Fix 0x8031002c in Onedrive Personal Vault

Sometimes a system administrator is faced with a problem, that takes more than just two clicks and hit enter. After I set up Onedrive, I wanted to access my Personal Vault. This new feature of Onedrive allows you to secure documents with two-factor authentication. Opening a Personal Vault should be as easy as a double-click. But in my case, I got error 0x8031002c: “We couldn’t set up your Personal Vault. Your system administrator has configured encryption settings that are incompatible with Personal Vault”

0x8031002c onedrive personal vault encryption settings

The fix of this error is rather easy. If you’re only interested in the solution, scroll down to Fix 0x8031002c in Onedrive Personal Vault.

The process of analyzing and troubleshooting was time-intensive. If the fix doesn’t suite your problem, my described process may help you find the solution for your problem.

Analyzing error 0x8031002c

Error code 0x8031002c refers to Bitlocker.  “Encryption settings that are incompatible”: that’s pretty undefined! What settings? And why are they incompatible? What does Onedrive expect the settings to be?
My laptop is not domain-joined. Therefore, I don’t have to cope with Domain Group Policies. However, my laptop is Azure AD joined and managed by Intune. Several Windows security settings are being pushed by my company.
To get an overview of the applied policies of Intune, I downloaded the Advanced Diagnostic Report. Here’s how:

  1. Click Start -> type Access work of school -> click Access work or school
  2. In the Access work or school settings, click Info
    access work or school
  3. At the bottom of the Managed by your company window, click Create Report
    advanced diagnostic report
  4. Export and open the report. It may look complicated but just search for “Bitlocker”. It immediately points you to the right settings.

The trap

I was trapped. I dug into my Event Viewer and I found few Informational Events that pointed to some obvious incompatibilities:

Log Name: Microsoft-Windows-BitLocker/BitLocker Management
Source: Microsoft-Windows-BitLocker-API
Event ID: 810
Description: BitLocker cannot use Secure Boot for integrity because it is disabled.

I found out that Secure Boot was disabled in my BIOS. So I enabled it. Once back in Windows, I double-clicked my Personal Vault in Onedrive, but the same error 0x8031002c popped up.

In the Event Viewer, I noticed an event change:

Log Name: Microsoft-Windows-BitLocker/BitLocker Management
Source: Microsoft-Windows-BitLocker-API
Event ID: 817
Description:
BitLocker successfully sealed a key to the TPM.
PCRs measured include [7,11].
The source for these PCRs was: Secure Boot.

Secure Boot was working, but I still couldn’t configure the Personal Vault. (Actually I had one problem extra. At the first reboot, I was asked for a recovery key. Which I didn’t have. I had to phone my helpdesk for the recovery key 🙂 )

Fix 0x8031002c in Onedrive Personal Vault

Error 0x8031002c doesn’t stand for encryption settings in general. It stands for

FVE_E_POLICY_PASSWORD_REQUIRED
Group Policy settings require that a recovery password be specified before encrypting the drive.

That made everything clear. Onedrive’s Personal Vault can not handle passwords when configuring the Personal Vault. And since my company does require passwords, these requirements conflict. 

To work around this, I created a local group policy that overrules the password requirement in the Intune policy. These are the steps:

  1. Click Start, type Group Policy and click “Edit Group Policy
  2. In the Local Group Policy Editor, navigate to Computer Configuration -> Administrative templates -> Windows Components -> Bitlocker Drive Encryption -> Fixed Data Drives
  3. Double-click  Choose how Bitlocker-protected fixed drives can be recovered -> Set the policy to Disabled and click OK
    onedrive personal vault fix 0x8031002c
  4. Click Start, type “gpupdate /force” and press Enter

You should now be able to configure your Onedrive Personal Vault. The easiest way to do this is to double-click Personal Vault (file) in the main folder of your Onedrive.

Didn’t this solution work for you? You may need to Disable another policy. But it would be too tricky to send you in any specific direction without analyzing your problem.

Conclusion

Onedrive’s Personal Vault error about “configured encryption settings that are incompatible” is very generic. But once you search for the explicit meaning of 0x8031002c, you’ll find out is has to do with a Bitlockerpassword requirement. 

You may have a conflicting Domain Group Policy, Intune Policy, or local policy configured. In case of a local policy, just set it to Not Configured. In case of a Domain Group Policy or Intune Policy, try to counter-attack the setting with the local policies. This works most of the time. But if it doesn’t, be kind to your sysadmin and ask him to help you out 🙂

0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Leon Scott

Are you still using this solution or have you remediated it via the upgrades in Onedrive and Intune.

1
0
Would love your thoughts, please comment.x
()
x