You cannot sync the policies and the following error appears:
Full Disk Encryption Security Policy could not be synced at this time.
To resolve the issue:
- Confirm that the device ID is listed under a group in the PolicyServer.
- When at the pre-boot, confirm that the machine has a wired network connection to the PolicyServer.
- Make sure that the user logged into the device is a member of the same group where the device belongs. If an Enterprise Administrator is logged in, the device will not sync. The user that will log in must be a member of the same group where the device is in, and Enterprise Administrators cannot belong to a group.
- Ensure that the device displays a shield at the FDE Login Screen to verify that the PC can see the PolicyServer.
- From the Login screen, go to Help > About Full Disk Encryption to display the last sync time and the ServerName for the PolicyServer. Check if the ServerName is correct.
- Try to sync from the Login Screen. Go to Options > Download Policy Updates.
- Login as a PolicyServer Administrator and access the Recovery Console.
- Select Network and view the network settings. Make sure these are correct and you can also perform a network connectivity test.
- Log in to the FDE Login Screen as a user that is a member of the same group. Log into Windows and sync from the Shield in the System Tray.
- If the machine is in Windows, confirm that the Windows service MobileSentinel is running.
- Make sure that nothings blocks the communication to the PolicyServer over the default port 80.