Jump to content


Config_Mgr_noob

Pre-Provision Bitlocker Not working - SCCM 2012 with MDT 2013

Recommended Posts

Hello everyone,

 

I am trying to introduce Bitlocker to our environment but having a bit of problem adding the "Restart Computer" step to my TS before applying the OS to enable the TPM within the BIOS. I am able to set Active to the TPM in the BIOS using the Lenovo Script tools (provided by Lenovo) however, as we all know, the computer must reboot in order for the "Pre-Provision Bitlocker" step can be initiated and executed successfully. If I manually enable TPM, the "Pre-Provision Bitlocker" step runs and I see the disk is encrypted (only used space). However, even after the Pre-Provision Bitlocker has ran and the computer reboots after "Setup Windows and ConfigMgr" step, the computer can't boot into anything as I'm receiving the "Windows Boot Manager" error: "The action could not be completed because the Bitlocker Drive Encryption key is required to unlock the volume could not be obtained"

 

Is there a step I'm missing or do I have the restart computer step in the wrong location? Or if its even possible to restart the computer while its in WinPE and have it continue the steps? I added a screenshot of my TS below as well as the error I am receiving after the Restart Computer step. Also, I am using the MDT integrated TS if that plays a role in anything.

 

In summary:

 

Restart Computer step: Receiving error "Task sequence cannot continue after reboot because TS Manager is not configured to auto-start or GINA is not installed"

After reboot in "Pre-Provision Bitlocker" step error: "The action could not be completed because the Bitlocker Drive Encryption key is required to unlock the volume could not be obtained"

 

Thanks in advance.

 

 

post-22069-0-49357900-1468496338.png

post-22069-0-85357700-1468497122.png

Share this post


Link to post
Share on other sites

Got the majority of the above issues fixed by using Niall Brady's solution from his page here https://www.niallbrady.com/2016/03/03/windows-pe-boot-images-dont-initialize-in-system-center-configuration-manager/

 

Thanks Niall!

 

However, I'm still receiving the error message "The action could not be completed because the Bitlocker Drive Encryption key required to unlock the volume could not be obtained". This is happening after the computer reboots from the "Setup Windows and ConfigMgr" step. Am I missing a step to be able to retrieve the key from somewhere or do I have to disable bitlocker before it reaches this step? I added a screenshot of the setting I have for "Pre-Provision Bitlocker".

post-22069-0-96315200-1468521385.png

Share this post


Link to post
Share on other sites

Found the solution to the other issue listed above. This one goes to danbro92 for his post regarding the new encryption method used with the boot wim version 10.0.10586.0 as this uses XTS-AES encryption. For anyone else who encounters this issue I put the link below.

 

Thanks danbro92

 

https://social.technet.microsoft.com/Forums/en-US/07c809fc-486b-49aa-8df8-70e374d90402/sccm-2012-r2-sp1-preprovision-bitlocker-windows-7-cannot-read-drive-after-reboot?forum=configmanagerosd

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.