I've been writing a GUI tool as a BitLocker enhancement, using Visual Studio 2008 and the WMI class Win32_EncryptableVolume. The purpose of this tool is to support nearly every BitLocker function available in an easy-to-use GUI that will enable users on all BitLocker-capable versions of Windows (Vista, Server 2008, 7 and Server 2008 R2) to encrypt all of their drives, internal and external, including flash drives.As I've developed this application, I've used several computers for testing. One has Windows Vista Enterprise x86; the others have either Windows 7 Ultimate (RTM) x64 or Windows Server 2008 R2 (RTM) x64. I use my application, as well as manage-bde and BitLocker wizards to run repeated tests, verifications, etc.A peculiar case popped up today, and it has to do with enabling automatic unlocking and key protector management on one of my drives on one of the test machines. Whenever I try to use the BitLocker wizard (right-click the drive > Manage BitLocker > Turn on Automatic Unlocking on this Computer), I get a red circle with an X and a message that says very plainly, "Element not found."I decided to give my GUI application a try at it, and it reported back to me the following:1. The external key (BEK) protector was successfully created. (A BEK must be added that you enable as the auto-unlock key--at least through WMI.)2. Enabling auto-unlock failed with the error 0x80070490 ELEMENT_NOT_FOUND.3. Subsequent attempt to delete the aformentioned BEK also failed, also with 0x80070490 ELEMENT_NOT_FOUND.Interestingly, I can manually add BEK key protectors to the drive, but I can't delete them. Any attempt to delete them generates element not found.Here's the breakdown on the computer in question:HP d5200t / Intel Q9650 quad core 3.0 GHz / 8 GB RAMOnboard SATA controller (RAID capable), supports 6 devicesPrimary HDD: 640 GB SATASecond HDD: 320 GB SATA3 & 4 devices: DVD+-RW, BD-ROM5&6 HDD: Twin 250 GB SATA in hardware RAID-1 configurationI have a dual-boot configuration:The primary HDD contains the Windows Boot Manager in a 100 MB hidden partition named System Reserved. The primary HDD also contains Windows 7 Ultimate x64. The 3 & 4 HDD RAID-1 leverages the Windows Boot Manager on the primary HDD, contains Windows Server 2008 R2 x64.This problem occurs ONLY when I'm running in Windows 7:Drive C is the OS drive, and is encrypted. (Windows 7)Drive D is the RAID-1 drive, and is encrypted. (Windows Server 2008 R2)Drive E is the second (320 GB) HDD, is a data drive, and is encrypted.I have a few USB and one FireWire HDDs hooked up as well, all of which are encrypted.I am able to enable auto-unlock on the E drive, as well as the USB and FireWire drives without issue in Windows 7. ONLY the D drive gives me a problem.When I boot in Windows Server 2008 R2:Drive C is the OS drive, and is encrypted. (Windows Server 2008 R2 - note that the OS drive sees itself as "C" (it was "D" in Windows 7))Drive D is the second (320 GB) HDD.Drive E is the Windows 7 drive.I am able to enable auto-unlock on all of the volumes (except the OS volume -- you cannot enable auto-unlock on the currently running OS volume). Interestingly, I am able to enable auto-unlock on the volume containing Windows 7!I came across an article where someone had an issue with a Windows Vista Restore, where "element not found" popped up. This individual traced the problem back to the BIOS, where he mentioned that even though he had "USB boot priority" turned off in the BIOS, an externally-attached USB disk was still showing as the first boot option in the hard drives. By putting his actual boot drive first, he was able to fix the problem. I checked my BIOS, and everything seemed okay, but I decided to take things one step further and DISCONNECTED all of my USB drives and the FireWire drive. So now the only disks attached were the four internal SATA drives.My question(s) thus are:1. Why can I enable auto-unlock on all volumes except the one (that happens to contain another Windows 7 family OS)?2. Why can I perform SOME BitLocker tasks like ADDING key protectors to the volume in question, but not others (like enabling auto-unlock or deleting key protectors)?3. Why am I able to perform ALL BitLocker tasks on ALL volumes when I bootto Windows Server 2008 R2?Because of my testing, I admit that I had tinkered with group policy, both locally and via domain, including enabling FIPS compliance. Before I posted this note, I reverted all policy settings back to their defaults and even rebooted for good measure, and also did a gpupdate /force /boot (with another reboot) just to be absolutely certain that the policies were back to their defaults. This did NOT fix the problem. I didn't think it would, since the Windows 7 installation and Server 2008 R2 installation utilize the same Active Directory policy, obtained from a Server 2008 R2 domain controller.I checked the event logs to see if anything possibly would provide a clue, but I see nothing posted by BitLocker, BDE or FVE.Here are two dumps from bcdedit (both taken from Windows 7). One shows the identifiers (/enum) and the other has names (/v). Perhaps there is something in here that isn't configured correctly? I made only one change to this. I installed Windows 7 first, followed by Server 2008 R2; I ran bcdedit to change the default boot to Windows 7.C:\Windows\system32>bcdedit /v Windows Boot Manager--------------------identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale en-USinherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}default {3cc8eb1f-853e-11de-a0f6-93f6b1f3d58c}resumeobject {3cc8eb1e-853e-11de-a0f6-93f6b1f3d58c}displayorder {3cc8eb23-853e-11de-a0f6-93f6b1f3d58c} {3cc8eb1f-853e-11de-a0f6-93f6b1f3d58c}toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}timeout 30 Windows Boot Loader-------------------identifier {3cc8eb23-853e-11de-a0f6-93f6b1f3d58c}device partition=D:path \Windows\system32\winload.exedescription Windows Server 2008 R2locale en-USinherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}recoveryenabled Noosdevice partition=D:systemroot \Windowsresumeobject {3cc8eb22-853e-11de-a0f6-93f6b1f3d58c}nx OptOuthypervisorlaunchtype Auto Windows Boot Loader-------------------identifier {3cc8eb1f-853e-11de-a0f6-93f6b1f3d58c}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale en-USinherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}recoveryenabled Noosdevice partition=C:systemroot \Windowsresumeobject {3cc8eb1e-853e-11de-a0f6-93f6b1f3d58c}nx OptIn C:\Windows\system32>bcdedit /enum Windows Boot Manager--------------------identifier {bootmgr}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale en-USinherit {globalsettings}default {current}resumeobject {3cc8eb1e-853e-11de-a0f6-93f6b1f3d58c}displayorder {3cc8eb23-853e-11de-a0f6-93f6b1f3d58c} {current}toolsdisplayorder {memdiag}timeout 30 Windows Boot Loader-------------------identifier {3cc8eb23-853e-11de-a0f6-93f6b1f3d58c}device partition=D:path \Windows\system32\winload.exedescription Windows Server 2008 R2locale en-USinherit {bootloadersettings}recoveryenabled Noosdevice partition=D:systemroot \Windowsresumeobject {3cc8eb22-853e-11de-a0f6-93f6b1f3d58c}nx OptOuthypervisorlaunchtype Auto Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale en-USinherit {bootloadersettings}recoveryenabled Noosdevice partition=C:systemroot \Windowsresumeobject {3cc8eb1e-853e-11de-a0f6-93f6b1f3d58c}nx OptInSorry if this post was so long. I wanted to be sure I didn't leave anything out. If you need more detail please let me know!Best regards,Matt