2 Replies Latest reply on Mar 7, 2019 12:24 PM by Dempseyy93

    Hotplug device triggering bitlocker during app provisioning phase

    Dempseyy93 Novice

      I'm currently experiencing an issue where our app packaging VMs trigger a bitlocker encryption prompt if hotplug is enabled for the VM at the time of provisioning.

      Similarly, it's been confirmed in our environment to prevent more than 13 app stacks from being assigned to a user (Appvols shows red; denying apps for the user.)

       

      This behaviour has left us scratching our heads for a few weeks now...

       

      We're currently disabled the feature to bypass this issue, however, users can then tamper with the hot pluggable device icons; disconnecting hard drives, peripherals, etc, from their active session.

       

      P.S. We've now identified that enabling an Nvidia vGPU device (not the driver) in the build (via vSphere web client) restricts the apps to 13 max as well.

             Has anyone encountered similar issues to appstack limitations for the reasons above?

        • 1. Re: Hotplug device triggering bitlocker during app provisioning phase
          Ray_handels Master
          vExpertCommunity Warriors

          I would not suggest adding that much appstacks. Documentation states that a max of 8 appstacks and a writable is best practice. We also use vGPU but I haven't seen that issue before as we do not assign that many appstacks.

          If you provision there is no need to keep the machine exactly the same as the GI hardware wyse. We do not have a vGPU attached to our packaging machine and all of our machines have vGPU attached to them.

           

          Regarding the bit-locker. It could be that some appstacks receive a drive letter and Windows sees them as a new drive. If bit-locker is enabled I could imagine Windows trying to encrypt that disk.

          Normally this happens if Appvolumes is still attaching appstacks after logon is successfully processed.

          • 2. Re: Hotplug device triggering bitlocker during app provisioning phase
            Dempseyy93 Novice

            I'll look into consolidating some of our stacks to reduce that number, however, if that limit exists purely because of initial load times (1.5 - 3 seconds per stack), that is something we factor in but are not overly concerned about at this stage.

             

            We find it interesting that it is possible to run additional stacks, but are now limited by vGPU enable/disable. The app packaging example isn't a standard practice, but was utilised for ruling out the underlying issue experienced on our production vms.

             

            The bitlocker encrpytion is a byproduct of hotplug enable/disable, but we don't have bitlocker active so it shouldnt be triggering a prompt. Just interesting behaviour to note...