Not really thatg sure about what to do for a VM disk encryption. My guess is that after looking over the history there is potential for the master boot record (MBR) of the VM to get corrupted or mangled. Recall, if you ever defrag the HDD on the machine where the VM was spawned you could potentially induce an irreversible change on the MBR files which will wreak havoc on proper VN initialization. I say this because minimal problems on an HDD that has been whole-disk encrypted using PGP will be realized only when almost no changes are made to the MBR files.
When using Diskkeeper or PerfectDisk for defragging the HDD, PerfectDisk Corp. has downloadable files that modify the Windows registry to cause PerfectDisk not touch the MBR. These are called exclusions, and it's quite specific on how they successfully work.
Overall, something may be getting altered in the MBR of the VM on the machine that is used to create/modify/store the VM. Alternatives would be to simply put the entire unencrypted VM on an IronKey flash drive, which are military strength encypted -- enter a passphrase when they're plugged into a PC once and any changes that occur to software/files in the flash drive (e.g., data modifications) stay encypted once the flashdrive is locked down or pulled out of the PC. Either that, or make an encypted folder in the VM, which users would have to mount/dismount once the VM is running. In this situtation, you would need to remove changes (traces) in Windows cleaning and disk scrubbing utility.