All,I'm trying to deploy BitLocker integrated with AD and am having some issues. Unfortunately not much comes up when searching online and any advice you can offer would be greatly appreciated. Long story short, I get a 0x8007052e error, cannot take ownership of the TPM, TPM initialization failed, logon failure: unknown username or bad password.The environment has one Server 2008 Standard (not R2) box that does everything. Laptops are Lenovo T400's with Windows 7 Enterprise. I followed the Bitlocker deployment Guide from http://www.microsoft.com/downloads/details.aspx?FamilyID=3a207915-dfc3-4579-90cd-86ac666f61d4&DisplayLang=enHere is an overview of what I did:Did not extend the schemaRan cscript Add-TPMSelfWriteACE.vbsModified Turn on TPM backup to Active Directory and Turn on BitLocker backup to Active Directory in GPOVerified cscript List-ACEs.vbs returns the proper informationOn a T400 joined to the domain, Itried doing the following while signed on as a domain user with local admin (also tried a domain admin account- can't use according to guide, and the default administrator account local to the machinewhich then can't reach the AD server):Ran TPM.mscInitialized the TPM and restarted the machinePressed F10 to enable the TPMRan TPM.msc again and clicked initialize the TPMAt the 'Create the TPM owner password screen' I clicked 'automatically create the password (recommended)'Clicked 'save the password...' and pointed to a secure location on our networkClicked initialize and get the 0x8007052e error, cannot take ownership of the TPM, TPM initialization failed, logon failure: unknown username or bad password.I tried doing this with different accounts (as mentioned earlier), moved the computer object to a new OU outside of the default computer group, and also gave the computer full control ofSELF under permissions in ADSIedit with no luck.Oddly enough, I took another machine and instead of running TPM.msc I went to control panel > bitlocker drive encryption > turn on bitlocker, and let the wizard start to enable the TPM. I rebooted the machine, pressed F10 to enable the TPM, and when the machine booted back up the wizard asked 'how do you want to store your recovery key?' Once again I saved to a secure network location and the wizard saved two files: HOSTNAME.tpm andtherecovery key text file. The machine started encrypting.But, when I check cscript Get-TPMOwnerInfo.vbs it says "the directory property cannot be found in the cache"I then tried this method on the first machine and it fails giving a logon failure: unknown username or bad password error.I believe somethingis causing bad TPM data to be written. When I rebooted the first machinethe TPMprompted saying a request to DISABLE the TPM chip was made... which was not the case. Let me know if you need any other information.Thanks in advance

We have the exact same situation. We found that freshly imaging the system with Windows XP (at least until it gets to the drivers stage) and clear the TPM data in the security section of the T400 bios, this allows it to image fine and encrypted fine after imaging with Windows 7. We still have some problems but this is just one fix.

You may be able to resolve the problem by loading the system BIOS and disable the TPM chip, which should sacrifice any configuration or ownership information it has. Then reboot, enter the BIOS again and Activate the TPM chip. You may need to reboot and enter the BIOS a third time so you can Enable the TPM and take ownership of it, but now you can try enabling BitLocker and it should have the access it need. I wrote a guide on setting up BitLocker and Saving the Keys to Active Directory. You may find it useful. http://blog.concurrency.com/infrastructure/enable-bitlocker-automatically-save-keys-to-active-directory/MrShannon | Concurrency Blogs | UAG SP1 DirectAccess Configuration Guide

You may also have issues if you did not create a partiton large enough for bitlocker 1.5gb when you setup the drive for the server install