[KB7516] Known Issue with ESET Endpoint Encryption Not Starting Encryption on Windows 10 2004

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE.

Visit What's new in ESET Full Disk Encryption to view EFDE content.


Issue

The issue has been fixed

The issue described below has been fixed in ESET Endpoint Encryption client (EEE client) version 5.0.7.3. Update your EEE client to the latest version.

It is not possible to start Full Disk Encryption on legacy BIOS computers running Windows 10 version 2004.

This problem only affects a computer that meets all the following criteria: 

  • The computer is not currently Full Disk Encrypted with ESET Endpoint Encryption
  • The computer has a legacy BIOS and Windows is installed in legacy mode
  • The computer has Windows 10 version 2004 installed
Important

Computers configured using a UEFI BIOS, where Windows is installed in UEFI mode, are unaffected and can be encrypted as normal.

Computers with a legacy BIOS with a previous version of Windows 10 (1909, 1903, 1809 etc.) installed are not affected. 

It is possible to upgrade a computer with a legacy BIOS computer from a previous version of Windows 10 to 2004 while FDE is in place. 


Details

Attempting to start FDE will result in one of the messages below.

Starting FDE on a managed EEE client with Safe State will result in the following error shown in the EEE Server:

"SafeStart failed to be provisioned (0xC00B003C)"

Fig 1-1

Starting FDE on a managed EEE client without Safe State will result in the following error shown in the EEE Server:

“Service was unable to create a required folder on the ESP (0xC00C0034)”

Fig 1-2

Attempting to start FDE on a standalone EEE client will show the following message:

“This copy of Windows is not installed on the primary boot drive. Running full-disk encryption may result in data corruption and being unable to start your computer. 
As a result, Full Disk Encryption can not be started and you should contact ESET Endpoint Encryption Support for further assistance”

Fig 1-3

Solution

The issue has been fixed in ESET Endpoint Encryption client (EEE client) version 5.0.7.3. Update your EEE client to the latest version.

As a workaround, you can either rollback Windows to the previous version, or install a previous Windows version, then encrypt the computer. Once fully encrypted, you can upgrade Windows to 2004 while encryption is in place as shown by this article: https://support.eset.com/en/kb7122 - Install Windows 10 Feature Updates on a Full Disk Encrypted (FDE) system