The message displayed in the Harmony Endpoint UI is not super helpful when it is BIOS (and not UEFI) system and the Algorithm is changed from AES-CBC to XTS-AES.
When a PC with a BIOS is already encrypted and then that is changes but the non-UEFI system does not support it then the UI shows only the message "Incorrect Volume Configuration" and the logs only show "... not encrypted according to policy".
It would be more helpful if there was more details in the UI message, the Endpoint logs and the Server logs.
That would be helpful for troubleshooting in the case that the change was made by one engineers, but not recorded, and another engineer had to resolve the issue.
The R81 Harmony Endpoint Admin Guide does not include the note about UEFI requirements for XTS, like older versions did.
The ATRG for FDE does.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
BIOS is not all gone just yet. Until it is totally gone, the documentation and error messages could benefit from more detail around this.
Screenshots attached.