Using Powershell to Suspend Bitlocker - Getting error

Question

I'm working on deploying a package to suspend bitlocker and then apply a BIOS update on a lot of our HP systems. The script is working without issue for about 90-95% of the systems, but there's about 5-10% it's failing on.

This is the script I'm using:

#Create Variable of Bitlocker Status
$Volume = Get-WmiObject -Namespace root\cimv2\security\microsoftvolumeencryption -Query "select * from win32_encryptablevolume where DriveLetter = 'C:'"
$Status = $Volume.GetProtectionStatus()
$BitLockerStatus = $status.ProtectionStatus


#Check if Bilocker enabled, then suspend.
If ($BitlockerStatus -eq '1'){$Volume.DisableKeyProtectors()}
$Status = $Volume.GetProtectionStatus()
$BitLockerStatus = $status.ProtectionStatus
If($BitLockerStatus -eq '1'){
    mofcomp.exe c:\windows\system32\wbem\win32_encryptablevolume.mof
    Manage-bde.exe -protectors -disable c:
}

#Update Variable of Bitlocker Status
$BitLockerStatus = $status.ProtectionStatus

This is the error:

Message        : You cannot call a method on a null-valued expression.
InnerException : 

FullyQualifiedErrorId : InvokeMethodOnNull
ScriptStackTrace      : at <ScriptBlock>, 
                        C:\Windows\ccmcache\75\Deploy-Application.ps1: line 129
                        at <ScriptBlock>, <No file>: line 1
                        at <ScriptBlock>, <No file>: line 1

``PositionMessage : At C:\Windows\ccmcache\75\Deploy-Application.ps1:129 char:9
                  +         $Status = $Volume.GetProtectionStatus()
                  +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I get the gist of what the error means, but what I'm confused about is why there's only a few small set of systems it's failing for.

Answer 1

Simply test if $Volume is not $null (which is best practice anyhow). The WMI query will return $null for a variety of reasons, eg from incompatible versions of Windows, to no valid C: encryptable volumes, etc., etc. hence causing your errors.

#Create Variable of Bitlocker Status
$Volume = Get-WmiObject -Namespace root\cimv2\security\microsoftvolumeencryption -Query "select * from win32_encryptablevolume where DriveLetter = 'C:'"

if($Volume)
{

    $Status = $Volume.GetProtectionStatus()
    $BitLockerStatus = $status.ProtectionStatus


    #Check if Bilocker enabled, then suspend.
    If ($BitlockerStatus -eq '1'){$Volume.DisableKeyProtectors()}
    $Status = $Volume.GetProtectionStatus()
    $BitLockerStatus = $status.ProtectionStatus
    If($BitLockerStatus -eq '1'){
        mofcomp.exe c:\windows\system32\wbem\win32_encryptablevolume.mof
        Manage-bde.exe -protectors -disable c:
    }

    #Update Variable of Bitlocker Status
    $BitLockerStatus = $status.ProtectionStatus

}

The only addition if needed is to flag the machines that the WMI query failed on for a tech to further follow up on if needed/desired.