Jump to content


impulse101

Pre-Provisioning Bitlocker fails because encryption not fast enough

Recommended Posts

Hello, i've had some success deploying WIndows 7 / 8.1 with bitlocker pre-provisioning. However today i've tried to bitlocker a Dell Latitude E6540 laptop and noticed the bitlocker pre provisioning step taking very long. After the wim file and the drivers are applied the disk is only encrypted to 8 % or so. After the setup configuration manager reboot the enable bitlocker ts step fails because the encryption is not completed.

 

I've seen this behavior on older models (eg. Optiplex 960) but i would not have expected this to happen on new hardware. Has anyone experienced something similar ?

 

I'm using:

SCCM 2012 R2 on Windows Server 2008 R2

Windows ADK 8.1 Boot Images with MDT Integration (64-Bit)

 

Models i've successfully bitlockered so far:

Dell Venue Pro 11 7130

Dell Latitude E7440

Dell Latitude E6520

 

At first i was suspecting missing cpu features, however it might also be larger and slower disks. On working models the disk is already encrypted when maybe 10 % of the wim file is downloaded. It looks like the encryption initially (after the pre provsion step) does not complete fast enough and when the download starts the system does not keep up downloading, applying and encrypting. If i pause the the task sequence before the first reboot the encryption completes and the task sequence completes successfully.

Share this post


Link to post
Share on other sites

I am having the same issue. The regular Enable BitLocker step is failing and when I checked it was only 12% complete encrypting the drive. We have seen this quite a bit over the last 1-2 months, but just getting around to digging into this now. I have not been able to find an errors with the pre-provision step, only been able to find errors at the Enable BitLocker step.

 

I'm not sure if this is only happening on hardware that we are reimaging and not new stuff that's right out of the box. I am going to clear and disable the TPM in the BIOS on the machine that just failed and try again.

smsts.log

smsts-20140403-085522.log

Share this post


Link to post
Share on other sites

I haven't got a log file handy but the error is the same BrotherKen posted. On my successful runs all systems had ssds, except for the Latitude E6520 which had a slower network connection.

 

I've mitigated the problem pausing the task sequence for five minutes before the apply operating system step. The value is far to much because from what I've seen 10 or 15 seconds are enough to complete the pre-provisioning on the empty disk. Maybe we need a "wait till pre-provsioning bitlocker step completes" check-box :)

 

I'm curious about the adoption rate of pre-provisioning bitlocker because i wasn't able to dig up a whole lot of information or experience from others.

Share this post


Link to post
Share on other sites

Thanks impulse101! I added a 60 second pause to my task sequence and this Lenovo T430 with a platter drive imaged just fine. As we run other models through we will find out if we need to increase the pause.

 

We added the pre-provision as soon as we could and it had been working great up until now. However, after this simple fix I'd say this was only a minor problem but it would sure be nice it is waited until encryption was complete.

Share this post


Link to post
Share on other sites

isn\t the /wait:True command what you guys are trying to do, i.e. add a wait until done via a pause...?

 

Set command line: OSDBitLocker.exe /enable /wait:True /mode:TPM /pwd:AD

 

 

we are pre-provisioning many computers here (windows 7 and windows 8) and havn't seen this issue yet, what type of hdd's are you using ?

Share this post


Link to post
Share on other sites

Thanks impulse101! I added a 60 second pause to my task sequence and this Lenovo T430 with a platter drive imaged just fine. As we run other models through we will find out if we need to increase the pause.

 

We added the pre-provision as soon as we could and it had been working great up until now. However, after this simple fix I'd say this was only a minor problem but it would sure be nice it is waited until encryption was complete.

 

Glad i could help.

 

isn\t the /wait:True command what you guys are trying to do, i.e. add a wait until done via a pause...?

 

 

we are pre-provisioning many computers here (windows 7 and windows 8) and havn't seen this issue yet, what type of hdd's are you using ?

 

You mean in the enable bitlocker step ? This fails with the same error mentioned above (Encryption in progress).

 

Tablets usually come with SSDs and our notebooks with "normal" HDDs. Whatever make and model our oem (dell) ships.

 

What I've observed so far is it also depends how fast the apply operating system request is made and fulfilled. Sometimes the wim file starts downloading immediately after the pre-provision bitlocker step runs, sometimes the request takes a few seconds before the download starts. These few seconds seem to be the culprit and when the download starts immediately and the pre-provisioning is not yet complete the system never manages to push the encryption to 100% as more data is loaded and processed on disk.

Share this post


Link to post
Share on other sites

We are experiencing this issue also, on a 'high spec' laptop with an SSD.

 

The Enable Bitlocker step is causing a failure with the exact same errors as in the logs above. It occurs irrespective of whether we tick the "Wait for Bitlocker to complete" box or not??

 

Can someone please tell me where to add this wait command that is the supposed workaround for this issue?

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.