1

System Configuration: Windows Server 2008 R2 Standard Disk Configuration: RAID1

We have a newly built system that is joined to a domain and has the proper GPOs for BitLocker already setup. We install bitlocker rebooting the machine as instructed. Next, we need to setup BitLocker so we run the following command:

bdehdcfg -target c: shrink -newdriveletter s: -size 1500

We receive the message: This computers hard drive is properly configured for BitLocker. It is not necessary to run BitLocker Setup.

The problem is, BitLocker is NOT ready to be installed at all...there is no additional partition for it to use and creating it manually and running a -merge recalls the same message about it already being configured.

The problem is, its not truly configured when looking at Disk Management the disks do not resemble the other machines in our environment where BitLocker properly works. It will begin encrypting and then fails halfway through.

Any Ideas?

sekernan
  • 51
  • 6

1 Answers1

1

While we didn't find the root cause of this problem, we did eventually find a workaround. We figured that the bdehdcfg commands were detecting the 100 MB System Reserved space on the disk, which is set up by default to help implement BitLocker. Utilizing this partition with BitLocker would lead us to eventual failure of the encryption process.

We found that we could delete that System Reserved partition (link), reboot, and then run the bdehdcfg commands somewhat successfully. I say somewhat because we did run into problems with the

bdehdcfg -target C: shrink -newdriveletter S: -size 1500

command exiting early. For example, running that command would sometimes result in an unnamed/unlettered partition sized at ~1.34 GB without any of the required boot files. To solve this, simply remove the created partition, set the active drive, restart, and run the command again.

We've tested this on two installations successfully.

sekernan
  • 51
  • 6