So we've just deployed 2017 U3 so we've started to look at deploying FDE to our laptop fleet.
As a test we freshly imaged a laptop, applied a FDE policy and all worked fine. We then reimage the device and then the policy comes up as status of "No policy enforced"
I then tried a clearing zis data and reimaging with the same result, also did a DD over the MBR as I wasn't sure where the encryption key is kept with FDE, no go either. We also tried unassigning and reassign the FDE policy and trying a different FDE policy but the same issue occurs.
This is the fde.log from the machine https://drive.google.com/file/d/1ppwZ5CxlSIZ1tWIHh1sS-YVXPKQ9gQwr/view?usp=sharing
Main lines that stands out to me are
14:11:55, 12.10.2018 ERROR N32FDE: Stored KEK is wrong ! 00 00 00 00
14:11:55, 12.10.2018 ERROR N32FDE: FDE32: EncryptDEK() failed!
On the other laptops that we've applied FDE to and it is working on there is no c:\fde.log, assuming it's only created on errors. We tried reimaging another laptop and ended up in the same situation with it.
Any suggestions? We're using "Microsoft Windows 10 Enterprise LTSB x64 Version 1607 Build 14393"