question

MattD-7613 avatar image
0 Votes"
MattD-7613 asked saldana-msft edited

BitLocker SCCM CB - Non-Compliance

New setup of CM. Setting up MBAM. Copied all settings that were in GPO. Everything works, but client still reports back as non-compliant for the Fixed Drive settings. Is there a log or something that can direct us to find the reason or the setting that is not compliant.

mem-cm-generalwindows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YoussefSaad avatar image
2 Votes"
YoussefSaad answered YoussefSaad edited

I think there is something doesn't match between MBAM and MEMCM in Bitlocker Management, I've resolved this compliance issue when I've encrypted the device using MEMCM and now it shows as compliant.

Regards,


Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to “Accept answer” or upvote for useful answers, thank you!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohnPine-4750 avatar image
0 Votes"
JohnPine-4750 answered

I am having the same exact issue as well. Hopefully there will be a resolution to the problem soon!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BenS-6590 avatar image
0 Votes"
BenS-6590 answered

Re-encrypting the drive did not change anything on my test system. It would still report back as non-compliant. There was a post somewhere else that looks similar and they were able to resolve by triggering a full hardware inventory on machines, but this also did not work for us. I can see what is set in the registry, what in the inventory and look at he policy and it all matches up as expected, just the report seems wrong.

We just closed our case this morning with Microsoft saying this is a bug with MECM 2010. The bug number I was given is 9321844.

When I find weird though is that its not consistent. We are seeing 19 different rules being triggered and showing system non-compliance. Out of ~30k systems (Win10 and Win7) we have 22k triggering one rule, 4k triggering another rule, a few hundred on another, ect... Obviously some systems are showing non-compliant for multiple rules but it almost seems random as to what rules flag a system. I even tracked it for week or so and sometimes (very infrequently) a system would show compliant one day then non-compliant the next then go compliant again. I even have some systems that show compliant and seem to be staying that way. It is very strange.

Hopefully Microsoft finds the issue and is able to correct it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DolotoRafalL-3635 avatar image
0 Votes"
DolotoRafalL-3635 answered

we having exactly the same issue...
Per the admx documentation we set the password to be disable as we are using fips
have exactly the same error .

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RaghuKeenLearner avatar image
0 Votes"
RaghuKeenLearner answered

Any update on this? Still facing the same issue. Was told that it would be fixed with SCCM 2103 but it is still there. Lost now

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.