Data collection for troubleshooting the KES Bitlocker management error "The policy can not be applied" [KES for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article is about Kaspersky Endpoint Security for Windows (KES for Windows)

In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error:

Event type: The policy can not be applied.

Action: Encryption
Reason: The system drive is not compatible with the Microsoft BitLocker encryption.
Type of encryption: disk encryption
User: ....

and the same error is being logged in the Kaspersky Event Log as well, the following data should be collected in order to troubleshoot the issue.

Step-by-step guide

1. KES runtime traces collected during the error registration.

   Run KES product, turn traces on. Run "avp.com PBATESTRESET" command. Restart the product. Retry disk encryption and verify that the error has been logged again. Stop collecting traces and provide them for analysis.

2. Output of the following commands:
   - manage-bde -status 
   - wmic /namespace:\\ROOT\CIMV2\Security\MicrosoftVolumeEncryption path Win32_EncryptableVolume GET
   from the client host in question.
   Listed commands should be executed in the elevated command prompt.

3. GSI https://support.kaspersky.com/common/diagnostics/3632