Anyone run into BitLocker failing with error 0x8031005b after pushing the policy from Hexnode? Policy says failed and Event Viewer shows something about startup options being in conflict. Encryption never starts.
24 Views
Replies (4)
Marked SolutionPending Review
Participant
1 month ago
Apr 29, 2026
Marked SolutionPending Review
Yeah, that usually happens when TPM + PIN settings are fighting each other.
We had old GPO stuff still applying startup PIN requirements while Hexnode was trying to do silent TPM encryption. BitLocker didn’t like that at all.
Marked SolutionPending Review
Participant
1 month ago
Apr 30, 2026
Marked SolutionPending Review
Same thing happened here. Took us forever to realize it wasn’t a sync issue.
Check this path in Event Viewer: Applications and Services Logs > Microsoft > Windows > BitLocker-API > Management.
Mine had Event ID 43 saying silent encryption failed because the startup policies conflicted.
Marked SolutionPending Review
Participant
1 month ago
Apr 30, 2026
Marked SolutionPending Review
That’s probably it then. We still have some older AD policies hanging around.
What did you guys change to make silent encryption work properly?
Marked SolutionPending Review
Participant
1 month ago
Apr 30, 2026
Marked SolutionPending Review
We basically went TPM-only and disabled everything else.
These settings worked for us:
- TPM startup → Allow TPM
- TPM startup PIN → Do not allow
- TPM startup key → Do not allow
- TPM startup key + PIN → Do not allow
After saving the policy we did a force sync and then used the Force BitLocker Encryption action from Hexnode. Devices started encrypting after that.
Save
