with the normal one I'm accustomed to but a positive one regardless, asking me to enter the new PIN for Bitlocker.

    I can now see this laptop in the Management Console and also that POA is finally activated. However, after each reboot I see the usual yellow message "press any key in x seconds to start the Bitlocker recovery" but this is shown TWICE. After waiting the 8 seconds (4 seconds for each yellow message) I get the opportunity to enter the Bitlocker PIN. As soon as I enter the PIN successfully, I get another Bitlocker Recovery screen (attached below) essentially giving me two options; 1) Press enter to reboot and try again or 2) Press esc for more recovery options. I hit enter, see the yellow prompt and enter the Bitlocker PIN again and now the laptop boots up.

    BTW, anyone can feel free to just jump in here at any time and share some knowledge please, I'm a little tired of talking to myself.

           

  • 0

    Dear Steven,

    it looks like Win10, right? Sorry if i missed it.

    We had this problem when we imaged our latest Lenovo laptops with Win10 while on the laptops the security chip TPM 2.0 (INTEL-PPT) was activated and our W10 image was installed in "Legacy" mode because of our "old" SCCM server (not SCCM vNext).

    This is normally not an error from Safeguard Enterprise. We were also not able to activate bitlocker without Safeguard Enterprise software installed. The solution for them moment was to change the BIOS security chip (screenshot) settings from TPM 2.0(INTEL PPT-latest TPM) to TPM 1.2 (discrete TPM-still save). After that everything works fine. Maybe it´s not bad to clear the secure chip too.

    With SCCM vNext you should be able to install Win10 in "UEFI" mode and TPM 2.0 activated. At the moment I can not confirm this. So it tepends on how you install Win10.

    Hope this helps.

    Best regards

    Alf

     

     

     

     

Unfiltered HTML