It is not possible to start Full Disk Encryption on legacy BIOS computers running Windows 10 version 2004.
This problem only affects a computer that meets all the following criteria:
Attempting to start FDE will result in one of the messages below.
Starting FDE on a managed EEE client with Safe State will result in the following error shown in the EEE Server:
"SafeStart failed to be provisioned (0xC00B003C)"
Starting FDE on a managed EEE client without Safe State will result in the following error shown in the EEE Server:
“Service was unable to create a required folder on the ESP (0xC00C0034)”
Attempting to start FDE on a standalone EEE client will show the following message:
“This copy of Windows is not installed on the primary boot drive. Running full-disk encryption may result in data corruption and being unable to start your computer.
As a result, Full Disk Encryption can not be started and you should contact ESET Endpoint Encryption Support for further assistance”
The issue has been fixed in ESET Endpoint Encryption client (EEE client) version 184.108.40.206. Update your EEE client to the latest version.
As a workaround, you can either rollback Windows to the previous version, or install a previous Windows version, then encrypt the computer. Once fully encrypted, you can upgrade Windows to 2004 while encryption is in place as shown by this article: https://support.eset.com/en/kb7122 - Install Windows 10 Feature Updates on a Full Disk Encrypted (FDE) system