2 Replies Latest reply on Feb 13, 2017 1:36 PM by rplieth

    One system with MNE reporting "Unable to determine status"

    rplieth

      Hi,

       

      I have one system with BitLocker enabled and fully encrypted yet MNE is reporting back the following in ePO under Native Encryption Properties:

      Status:  No Status Available

      System Encryption Status:  Unable to determine Status

      Bitlocker Protection Status:  Unknown

       

      Attached are MNE logs, hoping to not have to rebuild/replace.  I've already tried uninstalling MNE > Turning off BitLocker > Clear TPM > Reinstall MNE > Re-enable BitLocker with the same end result.  Here are a few related lines from the logs:

      02/07/2017 03:59:53.250 PM MNEService(2584,3648) <SYSTEM> BitLockerProtectionFunctor.Warning: BitLocker API returned a status of "Unknown" protection status from GetProtectionStatus for volume Volume{a4e3622f-a825-11e6-a48a-e4a7a0f48d45}\
      02/07/2017 03:59:53.250 PM MNEService(2584,3648) <SYSTEM> BitLockerProtectionFunctor.Warning: This probably indicates that this volume is locked.
      02/07/2017 03:59:53.250 PM MNEService(2584,3648) <SYSTEM> BitLockerProtectionFunctor.Warning: Therefore cannot determine overall BitLocker protection status for this system.  Setting to "Unable to determine"

        • 1. Re: One system with MNE reporting "Unable to determine status"
          hhoang

          Your debug log actually shows the volume as protected:

           

           

          02/07/2017 04:22:19.879 PM MNEService(2584,3648) <SYSTEM> BitLockerProtectionFunctor.Debug: GetProtectionStatus returned protected

          02/07/2017 04:22:19.894 PM MNEService(2584,3648) <SYSTEM> BitLockerProtectionFunctor.Warning: BitLocker API returned a status of "Unknown" protection status from GetProtectionStatus for volume Volume{a4e3622f-a825-11e6-a48a-e4a7a0f48d45}\

           

           

          Not sure why it is then reporting unknown after the fact.  If you run the following powershell command it will list the volume GUIDs on that system:

           

          GWMI -namespace root\cimv2 -class win32_volume | FL -property DriveLetter, DeviceID

           

           

          After you know what driver letter/ volume name to reference run the Bitlocker command line to see if the status is indeed protected:

           

          manage-bde -status

           

           

          At least based on logging it seems to be a false-negative.  Is this the only system having this problem?

          • 2. Re: One system with MNE reporting "Unable to determine status"
            rplieth

            This is indeed the only system.  I just replaced it and will re-image and see if it recurs.  If so, I'll look at possible TPM issues.