I am having issues with BitLocker from SCCM

Randy Miller 1 Reputation point
2021-06-16T20:29:42.023+00:00

On a couple laptops I am getting an error in the logs and the laptops are not encrypting.

Volume ID is not a proper GUID. BitlockerManagementHandler 6/16/2021 4:20:39 PM 4976 (0x1370)
Unable to add volume \?\Volume{a666de71-952d-4514-9286-3dc935c3f83d}\ XML to key escrow payload. 0x800401f3 BitlockerManagementHandler 6/16/2021 4:20:39 PM 4976 (0x1370)
Volume ID is not a proper GUID. BitlockerManagementHandler 6/16/2021 4:20:39 PM 4976 (0x1370)
Unable to add volume \?\Volume{367f9200-5673-48bc-90a7-cf0b30a204a8}\ XML to key escrow payload. 0x800401f3 BitlockerManagementHandler 6/16/2021 4:20:39 PM 4976 (0x1370)
All volumes failed to add XML to message payload. BitlockerManagementHandler 6/16/2021 4:20:39 PM 4976 (0x1370)

Microsoft Configuration Manager
{count} votes

8 answers

Sort by: Most helpful
  1. BryanB 26 Reputation points
    2021-08-18T19:24:41.603+00:00

    I had the same errors mentioned by the other posts in this thread. For me it came down to this note in the Bitlocker Management documentation:

    If a remote desktop protocol (RDP) connection is active, the MBAM client doesn't start BitLocker Drive Encryption actions. Close all remote console connections and sign in to a console session with a domain user account. Then BitLocker Drive Encryption begins and the client uploads recovery keys and packages. If you sign in with a local user account, BitLocker Drive Encryption doesn't start.

    Any machines I logged in to the console session with a domain user account started the encryption process without issue after the next compliance check (90 minutes in my environment). For spare or guest machines that aren't regularly used and had no one logged in, running "Manage-bde -on c:" via SCCM remotely also successfully encrypted and escrowed the recovery keys.

    1 person found this answer helpful.
    0 comments No comments

  2. Fergal 1 Reputation point
    2021-06-21T09:16:33.063+00:00

    We are also having the same issue with SCCM 2103 using enhanced http

    0 comments No comments

  3. Andreas 1 Reputation point
    2021-06-24T11:38:59.497+00:00

    We also have this issue on several clients with SCCM 2103

    0 comments No comments

  4. shogo 1 Reputation point
    2021-07-20T13:40:56.057+00:00

    I am also seeing this on clients in SCCM 2103.
    And then it continues and i also see this:

    Attempting to launch MBAM UI BitlockerManagementHandler 2021-07-20 15:41:18 106220 (0x19EEC)
    [Failed] Could not get user token - Error: 800703f0 BitlockerManagementHandler 2021-07-20 15:41:18 106220 (0x19EEC)
    Unable to launch MBAM UI. Will try again later. BitlockerManagementHandler 2021-07-20 15:41:18 106220 (0x19EEC)

    But result does not seems consistent.


  5. ben 21 Reputation points
    2021-07-21T16:00:37.26+00:00

    Same thing with HTTPS enable sites in SCCM 2010

    <![LOG[Processing group policy UseFddEnforcePolicy, enforce mode is ON]LOG]
    <![LOG[Bitlocker Management rule BitLockerManagementSettings_UseFddEnforcePolicy is compliant]LOG]
    <![LOG[Executing key escrow task.]LOG]!
    <![LOG[Volume \?\Volume{4b29a35a-6067-4e22-8496-374f1892552a}\ of type 1 has compliance status 0]LOG]!
    <![LOG[Adding numerical password to volume \?\Volume{4b29a35a-6067-4e22-8496-374f1892552a}.]LOG]
    <![LOG[Key for volume needs to be escrowed.]LOG]!>
    <![LOG[Volume ID is not a proper GUID.]LOG]!>
    <![LOG[Unable to add volume \?\Volume{4b29a35a-6067-4e22-8496-374f1892552a}\ XML to key escrow payload. 0x800401f3]LOG]!>
    <![LOG[All volumes failed to add XML to message payload.]LOG]!>
    <![LOG[Unable to get volume payload to escrow keys. 0x80004005]LOG]!>
    <![LOG[Error escrowing keys. 0x80004005]LOG]!><

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.