Jump to content


jdecle02

Bitlocker

Recommended Posts

Hi,

 

I'm using SCCM 2012 R2 with the latest updates and MDT2013 for OSD. In the UDIWizard, I have enabled BitLocker using TPMPIN and store the recovery key into AD. At the end of my TS, the HDD is encrypted but the RecoveryKey is not stored in AD. The RecoveryKey is stored in C:\computername-{........}.txt

 

Can someone help me to figure out what's the problem?

 

Thanks

Jan

Share this post


Link to post
Share on other sites

Hi,

 

Thanks for your quick answer!

 

The enable bitlocker step in the task sequence runs a cscript.exe "%deployroot%\scripts\ZTIBde.wsf" /UDI but the pre-provision step earlier in my Task Sequence is set : Apply BitLocker to the specified drive = Logical drive letter stored in a variable. Variable= OSDisk

 

Best regards,

 

Jan

Share this post


Link to post
Share on other sites

Hi,

my smsts.log looks good for bitlocker or can you explain me which section I need to verify. I see at the end he write the recovery key to C:\*.txt file instead of AD

 

BitLocker Startup Key Drive Value set to: C: InstallSoftware 15/09/2014 16:17:34 3224 (0x0C98)
BitLocker Create Recovery P@ssword Status: AD InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
BitLocker Wait For Encryption Status set to: FALSE InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
BitLocker Recovery P@ssword set. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
The current autorun setting is - InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
No boot drives found. None. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Setting BDE Drive letter to nothing as we are unable to get the boot drive. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Property BdeDriveLetter is now = InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Running first pass.. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Partition Count: 2 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
ZTIDiskUtility!GetDiskFreeSpace should be deprecated, does not handle avaible space for a new partition InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
GetPartitions: 2 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDiskPartition : \\PLJETFLYICT01\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1" \\PLJETFLYICT01\root\cimv2:Win32_LogicalDisk.DeviceID="C:" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Free Disk Space: 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Existing Bitlocker: InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
The current autorun setting is - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
No boot drives found. None. InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Existing Boot Drive: 1 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
The current autorun setting is - 0 InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Disabling Autorun InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
Find the boot drive (if any) [False] [0.0.0.0] [False] InstallSoftware 15/09/2014 16:17:35 3224 (0x0C98)
New ZTIDisk : \\PLJETFLYICT01\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0" InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98)
No boot drives found. None. InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98)
Reverting autorun setting to - 0 InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98)
Windows has a hidden system partition, no disk actions are necessary InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98)
Configuring protectors. InstallSoftware 15/09/2014 16:17:36 3224 (0x0C98)
Success TPM Enabled InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Success TPM Is Activated InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Success TPM Is Owned InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Success TPM Ownership Allowed InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Check for Ensorsement Key Pair Present = 0 InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
TpmEnabled: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
TpmActivated: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
TpmOwned: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
TpmOwnershipAllowed: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
EndorsementKeyPairPresent: True InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
TPM Validation Complete InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Encryptable Volume Count:1 InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Attempting to bind to: C: InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Success setting oBdeVol InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
BDE Instance Bind Complete InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Performing ProtectKeyWithTpmAndPin Installation InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Attempting to enable BitLocker TPM InstallSoftware 15/09/2014 16:17:37 3224 (0x0C98)
Recovery P@ssword being saved to C:\PLJETFLYICT01-{037CAC15-BE6F-4CAA-A941-C491173BEC10}.txt InstallSoftware 15/09/2014 16:17:39 3224 (0x0C98)
Attempting to intiate ProtectKeyWithNumericalP@ssword InstallSoftware 15/09/2014 16:17:39 3224 (0x0C98)
Success protecting Key with numerical p@ssword InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Attempting to retrieve numerical p@ssword InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Saving numerical p@ssword to file. InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Success P@ssword Key file written InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
ProtectKeyWithNumericalP@ssword success InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Begining drive encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Attempting to start BDE encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Success starting encryption InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Enabling protectors. InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Encryptable Volume Count:1 InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Attempting to bind to: C: InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Success setting oBdeVol InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
BDE Instance Bind Complete InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Attempting to enable BDE Protectors InstallSoftware 15/09/2014 16:17:40 3224 (0x0C98)
Process completed with exit code 0 InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98)
Success enabling protectors. InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98)
ZTIBde processing completed successfully. InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98)
Command line returned 0 InstallSoftware 15/09/2014 16:17:42 3224 (0x0C98)
Process completed with exit code 0 TSManager 15/09/2014 16:17:42 2348 (0x092C)
!--------------------------------------------------------------------------------------------! TSManager 15/09/2014 16:17:42 2348 (0x092C)
Successfully completed the action (Enable BitLocker) with the exit win32 code 0 TSManager 15/09/2014 16:17:42 2348 (0x092C)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.