I'm trying to use the Suspend BitLocker PIN entry on restart client setting, but no luck. The machine keeps asking for PIN after reboot. Im using SCCM 2012 R2 CU1, I have applied the setting to a machine and are running a Task Sequence that restarts the machine.  What am I missing? When I look at the RebootCoordinator.log on the client it says:

User logoff notification received RebootCoordinator 2014-10-02 23:06:45 4712 (0x1268)
Reboot Coordinator received a SERVICEWINDOWEVENT END Event RebootCoordinator 2014-10-02 23:06:48 4712 (0x1268)
Reboot Coordinator received a SERVICEWINDOWEVENT START Event RebootCoordinator 2014-10-02 23:06:48 4156 (0x103C)
Service startup notification received RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
RebootCoordinator::FinalConstruct entered RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
No reboot has been scheduled. Removing all tasks from mtc queue... RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
Successfully registered for ServiceWindow Events RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
Successfully registered for Connected Standby Events RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
Successfully registered for Windows Maintenance Events RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
Reboot was not requested. Skip this evaluation. RebootCoordinator 2014-10-02 23:11:28 3592 (0x0E08)
Retry resuming bit-locker TPM PIN protector. Retry count 1 RebootCoordinator 2014-10-02 23:11:28 3592 (0x0E08)
Reboot Coordinator received a SERVICEWINDOWEVENT START Event RebootCoordinator 2014-10-02 23:11:28 3376 (0x0D30)
Didn't suspended bit-locker. Do nothing and return. RebootCoordinator 2014-10-02 23:11:28 3592 (0x0E08)
User S-1-5-21-1292428093-1482476501-839522115-228959 is getting pending reboot information... RebootCoordinator 2014-10-02 23:11:55 3588 (0x0E04)
Reboot Coordinator received a SERVICEWINDOWEVENT END Event RebootCoordinator 2014-10-02 23:12:09 3400 (0x0D48)
Reboot Coordinator received a SERVICEWINDOWEVENT START Event RebootCoordinator 2014-10-02 23:12:09 4056 (0x0FD8)
Service startup notification received RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
RebootCoordinator::FinalConstruct entered RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
No reboot has been scheduled. Removing all tasks from mtc queue... RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
Successfully registered for ServiceWindow Events RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
Successfully registered for Connected Standby Events RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
Successfully registered for Windows Maintenance Events RebootCoordinator 2014-10-02 23:15:44 1232 (0x04D0)
Reboot was not requested. Skip this evaluation. RebootCoordinator 2014-10-02 23:15:44 212 (0x00D4)
Retry resuming bit-locker TPM PIN protector. Retry count 1 RebootCoordinator 2014-10-02 23:15:44 212 (0x00D4)
Didn't suspended bit-locker. Do nothing and return. RebootCoordinator 2014-10-02 23:15:44 212 (0x00D4)
User S-1-5-21-1292428093-1482476501-839522115-228959 is getting pending reboot information... RebootCoordinator 2014-10-02 23:16:11 3868 (0x0F1C)
User logon system notification received RebootCoordinator 2014-10-02 23:16:30 4084 (0x0FF4)
Ingnoring this Logon event as it's not from SENS notification. RebootCoordinator 2014-10-02 23:16:30 4084 (0x0FF4)

Hi, as far as I know the suspend bitlocker only works when no user is logged on to the machine. At least that is what my experience are. So try to just send some application out there when no one is logged on and lets see if this is the case. 

Suspend BitLocker PIN entry on restart

If the BitLocker PIN entry is configured on computers, this option can bypass the requirement to enter a PIN when the computer restarts after a software installation. Always: Configuration Manager temporarily suspends the BitLocker requirement to enter a PIN on the next computer startup after it has installed software that requires a restart and initiated a restart of the computer. This setting applies only to computer restarts that are initiated by Configuration Manager and does not suspend the requirement to enter the BitLocker PIN when the user restarts the computer. The BitLocker PIN entry requirement is resumed after Windows startup. Never: Configuration Manager does not suspend the BitLocker requirement to enter a PIN on the next computer startup after it has installed software that requires a restart. In this scenario, the software installation cannot finish until the user enters the PIN to complete the standard startup process and load Windows.

BR.

Bjrn

Hi Bjrn,

I tried to running the Task Sequence that restarts the machine, when no one was logged on. But still no luck, it keeps asking for PIN after the reboot.

Hi, well I think the client setting is only applicable when you are using Software Deployment/Software Updates, when using TaskSequence I would use the TS step. Disable BitLocker->Reboot->Enable BitLocker. 

BR

Bjrn

Hi,

Yes, I have now confirmed with MS that the client settings won't apply when using a Task Sequence.

Regarding the TS step "Disable BitLocker", how is it supposed to work? I'm using it like this: Disable BitLocker->Reboot->Reboot->Enable BitLocker. But after the first reboot BitLocker is automatically enabled, and it's asking for PIN after the second reboot.

• Marked as answer by Xin GuoMicrosoft contingent staff, Moderator Wednesday, October 22, 2014 2:19 AM
• Unmarked as answer by Xin GuoMicrosoft contingent staff, Moderator Wednesday, October 22, 2014 2:20 AM

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.