BitLocker & Remote TPM Activation
Hi - me again :) I'm currently battling with remote activating/enabling TPM on Dell machines. I was quickly turned onto Dell's CCTK, of which seems to be working. I have the BitLocker process working if the TPM is already turned on manually, so that's not a problem. Though, when I use the CCTK to activate/enable the TPM...all of a sudden my task sequence errors out at the "Add BitLocker Partition" step. It says that a file cannot be found. Upon going into the BIOS after this failure, it looks like the TPM was activated/enabled okay. I think this has something to do with the temporary setup password? Here is what my task sequence looks like: Encrypt Hard Drive (Group) TPM Pre-Reqs (Group) Set a Temporary BIOS Password (Run Command Line) --> cctk --setuppwd=temppwd Enable TPM (Run Command Line) --> cctk --tpm=on --valsetuppwd=temppwd Restart Computer (to boot image assigned) Activate TPM (Run Command Line) --> cctk --tpmactivation=active --valsetuppwd=temppwd Restart Computer (to boot image assigned) BitLocker Pre-Reqs (Group) Add BitLocker Partition (Run Command Line) --> BdeHdCfg -target default -quiet Restart Computer (to boot image assigned) Enable BitLocker Also keeping in mind that this BitLocker Pre-Reqs group has been working all along. Here is a screen capture of the error from the SCCM console: Thanks!Steven Pydyn Yazaki North America, Inc. Distributed Systems Administrator
November 19th, 2011 3:41pm

are you running that step in Windows or in WinPE ? the actual error is further up in the smsts.log can you find it and post it please is the bitlocker partition already created ? did you verify that ? did you verify if a parition is created after this step ? have you tried continue on error on this step ? we don't create the bitlocker partition until the very end of the task sequence, so are you doing a refresh or new computer scenario here ? My step by step SCCM Guides I'm on Twitter > ncbrady
Free Windows Admin Tool Kit Click here and download it now
November 19th, 2011 3:50pm

Wow...okay, thanks Niall. I already think you solved it haha. I was in the midst of a test deployment when my task sequence error'd out during the "Enable BitLocker" step. I quickly found it that was because I never enabled the TPM, leading me to start working on the remote enabling/activating. I tried to cut corners and run a test task sequence with just TPM/BitLocker steps in it...not realizing the even though the Enable BitLocker step failed, the partition step ended up succeeding during the errant task sequence. Basically, it failed because I tried to create an already existent BitLocker partition. Sometimes you just have to hear someone else say it, huh? Thanks!Steven Pydyn Yazaki North America, Inc. Distributed Systems Administrator
November 19th, 2011 3:56pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics