Bitlocker: Encryption does not start

  • Article ID: 120416
  • Updated: 12 Dec 2014

Issue
BitLocker encryption does not start even though correct policies have been assigned and were applied on the client. 

First seen in


SafeGuard BitLocker Client 6.10.0

Operating systems

Windows 7, Windows 8, Windows 8.1

Cause
Common reasons for this are:

  • A bootable CD is in the drive (must be ejected to start the encryption process) 
  • A bootable USB stick attached (must be ejected to start the encryption)
  • A GPO is defined which is not supported in combination with BitLocker Management by SGN.
  • The drive is not properly prepared for Bitlocker encryption (can be done using the Bitlocker Drive Preparation tool BdeHdCfg.exe) 
  • TPM is not activated (but defined as protector)

Only the following BitLocker group policies (GPOs) should be configured if BitLocker is managed by SGN:

  • Require additional authentication at startup
  • Allow BitLocker without a compatible TPM
  • Enable use of BitLocker authentication requiring preboot keyboard input on slates
  • Configure minimum PIN length for startup
  • Turn on TPM backup to Active Directory Domain Services

What to do

Ensure that all other BitLocker group policies are left as default. Otherwise they might be overruled by SafeGuard policies or even lead to conflicts with the SafeGuard BitLocker management.

Example: Activating the group policy setting "Do not enable Bitlocker until recovery information is stored to AD for operating system drives" leads to encryption failing to start if you are using SafeGuard Bitlocker Challenge/Reponse.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments