Bitlocker requires recovery key when laptop is docked or undocked
I've recently installed Windows 7 Enterprise on Panasonic H1 (mk 1.5) tablets. I enabled bitlocker (tpm only), and find that when the laptop is later removed from it's dock, it won't boot without a recovery key. I experienced this previously with our lenovo x200 tablets, but in that case i was able to fix the issue by suspending bitlocker, removing the cdrom drive from the boot sequence, and then resuming bitlocker. With the panasonic, there isn't a cdrom drive in the dock, but there is 'usb' nic in the dock. I tried removing usb hard drives, usb cdrom drives, and the nic all from the boot sequence, but even after suspending bitlocker, making these changes, and resuming bitlocker, I'm still seeing the issue. I can make it work either in the dock or out of the dock, depending on when I resume bitlocker, but I can't make bitlocker work with both the docked and undocked configurations. Anyone else run into this? How did you get around it?
June 8th, 2011 7:12pm

Hi, The theory should be the same as Lenovo. Please go to BIOS and try excluding all but your primary HDD out of the boot priority order. Also update the BIOS to the latest version. Furthermore, you can try to follow these steps: 1 Open the BitLocker manager tool by either 1) Typing BitLocker into the start menu seach box and selecting the first result 2) or in the control panel, System & Security > BitLocker 2 Click "Suspend Protection" on your system disk 3 Select yes to the prompt that appears 4 Click "Resume Protection" Now BitLocker will remember your updated system configuration Hope that helps. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2011 11:07am

Leo is right, if your boot order changes when docked vs undocked this can bascially cause BitLocker to decide that the hard drive is not connected to the same hardware and will require the Recovery Key. Changing the BIOS boot order to always boot from the system hard disk should help prevent the prompting for the recovery key. More: http://blog.concurrency.com/infrastructure/enable-bitlocker-automatically-save-keys-to-active-directory/#bootMrShannon | Concurrency Blogs | UAG SP1 DirectAccess Configuration Guide
June 10th, 2011 7:29pm

Hi, Did your issue solved? Please feel free to give me any update. Thanks. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 10:53am

Sorry for the delay. I did try this last night, with every boot option in the bios disabled except for the internal hard drive. I turned on bitlocker, let the encryption finish, shut down the computer, removed it from the dock, turned it on, and was prompted for the recovery key due to boot configuration changes.
June 15th, 2011 6:22pm

Since it is a Panasonic Model, first make sure that TPM is using Microsoft Driver and not Infineon. Open Device Manager -> Security Devices -->Trusted Platform Module Right click on Trusted Platform Module and select the Properties. Click on Driver Details and make sure it points to c:\windows\system32\drivers\tpm.sys Once you have confirmed that you are using tpm.sys driver, then make sure you have HDD as first in boot order. Also change Wake ON LAN Settings Wake ON Lan feature is generally turned ON in BIOS, with default setting to Boot to Network. The BIOS options under System Configuration\Built In Device Options\Wake On LAN are: · Disabled · Boot to Network · Follow Boot Order If the option “Boot to Network” is selected, when the platform is awoken from the LAN, it will boot to the network, potentially fail and then boot to the hard drive by following the normal boot order. This results in a different measurement on a conventional BIOS system then following the normal boot order alone. The different measurement results in the message from BitLocker that the system boot information has changed and BitLocker forces the customer to enter the recovery key (or reboot). Configuring the setting to “Follow Boot Order” will cause the same boot sequence BitLocker used when it was turned on. This will cause BitLocker to boot normally. Let me know how it goes. Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2011 3:34pm

The driver for the TPM chip is the microsoft driver, using the same file you listed. The HDD is the 1st item of 5 in the boot order. Items 2-4 are [Disabled]. There is no option on this tablet to enable or disable wake on lan in the bios.
June 22nd, 2011 12:34am

When is the last time, machine asked for bitlocke recovery key? Also can you send me copy of system log on my email id - manojsehgal@hotmail.com Please zip the system log and send it. ThanksManoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 6:37pm

Thanks for the reply manojsehgal. I was on vacation last week. I will be playing catch up today, and hope to get back to this issue in the next day or two. I'll get you more info when I can.
July 5th, 2011 4:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics