{"id":1699,"date":"2019-11-12T13:56:22","date_gmt":"2019-11-12T13:56:22","guid":{"rendered":"https:\/\/www.teal-consulting.de\/2019\/11\/12\/troubleshooting-bitlocker-on-server-2019-core\/"},"modified":"2020-02-13T08:03:34","modified_gmt":"2020-02-13T08:03:34","slug":"troubleshooting-bitlocker-on-server-2019-core","status":"publish","type":"post","link":"https:\/\/www.teal-consulting.de\/en\/2019\/11\/12\/troubleshooting-bitlocker-on-server-2019-core\/","title":{"rendered":"Troubleshooting Bitlocker on Server 2019 Core"},"content":{"rendered":"
[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_empty_space height=”50″][vc_row_inner row_type=”row” type=”full_width” text_align=”left” css_animation=””][vc_column_inner][vc_column_text]\n

Update: 08.01.2020<\/strong><\/h3>\n

Today we received a short update from Microsoft including an easier workaround. The problem as such is unfortunately not yet solved.<\/p>\n

The easy workaround is as follows:<\/p>\n

Bitlocker can be enabled, without uninstalling the Feature on Demand Packages if you configure the following Group Policy as shown in the screenshot:[\/vc_column_text][vc_single_image image=”2072″ img_size=”full” qode_css_animation=””][vc_column_text]Microsoft explained that with the policy configured the path to the executed code changes and as a result the error does not occur. It doesn\u2019t matter with encryption algorithm is used.[\/vc_column_text][vc_empty_space height=”20px”][vc_column_text]\n

Original article from 12.11.2019<\/strong><\/h3>\n

In one of our SAE projects we have once again discovered an interesting problem. This time it is about a bug in the interaction of Windows Server 2019 CORE, Bitlocker and the\u00a0App Compatibility Feature from\u00a0Microsoft<\/a>.<\/p>\n

Problem<\/h3>\n

In our SAE architecture, we use Server 2019 Core Edition. To still open some graphical consoles, we use the Server Core App Compatibility Feature on Demand. This makes it possible to use tools like the MMC console, the Eventviewer, PowerShell ISE and some more on a CORE system.<\/p>\n

Furthermore we want to encrypt our drives with Bitlocker. Usually a simple operation. However, when using the PowerShell command, we got the following error message:[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][vc_empty_space height=”20″][vc_single_image image=”1179″ img_size=”full” qode_css_animation=””][vc_empty_space height=”20″][vc_column_text]After a reboot we received the following error message:[\/vc_column_text][vc_empty_space height=”20″][vc_single_image image=”1180″ img_size=”full” alignment=”center” qode_css_animation=””][vc_empty_space height=”20″][vc_column_text]Also with the command “manage-bde -on C: -RP -S -USED” we had no success:[\/vc_column_text][vc_empty_space height=”20″][vc_single_image image=”1181″ img_size=”full” alignment=”center” qode_css_animation=””][vc_empty_space height=”20″][vc_column_text]\n

\u00a0Solution<\/h3>\n

A final solution is not yet available. The bug has been escalated to the Microsoft Engineering Team. Microsoft is currently working on a solution and will probably release an update.<\/p>\n

In order to move on in our project, we have developed the following workaround:<\/p>\n

1. uninstalling the App Compatibility feature:<\/p>\n

Remove-WindowsCapability -online -Name ServerCore.AppCompatibility~~~~0.0.1.0<\/em><\/p>\n

2. bitlocker encryption of all drives. Here is an example screenshot of the system partition:[\/vc_column_text][vc_empty_space height=”20″][vc_single_image image=”1182″ img_size=”full” alignment=”center” qode_css_animation=””][vc_empty_space height=”20″][vc_column_text]3. reinstalling the App Compatibility feature:
\nAdd-WindowsCapability -online -Name ServerCore.AppCompatibility~~~~0.0.1.0<\/em><\/p>\n

Sounds like a very simple workaround at first. But since we invested a lot of effort (TPM reset, repair installation etc.) to identify the bug, we want to inform you about this workaround.[\/vc_column_text][vc_empty_space height=”40″][vc_column_text]\n

Source: freepik.com<\/a><\/p>\n[\/vc_column_text][vc_empty_space height=”50″][vc_raw_html]JTNDYSUyMGhyZWYlM0QlMjJqYXZhc2NyaXB0JTNBaGlzdG9yeS5iYWNrJTI4JTI5JTIyJTNFJTNDc3BhbiUyMHN0eWxlJTNEJTIyY29sb3IlM0ElMjAlMjNmZjIwNzAlM0IlMjIlM0UlM0MlM0MlMjBCYWNrJTNDJTJGc3BhbiUzRSUzQyUyRmElM0U=[\/vc_raw_html][vc_empty_space height=”50″][vc_separator type=”small” position=”center” color=”#eeeeee” thickness=”2″ width=”1100″][vc_empty_space height=”100″][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_column_text]\n

LATEST POSTS<\/h2>\n[\/vc_column_text][vc_empty_space height=”30″]\n
\n