Bitlocker on windows 10

Suddenly multiple computers bitlocker got suspended. I am using windows 10 - 1607 and planning to deploy 1709. I do not know whether 1709 is deployment is automatically suspends the bitlocker but not resuming it. however all systems has not upgraded to 1709 but shown as bit-locker is suspended
Nagesh A SSCCM AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Running Windows upgrade setup will automatically suspend bitlocker, yes!
It would resume bitlocker as soon as the upgrade is finished. If setup is not successful, bitlocker would be resumed as well.

So what you see is not normal. Since we have BL all over and have done multiple upgrades (1511->1607->1703->1709->1803) and have never seen this.

We upgraded using scripts - how did you?
Nagesh A SSCCM AdministratorAuthor Commented:
I upgrade using SCCM as normal windows update. The upgrade package will be available in Software center and user clicks on it to install for update
McKnifeCommented:
No experience with sccm. See if the parameter "reboot count" is found somewhere. R.C. Can be used to suspend  BL for a given number of reboots.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Nagesh A SSCCM AdministratorAuthor Commented:
we have PIN enabled for all systems.  When user starts the system in the morning - it does not ask the bit locker pin and when we check system not upgraded, but bit locker will be suspended mode.  I check bitlocker status, this gives the reboot counts. there is no RC provided in status. therefore it is surprise to me
McKnifeCommented:
Look at what's configured by sccm. Maybe it's there.
David McMorrisInfrastructure EngineerCommented:
Hi,

BitLocker needs to be suspended on each machine before the Windows upgrade is started. However there is no need to suspend BitLocker if the Windows version is 1709 or higher.

Try looking at this link to add into the SCCM task sequence to suspend BitLocker prior to upgrade:

https://miketerrill.net/2017/04/19/how-to-detect-suspend-and-re-enable-bitlocker-during-a-task-sequence/

Thanks,

David
McKnifeCommented:
"BitLocker needs to be suspended on each machine before the Windows upgrade is started. However there is no need to suspend BitLocker if the Windows version is 1709 or higher." - no. Bitlocker auto-suspends with any version of win10 when upgrading.
David McMorrisInfrastructure EngineerCommented:
Belt and braces mate.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.