none
MDT fails with "Failed to find a TPM instance in the provider class" when using CCTK on Dell Laptops RRS feed

  • Question

  • I am trying to have Bitlocker encrypt the drive when offline. If I turn on the TPM and the activate it manually, MDT is able to offline encrypt the drive. If I do not do it manually and let CCTK enable bios password, turn on the TPM and activate it, Bitlocker fails with "Failed to find a TPM instance in the provider class". I know that CCTK is working because if I stop the imaging and check the BIOS all 3 tasks have been completed. Also, Bitlocker will work with the standard method of encryption, but it just takes too long. Any ideas? 
    Wednesday, September 14, 2016 1:21 PM

All replies

  • Yeah I can tell exactly what's happening. Bitlocker fails when it tries to pre-provision because the machine has to reboot after enabling/activating TPM. The catch is you can't reboot the system during WinPE otherwise the wizard will start all over again. This was my solution to eliminate the warning message, but as you noticed BitLocker will not pre-provision so if you aren't using SSD drives encryption will take longer. We buy out desktop and laptops with SSD drives so it hasn't been an issue. Older systems with spinning drives we just manually clear and enable TPM before reimaging other wise it takes a while to encrypt.


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, September 14, 2016 2:12 PM
  • Trying this out now. Thanks for the response!
    Wednesday, September 14, 2016 4:08 PM
  • Unfortunately, that didn't work for me. Do I have the synax correct for the WMI query?

    WMI query SELECT * FROM Win32_TPM WHERE IsEnabled_InitialValue = True


    Wednesday, September 14, 2016 5:40 PM
  • Be sure you first add IF all conditions are true
    Then add your WMI query
    Should look like this:


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, September 14, 2016 6:16 PM
  • I've tried twice and the same thing happens, it won't enable bitlocker. Here are some screenshot:


    Thursday, September 15, 2016 3:30 PM
  • Because you previously said cctk was working I assumed you had already done what I've done to add the cctk tools to your WinPE image, but let me ask.

    Did you add the files to your extrafiles folder and update your boot image?

    The process is similar to adding CMTRACE to your boot image. You need cctk.exe, mxml1.dll, pci.ids and the entire HAPI folder to be added in order to use the command line during WinPE (preinstall phase).

    My documentation on doing this (link expires 10/15/16)


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Thursday, September 15, 2016 4:22 PM
  • CCTK is set up properly. It is included in the boot image. I can go to the command prompt in WinPE and run the CCTK commands manually. Also, I've tested that after the commands run, I'll force reboot the machine to make sure the changes have been made. 
    Friday, September 16, 2016 7:40 PM
  • Just to be clear is CCTK doing its job during WinPE and configuring the BIOS? If so but BitLocker is failing to enable, have you looked at your ZTIBDE.log or BDD.log file to see what's going on when it tried to enable BitLocker?

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Friday, September 16, 2016 8:06 PM