I am using configmgr 2007R3 to deploy windows. When I take a "Clean" machine, i.e. one straight from HP and run my task sequence, the bit locker partition is created, and the C: ends up encrypted without any issues. I have a GPO applied and the AD set up to store the keys. This works perfect. When I do a refresh scenario, the Task sequence fails on the enable bit-locker step. When I go into Windows and open tpm.msc, it says windows cannot find the TPM. I am using the built in windows Intel TPM driver, and it shows up in device manager. In doing refreshes, I am using the "suspend bit locker" step at the beginning of my Task Sequence. Here are my steps: use hp bios config tool with this file to enable TPM: English Activate Embedded Security On Next Boot *Enable Embedded Security Device *Device Available Embedded Security Activation Policy *No prompts F1 to Boot Allow User to reject OS Management of TPM *Enable OS Management of Embedded Security Device *Enable Reset of TPM from OS *Enable Reset of Embedded Security Device through OS *Enable Embedded Security Device Availability *Available 2. Restart PC back into currently installed OS 3. Create bit locker partition 4. restart PC 5. Enable bitlocker step in TS. I have tried clearing the TPM in bios and redeploying the OS several times with no success. I cannot get windows to see the TPM chip after the OS is re-deployed. Any ideas? Ryan

Hi, Since this issue persists after redeploying several times, it seems this is related to the SCCM process, as you said, you have disabled BitLocker at the beginning of task sequence, I would share the following article with you for reference: BitLocker Support - Configuration Manager OSD - Site Home - TechNet Blogs Also, you could open a new thread in SCCM forum for help: System Center Configuration Manager Category Alex Zhao TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Alex Zhao TechNet Community Support