unable to enable bitlocker on new Intune enrolled device RRS feed

  • Question

  • We are deploying win10 images via winPE but am unable to run he 'c:\windows\system32\reagentc.exe /enable' (from the SetupComplete.cmd) which appears to be a prerequisite for enabling BitLocker via InTunne MDM. We had it configured prior to win10 1903 and seemed to all work before.

    Bitlocker seems to fail and I find that it may be most likely due to the fact the WinRE doesn’t seem to be ebaled…the errors tahtappear inevent viewer are ID 851. I have tested this and as soon as I enable it manually Bitlokcer enables fine (silently in the backgroud) without any issue.

    Any known issues since win 10 1903 or logs I should be aware of when trying to enable bit Locker for new devices?

    thedevice is a surface pro - not joined to the domain bu enrolled via azure ad

    Friday, November 8, 2019 5:25 PM

All replies

  • In the BitLocker report, does it show in the status "Windows Recovery Environment (WinRE) isn't configured"? BitLocker report is here

    Also check the last post here regarding Windows Recovery Environment
    Saturday, November 9, 2019 2:20 AM
  • Hi,

    The encryption status shows as 'Not Encrypted'. I have seen the post and understand that WinRE is a perquisite for configuring bitlocker via Intune. Once I enable WinRE (reagentc /enable) the config profile applies successfully after a few mins and then shows as 'encrypted' (after a few hours)

    Perhaps my question should be, during the initial OS install via WinPE, how can you enable this (either before or after enrolment), as the comand doesn't seem to work in the setupcomplete.cmd. However, it did used to work seemlessly prior to Windows 10 1903 (ie. Worked fine with 1809,etc)

    Monday, November 11, 2019 8:33 AM
  • > "during the initial OS install via WinPE"

    Can you please define exactly what this means? Are you using MDT, ConfigMgr, or something else?

    Jason | | @jasonsandys

    Wednesday, November 13, 2019 3:11 AM