Config_Mgr_noob Posted July 14, 2016 Report post Posted July 14, 2016 Hello everyone, I am trying to introduce Bitlocker to our environment but having a bit of problem adding the "Restart Computer" step to my TS before applying the OS to enable the TPM within the BIOS. I am able to set Active to the TPM in the BIOS using the Lenovo Script tools (provided by Lenovo) however, as we all know, the computer must reboot in order for the "Pre-Provision Bitlocker" step can be initiated and executed successfully. If I manually enable TPM, the "Pre-Provision Bitlocker" step runs and I see the disk is encrypted (only used space). However, even after the Pre-Provision Bitlocker has ran and the computer reboots after "Setup Windows and ConfigMgr" step, the computer can't boot into anything as I'm receiving the "Windows Boot Manager" error: "The action could not be completed because the Bitlocker Drive Encryption key is required to unlock the volume could not be obtained" Is there a step I'm missing or do I have the restart computer step in the wrong location? Or if its even possible to restart the computer while its in WinPE and have it continue the steps? I added a screenshot of my TS below as well as the error I am receiving after the Restart Computer step. Also, I am using the MDT integrated TS if that plays a role in anything. In summary: Restart Computer step: Receiving error "Task sequence cannot continue after reboot because TS Manager is not configured to auto-start or GINA is not installed" After reboot in "Pre-Provision Bitlocker" step error: "The action could not be completed because the Bitlocker Drive Encryption key is required to unlock the volume could not be obtained" Thanks in advance. Quote Share this post Link to post Share on other sites More sharing options...
Config_Mgr_noob Posted July 14, 2016 Report post Posted July 14, 2016 Got the majority of the above issues fixed by using Niall Brady's solution from his page here https://www.niallbrady.com/2016/03/03/windows-pe-boot-images-dont-initialize-in-system-center-configuration-manager/ Thanks Niall! However, I'm still receiving the error message "The action could not be completed because the Bitlocker Drive Encryption key required to unlock the volume could not be obtained". This is happening after the computer reboots from the "Setup Windows and ConfigMgr" step. Am I missing a step to be able to retrieve the key from somewhere or do I have to disable bitlocker before it reaches this step? I added a screenshot of the setting I have for "Pre-Provision Bitlocker". Quote Share this post Link to post Share on other sites More sharing options...
Config_Mgr_noob Posted July 14, 2016 Report post Posted July 14, 2016 Found the solution to the other issue listed above. This one goes to danbro92 for his post regarding the new encryption method used with the boot wim version 10.0.10586.0 as this uses XTS-AES encryption. For anyone else who encounters this issue I put the link below. Thanks danbro92 https://social.technet.microsoft.com/Forums/en-US/07c809fc-486b-49aa-8df8-70e374d90402/sccm-2012-r2-sp1-preprovision-bitlocker-windows-7-cannot-read-drive-after-reboot?forum=configmanagerosd Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted July 15, 2016 Report post Posted July 15, 2016 actually this frontend deals with the new encryption methods also, fyi https://www.niallbrady.com/2016/05/17/introducing-the-windows-10-uefi-bitlocker-frontend-for-system-center-configuration-manager-current-branch/ Quote Share this post Link to post Share on other sites More sharing options...
