My Goal is a post deployment of Bitlocker. I am running the enablebitlocker.vbs script deployed from SCCM 2007, running the comand EnableBitLocker.vbs /on:tpm /l:c:\BitLocker.log Group Policy is configured for ADDS backup and to prevent deployment unless backup of the keys. On the first pass, I can physically verify that the TPM is enabled and that ownership has not been taken. On the second pass I recieve the error as stated above. Error the protectkeywithtpm failed with exit code 80310018. My Disk is partitoned as below; 300MB BDEDrive , System, Active, Partition Primary 200GB OSDisk, Boot, Page file, Crash Dump, Primary Partition If I manually click to Enable Bitlocker, it backs the TPM to AD ? ???!!! I am clearly missing something ???!!! any words of wisdom much appreciated Log file; below... ----------------------------------------------------------------------- ---------------Executing with the following arguments------------------ ----------------------------------------------------------------------- Enable parameters: tpm Logging location: c:\bitlocker.log Create recovery key: No recovery key use specified Encryption method: 1 Create SMS status MIF's: No SMS status MIF's will be created Reset TPM ownership: TPM ownership information will not be cleared User prompting: Users will not be prompted for PIN or to insert USB key ----------------------------------------------------------------------- Connection succeeded to MicrosoftTPM Successfully retrieved a TPM instance from the Win32_TPM provider class TPM found in the following state: Enabled - False Activated - False Owned - False Connection succeeded to MicrosoftVolumeEncryption TPM is not turned on...will Enable and Activate TPM and force a reboot. Attempting to enable and activate the TPM Completed enabling and activating the TPM with an exit code of: 0 Presence Transition = 2 Completed PhysicalPresenceTransition with an exit code of: 0 Rebooting system to finish enabling the TPM TPM found in the following state: Enabled - False, Activated - False, Owned - False. The volume has a protection status of: . . Script Completed Successfully Script ended 19/04/2012 14:31:30 Script processing started 19/04/2012 14:39:10 Proper number of command line arguments passed to the script ----------------------------------------------------------------------- ---------------Executing with the following arguments------------------ ----------------------------------------------------------------------- Enable parameters: tpm Logging location: c:\bitlocker.log Create recovery key: No recovery key use specified Encryption method: 1 Create SMS status MIF's: No SMS status MIF's will be created Reset TPM ownership: TPM ownership information will not be cleared User prompting: Users will not be prompted for PIN or to insert USB key ----------------------------------------------------------------------- Connection succeeded to MicrosoftTPM Successfully retrieved a TPM instance from the Win32_TPM provider class TPM found in the following state: Enabled - True Activated - True Owned - False Connection succeeded to MicrosoftVolumeEncryption TPM ownership is not taken...will take ownership. Successfully determined if Endorsement Key Pair is present with an exit code of: 0 IsEndorsementKeyPairPresent returned a value of: True Endorsement Key Pair is present. Successfully connected to WMI StdRegProv Checking if Group Policy encryption method is set... Found ActiveDirectoryBackup with value: 1 Found RequireActiveDirectoryBackup with value: 1 Determined client Group Policy configured to require AD escrow of recovery password EncryptableVolumes count is: 1 The EncryptableVolume(s) found: \\?\Volume{1c1aa0a7-8a63-11e1-97d0-806e6f6e6963}\ EncryptableVolume used for encryption is: C: The volume has a protection status of: 0 BitLocker Protection is Off Get conversion status is: 0 The volume has a status of fully decrypted Attempting to enable BitLocker TPM ERROR - the ProtectKeyWithTPM Method failed with the exit code: 80310018 Script ended 19/04/2012 14:39:15

Hi, This error means FVE_E_TPM_NOT_OWNED 0x80310018. You must initialize the Trusted Platform Module (TPM) before you can use BitLocker Drive Encryption. Juke Chou TechNet Community Support