This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 10%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
We are suddenly getting issues where bitlocker policies are getting applied on computers but it does not encrypt it automatically.
We checked and can see it has latest version of Windows installed 1909 and also latest MDOP MBAM application is installed.
All policies are also applied correctly as it is working properly on test machines.
In Event Viewer we get message to upgrade BIOS of system but after upgrading BIOS also it is not auto encyrpting.
Below is the event, please suggest solution :
Log Name: Microsoft-Windows-MBAM/Admin
Source: Microsoft-Windows-MBAM
Date: 2021/2/9 15:19:09
Event ID: 2
Task Category: VolumeEnactmentFailed
Level: Error
Keywords:
User: SYSTEM
Computer: ABC
Description:
An error occurred while applying MBAM policies.
Volume ID:\?\Volume{d3c8a909-0000-0000-0000-100000000000}\
Error code:
-2144272312
Details:
BitLocker Drive Encryption cannot be enabled on the operating system drive. Contact the computer manufacturer for BIOS upgrade instructions.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-MBAM" Guid="{}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>65532</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2021-02-09T07:19:09.263620900Z" />
<EventRecordID>1747</EventRecordID>
<Correlation />
<Execution ProcessID="12876" ThreadID="14572" />
<Channel>Microsoft-Windows-MBAM/Admin</Channel>
<Computer>ABC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="VolumeId">\?\Volume{d3c8a909-0000-0000-0000-100000000000}\</Data>
<Data Name="ErrorCode">-2144272312</Data>
<Data Name="ErrorString">BitLocker Drive Encryption cannot be enabled on the operating system drive. Contact the computer manufacturer for BIOS upgrade instructions.
</Data>
</EventData>
</Event>
Hi,
Please Verify that the BIOS Mode setting is UEFI and not Legacy.
Kindly refer to this doc:
Event ID 851: Contact the manufacturer for BIOS upgrade instructions
Best regards.
**
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for your reply, I will check it after 18th feb as currently users are on holidays due to chinese new year
Sounds great!
Thank you for the reply.