After enabling encryption in the Symantec Endpoint Protection Cloud (SEPC) Security Policy, the computer never shows as encrypted and Bitlocker shows "Waiting for activation".
No errors seen but the Bitlocker status will show as "Waiting for activation".
Some computers come with the drive already encrypted but Bitlocker is not fully setup yet, hence the "Waiting for activation" message. SEPC will not be able to enable/disable encryption on a machine that is already encrypted.
The drive will need to be decrypted before SEPC will be able to enable encryption and store the keys. If you wish to have SEPC manage the encryption then the drive will need to be decrypted first, then encryption can be enabled via the SEPC policy.
You can confirm that the drive is partially encrypted by opening a command prompt using "Run as Administrator" and issuing the following command:
If it shows a "Percentage Encrypted" of anything greater than 0%, then it is at least partially encrypted and will need to be decrypted first.
To decrypt the drive, open a command prompt using the "Run as Administrator" option and issue the following command:
manage-bde c: -off
This should show the drive as decrypting, once that's complete SEPC will be able to reenable encryption and manage the keys. Run the above command for any drive letters that are encrypted.
Subscribing will provide email updates when this Article is updated. Login is required.