Forum Discussion
Tomnibus_MedOne
Jan 13, 2021Brass Contributor
Bitlocker Failing to encrypt Error: -2016346112 (No Error Code)
I'm just learning Intune and I'm setting up everything for the first time. I setup BitLocker I have my settings below. On my Virtual machine that I connected with Autopilot, Bitlocker encrypted the d...
DavidStewart-Palapanou
Jan 19, 2021Copper Contributor
Tomnibus_MedOne- You should be able to verify the conflicting setting by going to the device that has the conflict, selecting the setting under configuration profiles, and it should list where the setting has come from and the names of the profiles that are causing the conflict. Check the endpoint security section within the device blade as well. If you're using Microsoft Defender ATP security baseline, I think the built-in template defaults to a different level of encryption for removable media so you might find there's a conflict in there.
Tomnibus_MedOne
Jan 19, 2021Brass Contributor
DavidStewart-Palapanou Okay, I double-checked. I had to re-enable some of the settings under Configuration Profiles and then set the sub-settings to not configured, then set the main settings to not configured.
However, after doing that, I still get the same -2016346112 error with the error code 0x87d10000
Perhaps the above event viewer message about auto encryption is just that, it won't do auto encryption.
Oh, also, I'm a global admin and testing on a machine I am an administrator for. So the standard user thing isn't an issue for me (yet).
- DavidStewart-PalapanouJan 19, 2021Copper Contributor
Tomnibus_MedOne- Did you reset the device so that it goes through OOBE with Autopilot again after making changes? Any changes you apply won't retrospectively apply, you'll need to reset it. When your device goes through OOBE, use manage-bde -status to verify that encryption is in progress once you've logged into the device with the standard user account after setup completes all thre stages. The next time the device checks in after signing in, its status should sort itself out. It might still show that error code until OOBE has finished and the device checks in so give it ~15 minutes or so after signing in before checking.
Also you'll need to ensure that the device has been decrypted first.- PerkarlLindbApr 18, 2023Copper Contributor
DavidStewart-Palapanou So we have had the same issues as above, bur can i just change/move my settings to endpoint security without direct impact on currently active PCs and users? This changes will hit first after reset and OOB?
Thanks!
- DavidStewart-PalapanouApr 19, 2023Copper Contributor
PerkarlLindb Any changes you want to apply will apply to the assigned users/devices at anytime, even if they have already completed OOBE. I would recommend isolating the changes to a single device/user if you are transitioning from one set of settings to another. If you are like-for-like transitioning, then theoretically, it should just work and it will take effect on existing PCs already enrolled, and new enrolments which undergo OOBE.
- Tomnibus_MedOneJan 19, 2021Brass Contributor
DavidStewart-Palapanou I did not because I'm attempting to install it on my Desktop machine that I have customized a lot. 🙂 I'll see what happens with some test machines.
- DavidStewart-PalapanouJan 19, 2021Copper Contributor
Tomnibus_MedOne- That makes sense. In that case, yes that'll be why there's no changes to the value you're getting in Intune. Try and build a Hyper-V Gen2 VM to test it. You'll need to ensure you have sorted the prerequisites, such as secure boot and TPM. Also, make sure there's no ISO mounted as a DVD.
Something like this will help:
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm