Hi,

So this mainly applied to Windows 7 enterprise clients upgrading to Windows 8.1 enterprise, I have not looked into 8.1 to 8.1 yet, but imagine it will be the same.

We're testing out USMT 5 with hard links as a replacement for our current backup/restore scripts (deployed through software center) and are running into a problem where if a task sequence is selected from the software center GUI, the USMT portion works, but the task sequence fails immediately after downloading the boot wim with error 80004005.  This only happens on machines with an active BitLocker partition.  If BitLocker is suspended, or not present, then the task sequence proceeds just fine, backing up and restoring all user data without issue.  Though we did have one machine where Bitlocker was suspended, and the first restart after applying the image required entering the PIN for the task sequence to proceed.  On another computer where it was suspended it did not prompt for a PIN during any of the restarts.

I did some google-ing and found tons and tons of results on enabling bitlocker in the task sequence and getting 80004005, but nothing stating if it must be disabled for the GUI-based task sequence to work, or even anyone else that had encountered this particular problem.

So my question would be, do we need to suspend/disable BitLocker as a prerequisite to the task sequence, or is there a better way to make sure it runs without error/user interaction?  The "disable bitlocker" task sequence step does not seem to work, I assume it wants the PIN to disable it, or maybe that's the same as a full decrypt and it just takes way too long.  Using that task sequence step seems to leave the task sequence in an "Installing" status that never goes away (at least 4 hours on a machine with maybe 4GB of user data) 

Also we use MBAM via GPO, so disabling bitlocker is fine, as long as the MBAM policy can recognize that and re-enable it once policy hits.

Hi Nick,

I'm using an MDT integrated Task Sequence with 2012 R2 CU2 with the UDI Wizard setting the Bit-locker suspend action (my Service Desk guys use the UDI Wizard as part of the refresh process to select apps to reinstall as part of the refresh and I've added the bitlocker UDI page with the suspend setting). As far as I'm aware you don't need to do anything before running the TS, just include the suspend action in the refresh TS. In my environment we don't use MBAM to manage bit-locker information - we just store the keys in AD and we also don't use pins, just encryption. When a refresh occurs bit-locker is suspended and USMT is run (using hard links). I've never had a problem with the process and can see the new encryption key stored against the computer account in AD.

So yes in my opinion you should be using the suspend action, you shouldn't have to disable it. Having pins might require further steps though? perhaps others can add to my response? 

I'm not in the office today. I can add some more information on Monday with what I'm doing if your interested.

Cheers

Damon

• Edited by Damon A. Johns Saturday, February 14, 2015 12:22 AM

Not an answer to your question, but Niall created a HTA to handle the complete scenario. I thought it might be interesting, see: http://www.windows-noob.com/forums/index.php?/topic/11864-the-cm12-uefi-bitlocker-frontend-hta-part-1-the-features/

Actually now that I'm in the office not going off my memory I have to correct some mistakes in my original correspondence.

We are using the UDI Wizard in our refresh scenario however its not disabling / suspending bitlocker. We are using the built in Task Sequence step "Disable Bitlocker". Sorry about that, I should have waited until I was back in the office instead of writing back to forum posts with my kids running around the house :)

• Edited by Damon A. Johns 11 hours 59 minutes ago