locked
Enable BitLocker Failure (A valid OSDBitLockerMode type was not specified. Aborting BDE install) RRS feed

  • Question

  • Below is a collection settings in my environment. MDT Fails to enable BitLocker, but I can enable it manually through the Windows interface after deployment.

    Server 2012 R2

    MDT Version 8450

    Deployed OS

    Windows 10 LTSB


    MDT Deployment Share [Rules]

    SkipBitLocker=YES
    
    
    BDEDriveLetter=S:
    BDEDriveSize= 2000
    BDEInstall=ProtectKeyWithTpm
    BDEInstallSuppress=NO
    BDERecoveryKey=TRUE
    BDERecoveryPassword=TRUE
    BDERequired=YES
    OSDBitLockerMode=TPM
    OSDBitLockerCreateRecoveryPassword=AD
    OSDBitLockerWaitForEncryption=TRUE


    Task Sequence

    https://imgur.com/mayBB6V

    Group Policy

    https://imgur.com/TMit4o8

    Error Output

    https://imgur.com/4MXn9iS

    ZTIBDE.log

    https://pastebin.com/21jwsj7w



    • Edited by VaughnSch Thursday, July 26, 2018 7:06 PM
    Thursday, July 26, 2018 6:28 PM

Answers

  • I think I've resolved the issue with a work around. I disabled the built in (Enable BitLocker) under State Restore. Then created a PS script with these three lines to replace it. Seemed to do the trick.

    Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector
    Enable-Bitlocker -MountPoint $env:SystemDrive -TpmProtector
    Resume-BitLocker -MountPoint $env:SystemDrive

    • Marked as answer by VaughnSch Friday, March 27, 2020 8:21 PM
    Monday, July 30, 2018 8:55 PM