Hi All, We've implimented Windows 7 to our organisation, but we're having some sporadic issues with BitLocker. We've recently bought in Toshiba Z830 laptops (TPM 1.2, BIOS Ver 1.6) to our fleet and we're finding in about 10% of rebuilds (using PXE F12 boot or SCCM deployment) that the BitLocker starts to encrypt the C drive, but suspends itself before completion. When the user logs in when being issued the laptop there is a prompt in the task bar telling them that their drive encryption is in a suspended state. We can start the encryption again at this point with administrator credentials, but this is still a problem. I've had a look through the event logs on a machine that currently has bitlocker suspended, but can't locate anything that seems relevant. We also can't predict what is causing the issue at this stage as we can't replicate it, it just appears to be random. Any suggestions?

Hi , Base on my knowledge, suspend BitLocker will temporarily decrypt the drive. You can suspend BitLocker on an operating system drive to make TPM changes and operating system upgrades. On a data drive, you simply decrypt the drive. This feature will be enabled after finishing the encryption and only available for operating system drive. Regarding this issue, could you tell me how did you deploy the BitLocker? You may check the configurations of BitLocker deployment to see if there are some configurations about suspend BitLocker. These articles for your reference: http://technet.microsoft.com/en-us/library/dd875547(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee424315(v=WS.10).aspxTracy Cai TechNet Community Support

Hi , Base on my knowledge, suspend BitLocker will temporarily decrypt the drive. You can suspend BitLocker on an operating system drive to make TPM changes and operating system upgrades. On a data drive, you simply decrypt the drive. This feature will be enabled after finishing the encryption and only available for operating system drive. Regarding this issue, could you tell me how did you deploy the BitLocker? You may check the configurations of BitLocker deployment to see if there are some configurations about suspend BitLocker. These articles for your reference: http://technet.microsoft.com/en-us/library/dd875547(v=ws.10).aspx http://technet.microsoft.com/en-us/library/ee424315(v=WS.10).aspxTracy Cai TechNet Community Support

Hi Tracy, Thank you for replying, we currently deploy BitLocker using 'Enable BitLocker' within the SCCM Task Sequence. Some things to note, we do not need to know how to suspend BitLocker, we have a specific issue with a new piece of hardware that is different to our previous types of hardware. We have been using this method to deploy BitLocker to HP Laptops and Desktops for 2 years and are only now seeing an issue with the Toshiba Z830 laptops. One of the differences that we can see between our currently successful system and the new ones, is that the Toshiba Z830s have a solid state drive, where as the HPs did not. Could this be partially to blame? To throw another spanner in the works, we're also not seeing BitLocker fail all the time, only in less than 10% of the machines. These machines that fail, have not been touched by a user, and are failing at random. If you can suggest some logs to check or settings to check, I would be grateful.

Hi Tracy, Thank you for replying, we currently deploy BitLocker using 'Enable BitLocker' within the SCCM Task Sequence. Some things to note, we do not need to know how to suspend BitLocker, we have a specific issue with a new piece of hardware that is different to our previous types of hardware. We have been using this method to deploy BitLocker to HP Laptops and Desktops for 2 years and are only now seeing an issue with the Toshiba Z830 laptops. One of the differences that we can see between our currently successful system and the new ones, is that the Toshiba Z830s have a solid state drive, where as the HPs did not. Could this be partially to blame? To throw another spanner in the works, we're also not seeing BitLocker fail all the time, only in less than 10% of the machines. These machines that fail, have not been touched by a user, and are failing at random. If you can suggest some logs to check or settings to check, I would be grateful.

As this issue is related in SCCM, it is recommended to post a new question in the SCCM Forums for further discussion. The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.Tracy Cai TechNet Community Support

As this issue is related in SCCM, it is recommended to post a new question in the SCCM Forums for further discussion. The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.Tracy Cai TechNet Community Support

You are correct in that we are using SCCM to deploy the SOE to our machines, but the issue is not with the SCCM component. The issue is with the BitLocker component. I do not feel that moving my thread to the SCCM forums will be of benefit as I don't need assistance with the SCCM side of things. I require assistance with BitLocker. We have not had any issues with deploying as we're able to get successful builds, the issue is where BitLocker suspends itself ONCE it's on the machine. Also note, that I mentioned we have been using this process to deploy BitLocker to other machines for over 2 years without any problem. This is not an issue with SCCM. If the problem was that the machines weren't getting BitLocker at all, I would have posted on the SCCM forums, but as that isn't the case, it would appear it is not an SCCM issue. I would appreciate you looking into this issue further.

We're still seeing the issue occurring about 10% of the time. We've started investigating with Toshiba to see if they have any ideas.

We're still seeing the issue occurring about 10% of the time. We've started investigating with Toshiba to see if they have any ideas.

Further to this, Toshiba have never seen the issue before and have made a valid point. If TPM is ok (which it looks like it is), it's likely to be an MS process given that they are working 90% of the time. Anyone have any thoughts on this?