jdecle02

Hi, I think there is a bug in to the script of BitLocker ZTIBde.wsf in the MDT2013 version.

I have set TPMPIN as OSDBitLockerMode

Hi, I don't known if my screenshot is available but I can tell you I run the following command line cscript.exe "%deployroot%\scripts\ZTIBde.wsf" /UDI with a task sequence variable OSDBitLockerMode exists

Hi, my smsts.log looks good for bitlocker or can you explain me which section I need to verify. I see at the end he write the recovery key to C:\*.txt file instead of AD BitLocker Startup Key Drive Value set to: C: InstallSoftware 15/09/2014 16:17:34 3224 (0x0C98) BitLocker Create Recovery P@ssword Status: AD InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) BitLocker Wait For Encryption Status set to: FALSE InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) BitLocker Recovery P@ssword set. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) The current autorun setting is - InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) No boot drives found. None. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Setting BDE Drive letter to nothing as we are unable to get the boot drive. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Property BdeDriveLetter is now = InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Running first pass.. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Partition Count: 2 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) ZTIDiskUtility!GetDiskFreeSpace should be deprecated, does not handle avaible space for a new partition InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) GetPartitions: 2 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDiskPartition : \\PLJETFLYICT01\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1" \\PLJETFLYICT01\root\cimv2:Win32_LogicalDisk.DeviceID="C:" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Free Disk Space: 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Existing Bitlocker: InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) The current autorun setting is - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) No boot drives found. None. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Existing Boot Drive: 1 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) The current autorun setting is - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98) New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98) No boot drives found. None. InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98) Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98) Windows has a hidden system partition, no disk actions are necessary InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98) Configuring protectors. InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98) Success TPM Enabled InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Success TPM Is Activated InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Success TPM Is Owned InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Success TPM Ownership Allowed InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Check for Ensorsement Key Pair Present = 0 InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) TpmEnabled: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) TpmActivated: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) TpmOwned: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) TpmOwnershipAllowed: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) EndorsementKeyPairPresent: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) TPM Validation Complete InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Encryptable Volume Count:1 InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Attempting to bind to: C: InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Success setting oBdeVol InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) BDE Instance Bind Complete InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Performing ProtectKeyWithTpmAndPin Installation InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Attempting to enable BitLocker TPM InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98) Recovery P@ssword being saved to C:\PLJETFLYICT01-{037CAC15-BE6F-4CAA-A941-C491173BEC10}.txt InstallSoftware 15/09/2014 16:17:39 3224 (0x0C98) Attempting to intiate ProtectKeyWithNumericalP@ssword InstallSoftware 15/09/2014 16:17:39 3224 (0x0C98) Success protecting Key with numerical p@ssword InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Attempting to retrieve numerical p@ssword InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Saving numerical p@ssword to file. InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Success P@ssword Key file written InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) ProtectKeyWithNumericalP@ssword success InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Begining drive encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Attempting to start BDE encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Success starting encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Enabling protectors. InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Encryptable Volume Count:1 InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Attempting to bind to: C: InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Success setting oBdeVol InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) BDE Instance Bind Complete InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Attempting to enable BDE Protectors InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98) Process completed with exit code 0 InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98) Success enabling protectors. InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98) ZTIBde processing completed successfully. InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98) Command line returned 0 InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98) Process completed with exit code 0 TSManager 15/09/2014 16:17:42 2348 (0x092C) !--------------------------------------------------------------------------------------------! TSManager 15/09/2014 16:17:42 2348 (0x092C) Successfully completed the action (Enable BitLocker) with the exit win32 code 0 TSManager 15/09/2014 16:17:42 2348 (0x092C)

Yes, this parameter is configured to TRUE

Hi, Thanks for your quick answer! The enable bitlocker step in the task sequence runs a cscript.exe "%deployroot%\scripts\ZTIBde.wsf" /UDI but the pre-provision step earlier in my Task Sequence is set : Apply BitLocker to the specified drive = Logical drive letter stored in a variable. Variable= OSDisk Best regards, Jan

Hi, I'm using SCCM 2012 R2 with the latest updates and MDT2013 for OSD. In the UDIWizard, I have enabled BitLocker using TPMPIN and store the recovery key into AD. At the end of my TS, the HDD is encrypted but the RecoveryKey is not stored in AD. The RecoveryKey is stored in C:\computername-{........}.txt Can someone help me to figure out what's the problem? Thanks Jan