We extended schema and are able to store recovery key for bitlocker manually, but we get this error when enable Bitlocker in the task. Anybody have any thoughts? The task sequence execution engine failed executing the action (Enable BitLocker) in the group (Setup Operating System) with the error code 2150121487 Action output: very password uStatus == 0, HRESULT=8028400f (e:\nts_sms_fre\sms\framework\tscore\encryptablevolume.cpp,1139) m_pEncryptableVolume->ProtectKeyWithNumericalPassword( sRecoveryPwdId ), HRESULT=8028400f (e:\nts_sms_fre\sms\client\osdeployment\bitlocker\bitlocker.cpp,588) CreateRecoveryPassword(), HRESULT=8028400f (e:\nts_sms_fre\sms\client\osdeployment\bitlocker\bitlocker.cpp,1197) ConfigureKeyProtection( keyMode, pwdMode, pszStartupKeyVolume ), HRESULT=8028400f (e:\nts_sms_fre\sms\client\osdeployment\bitlocker\bitlocker.cpp,1396) pBitLocker->Enable( argInfo.keyMode, argInfo.passwordMode, argInfo.sStartupKeyVolume, argInfo.bWait ), HRESULT=8028400f (e:\nts_sms_fre\sms\client\osdeployment\bitlocker\main.cpp,650) 'ProtectKeyWithNumericalPassword' failed(2150121487) Failed to create recovery password. Ensure that Active Directory is properly configured for use with BitLocker A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. (Error: 8028400F; Source: Windows). The operating system reported error 2150121487: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer.

Hi, It looks like the correct driver for a TPM module isn't loaded or that there is no TPM module, check that it is enabled in the BIOS and that the correct driver is loaded. Check out this list of pre-reqs for TPM. http://technet.microsoft.com/en-us/library/cc749022(WS.10).aspx Regards, jörgen-- My System Center blog ccmexec.com --

"Compatible Trusted Platform Module(TPM) cannot be found on this computer" so we are allowing by group policy to let encrypt usinf USB starting key. We have set the task to use USB key but it still failing at that part of the task. We are able to encrypt it and store the recovery key in AD with the same laptop.