question

RAMESHKUMAR-9232 avatar image
0 Votes"
RAMESHKUMAR-9232 asked ChristianEromosele-6897 answered

Complance Error in MBAM Btlocker

Hi getting below Compliance error and most of the cases system is encrypted but protection type is off and system showing non compliance , please suggest for solutions.
1-An unknown error has occurred.
2-No Error
3-System partition not available or large enough.
4-Unable to find compatible TPM(System is in encrypted state but protection is off)
5-Waiting for TPM auto provisioning.(Most of the System is in encrypted state but protection is off)

windows-10-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @RAMESHKUMAR-9232

For this specific issue, "Waiting for TPM auto-provisioning.(Most of the System is in the encrypted state but protection is off)". You will have to run this command get-tpm to determine if TPM Auto-provisioning is enabled or disabled.

On Dell devices, this is automatically enabled starting from Windows 10 and if for some reason it is disabled, you can enable it using the following command: Enable-TpmAutoProvisioning Below is the link to a guide I have written on the resolution of this issue: https://techdirectarchive.com/2022/05/10/enable-or-disable-tpm-auto-provisioning-how-to-fix-waiting-for-tpm-auto-provisioning/

0 Votes 0 ·
TmanFromZA-6494 avatar image
0 Votes"
TmanFromZA-6494 answered ChristianEromosele-6897 commented

Sorry, not answering your question, but Getting the same/similar.

Machines are showing as "encrypted" in BitLocker, and also showing "encrypted" on the local device. But falls under non-compliant on MBAM

Struggling to get an accurate reporting on this, as MBAM is unable to breakdown this reporting according to Computer details

128609-image.png



image.png (46.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I can see the Cipher strength isn't defined and also the TPM protection state is off. Kindly take a look at the event viewer of this specific device. I have summarized all the possible errors in this guide:
- MBAM Report Errors: https://techdirectarchive.com/2022/03/03/mbam-report-errors-understanding-microsoft-bitlocker-administration-and-monitoring-compliance-state-and-error-status/



0 Votes 0 ·
ChristianEromosele-6897 avatar image
0 Votes"
ChristianEromosele-6897 answered

Hello @RameshkumarJatiya-0923 and @TmanFromZA-6494,

I have written a comprehensive guide describing all the errors you have stated above. Kindly take a look at the following links below;
- How to fix unable to find compatible TPM: https://techdirectarchive.com/2022/02/03/how-to-fix-unable-to-find-compatible-tpm/
- How to fix System Partition not available or large enough on Microsoft BitLocker Administration and Monitoring: https://techdirectarchive.com/2022/02/03/how-to-fix-system-partition-not-available-or-large-enough-on-microsoft-bitlocker-administration-and-monitoring/
- No Error: This could mean a lot of things. You haven't logged in interactively to the device. Via Remote Desktop Connection, this will not work. It could also be that the agent hasn't communicated with the MBAM server yet of its status. KIndly take a loot of the time defined via Grup Policy. You may just have to keep this device up and running and check afterward!

Addressing error "System check found some issues during MBAM encryption: Fail, the Power cable must be connected": https://techdirectarchive.com/2022/02/03/system-check-found-some-issues-during-mbam-encryption-fail-the-power-cable-must-be-connected/

Below is how to determine why an MBAM protected device is non-compliant
- https://techdirectarchive.com/2022/01/12/how-to-determine-why-an-mbam-protected-device-is-non-compliant/



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristianEromosele-6897 avatar image
0 Votes"
ChristianEromosele-6897 answered

Hello @RAMESHKUMAR-9232

For this specific issue, "Waiting for TPM auto-provisioning.(Most of the System is in the encrypted state but protection is off)". You will have to run this command get-tpm to determine if TPM Auto-provisioning is enabled or disabled.

On Dell devices, this is automatically enabled starting from Windows 10 and if for some reason it is disabled, you can enable it using the following command: Enable-TpmAutoProvisioning Below is the link to a guide I have written on the resolution of this issue: https://techdirectarchive.com/2022/05/10/enable-or-disable-tpm-auto-provisioning-how-to-fix-waiting-for-tpm-auto-provisioning/

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.