Hello, I am trying to enable the TPM through the Task Sequence by calling manage-bde.exe -tpm -TurnOn through command line. I have assigned the working directory as well for both windows7 32-Bit and 64-Bit (C:\Windows\System32). But during the Task Sequence execution its failing to enable the TPM for some of the client machines whereas it is working for other machines. Due to this error message, Enable BitLocker is failing says TPM not activated and not owned. My requirement is to automate the TPM enablement in BIOS through TS. Therefore i used the manage-bde tool. Error Summary: The task sequence execution engine failed executing the action (Trusted Platform Module Initialize) in the group (Applying Bit Locker) with the error code 2147942402 Action output: or='' SwdAction = '0001' Command line for extension .exe is "%1" %* Set command line: Run command line Working dir 'not set' Executing command line: Run command line CreateProcess( NULL, (LPWSTR)m_sCommandLine.c_str(), NULL, NULL, TRUE, bNT ? CREATE_UNICODE_ENVIRONMENT : 0, m_pEnvironmentBlock, pszWorkingDir, &si, &pi ), HRESULT=80070002 (e:\nts_sms_fre\sms\framework\core\ccmcore\commandline.cpp,997) clCommandLine.Execute( uOptions, pszWorkingDir, lpDesktop ), HRESULT=80070002 (e:\nts_sms_fre\sms\client\osdeployment\installsoftware\runcommandline.cpp,558) cmd.Execute(pszPkgID, sProgramName, dwCmdLineExitCode), HRESULT=80070002 (e:\nts_sms_fre\sms\client\osdeployment\installsoftware\main.cpp,385) CreateProcess failed. Code(0x80070002) Command line execution failed (80070002) Failed to execute command line 'C:\WINDOWS\System32\manage-bde.exe -tpm -TurnOn' . The system cannot find the file specified. (Error: 80070002; Source: Windows) Install Software failed to run command line, hr=0x80070002. The operating system reported error 2147942402: The system cannot find the file specified. Please suggest, why this issue??? Even i have provided the right command line and working directory information. :(

When running certain applications and commands through the “Run Command Line” task sequence in System Center Configuration Manager 2007 on a 64-bit Operating System you might find that the task will fail. This is true for applications that don’t fully support 64-bit mode. Some commands are not available by default when running in 32-bit mode, for example “manage-bde.exe”. To work around this issue, simply disable the “64-bit file system redirection” in the task sequence when running such applications. Ronni Pedersen | Configuration Manager MVP | Blog: http://www.ronnipedersen.com/ | Twitter @ronnipedersen

When running certain applications and commands through the “Run Command Line” task sequence in System Center Configuration Manager 2007 on a 64-bit Operating System you might find that the task will fail. This is true for applications that don’t fully support 64-bit mode. Some commands are not available by default when running in 32-bit mode, for example “manage-bde.exe”. To work around this issue, simply disable the “64-bit file system redirection” in the task sequence when running such applications. Ronni Pedersen | Configuration Manager MVP | Blog: http://www.ronnipedersen.com/ | Twitter @ronnipedersen

Hi Ronni, Thanks for the reply. Even i am facing the same when installing in Windows7 32-Bit Operating System.

Hi, You may refer to the following information to check: 1. Have you created the 100 MB partition? Reference: http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/75023b4a-29ec-4cc1-b43a-111f88206fd2 2. Check if you have taken the steps properly: How to configure BitLocker on additional drives in a MDT 2010 deployment. Also, please check the failure in the smsts.log. Regards, Sabrina This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Kumoo, For Dell systems i do the following: Set temp bios password with cctk.exe (dell tool) Enable TPM with cctk.exe Reboot Activate TPM with cctk.exe Remove temp bios password with cctk.exe Reboot Take TPM ownership (powershell script) Reboot Again Take TPM ownership (it sometimes fails the first time) Enable Bitlocker The bios password is required to use when changing security settings in Dell bios systems. Also taking ownership will sometimes fail. We have about 1% of deployments that fail on Enable Bitlocker. I hope this may be helpfull. Regards, a dutch guy

Function TakeOwnerShip { $oTPM = Get-Wmiobject -Class win32_tpm -Namespace root\CIMV2\Security\MicrosoftTpm $oOwnershipAllowed = ($oTPM.IsOwnershipAllowed()).IsOwnershipAllowed If ($oOwnershipAllowed -AND $oTPM.IsActivated_InitialValue -AND $oTPM.IsEnabled_InitialValue -AND $oTPM.IsOwned_InitialValue -eq $False) { $oConvertToOwnerAuth = $oTPM.ConvertToOwnerAuth("putnamehere") $sOwnerAuth = $oConvertToOwnerAuth.OwnerAuth $return = $oTPM.TakeOwnership($sOwnerAuth) $return If ($return.returnvalue -eq 0){return $true} else{return $false} } $oTPM = $null }$Return = TakeOwnerShip if ($Return) {Exit} sleep -s 90 TakeOwnerShipTakeOwnerShip Regarding to the 1% failures, we solved that by giving the _SELF account the appropriate permissions on computer objects as explained here: http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx Make sure that SELF can write the msTPM-OwnerInformation attribute!! :-)

Hi, Can you please share me the PS Script to take ownership of the TPM chip.