Hey,
I'm having trouble enabling hardware encryption with Bitlocker using Windows 10 build 10586 on a clean install with a Samsung 850 SSD. The encryption worked flawlessly before on build 10240.
I've spent hours and attempted multiple solutions and made several tests.
As mentioned, on the same machine, if clean installing build 10240 (RTM, before November update) right now, the encryption works.
I have UEFI on with Legacy/CSM off, Fast Boot on, Secure Boot on, and a clean GPT installation after using the 'diskpart clean' command.
As always, it's required to change a group policy to allow additional authentication at startup. I did that.
On a clean installation of build 10586, the wizard will say 'parameter is incorrect' when attempting to start encryption.
Microsoft did announce some Bitlocker-related changes for build 10586: https://technet.microsoft.com/en-us/library/mt403325
There are also new group policies added. I've tried all combinations. They now allow you to try and force a specific encryption cipher. Samsung uses XES-AES256. I tried forcing that (as well as all other combinations) but the same error returns.
Now, here's where it gets interesting, and possibly why no reports about this have surfaced yet:
If you enable the encryption on build 10240, and then upgrade to 10586, the encryption will remain and will work properly on build 10586.
If you then attempt to 'Reset this PC', and choose the 'keep nothing' option, it will warn you that bitlocker will be disabled. Once it's done cleaning, if you attempt to enable encryption, it will again show the error.
Even if you don't reset the PC, but simply disable Bitlocker on 10586 and then attempt to re-enable it, it will no longer work.
tl;dr: Hardware encryption via Bitlocker on build 10586 cannot be enabled on a clean install. Currently-known workaround is installing 10240, encrypting it, then upgrading to 10586.
Any solutions would be appreciated, thanks!
I'm having trouble enabling hardware encryption with Bitlocker using Windows 10 build 10586 on a clean install with a Samsung 850 SSD. The encryption worked flawlessly before on build 10240.
I've spent hours and attempted multiple solutions and made several tests.
As mentioned, on the same machine, if clean installing build 10240 (RTM, before November update) right now, the encryption works.
I have UEFI on with Legacy/CSM off, Fast Boot on, Secure Boot on, and a clean GPT installation after using the 'diskpart clean' command.
As always, it's required to change a group policy to allow additional authentication at startup. I did that.
On a clean installation of build 10586, the wizard will say 'parameter is incorrect' when attempting to start encryption.
Microsoft did announce some Bitlocker-related changes for build 10586: https://technet.microsoft.com/en-us/library/mt403325
There are also new group policies added. I've tried all combinations. They now allow you to try and force a specific encryption cipher. Samsung uses XES-AES256. I tried forcing that (as well as all other combinations) but the same error returns.
Now, here's where it gets interesting, and possibly why no reports about this have surfaced yet:
If you enable the encryption on build 10240, and then upgrade to 10586, the encryption will remain and will work properly on build 10586.
If you then attempt to 'Reset this PC', and choose the 'keep nothing' option, it will warn you that bitlocker will be disabled. Once it's done cleaning, if you attempt to enable encryption, it will again show the error.
Even if you don't reset the PC, but simply disable Bitlocker on 10586 and then attempt to re-enable it, it will no longer work.
tl;dr: Hardware encryption via Bitlocker on build 10586 cannot be enabled on a clean install. Currently-known workaround is installing 10240, encrypting it, then upgrading to 10586.
Any solutions would be appreciated, thanks!
Facebook
Twitter