none
Bitlocker preparation - bdehdcfg? RRS feed

  • Question

  • Greetings,

      We have a scenario where laptops with a C and D drive must be rebuilt preserving the D drive.

      My task sequence deletes everything except the D drive. It then creates a hidden drive (no drive letter) of 1.5GB which is set to active and then a C drive from the remaining space. Immediately after creating the C drive I pre-provision bitlocker on it (manage-bde "used"). This all happens in Winpe. I then use the "apply operating system" step to copy the image to the C drive. The trouble happens when I run the "setup windows and configmgr" TS step as the above process is not configured to boot properly. Obviously I want the System partition to be the hidden, unencrypted 1.5gb partition which points to boot partition on the C drive. Does bdehdcfg help here? I was looking at the merge option but that requires a drive letter and the "apply OS" step fails if my 1.5gb partition has a drive letter (unless I temporarily assign a drive letter, run bdehdcfg, and then remove the drive letter?).

    Any ideas please?

    Thanks

    David Z

    Monday, March 31, 2014 10:06 PM

Answers

  • Solved! Like this:

    add SMSTSLOCALDataDrive = C: to my collection

    TS starts, creates %_smstsmdatapath on C (BDE)

    Use diskpart IN ONE STEP to

    delete all existing partitions except D, create BDE and C drives

    at the end of this step, it now uses the real C drive for %_smstsmdatapath, not the bde space. Immediately after this step I do have to do a "Use toolkit package", but the rest of the task sequence flies

    Hope someone finds all this rambling useful - maybe we are the only people who run BDE, C and D drives on our laptop and need a TS to preserve D and recreate the OS?

    Cheers

    David Z

    • Marked as answer by David Zemdegs Thursday, April 3, 2014 4:50 AM
    Thursday, April 3, 2014 4:50 AM

All replies

  • I have done some more testing and it appears that my apply operating system TS step is ignoring step 4 as defined in:

    http://technet.microsoft.com/en-us/library/hh846237.aspx#BKMK_ApplyOperatingSystemImage

    I put a pause in my task sequence just prior to the Apply operating system step and used diskpart to verify that my 1.5gb hidden partition is the active partition. I also put a pause after the Apply operating system step and diskpart tells me that my C drive is the active partition! It has changed it instead of using what was the active partition. Any reason why?

    Tuesday, April 1, 2014 4:40 AM
  • This is starting to get strange.....

    We have two disk configuration requirements:

    A) One where the entire disk is wiped and a new OS applied and

    B) One where we must preserve the D drive and apply a new OS.

    Both these scenarios apply to existing laptops which have three partitions - BDE, C and D (C and D are bitlockered).

    Scenario A works perfectly every time and the main task sequence steps are thus:

    1) Use the standard task sequence step "Format and Partition disks" to create three partitions:

    BDE (make boot partition - do not assign a drive letter)

    C (%40 of the rest)

    D (%100 of the rest)

    2) Pre-provision bitlocker on both C and D drives.

    At this point I had a pause in my task sequence. When I run diskpart it reports that drive letter "S" has been assigned to my bde partition even though I said do not assign a drive letter!?!?!?!?!?!

    3) Apply Operating System Image

    At this point I have another pause and verify that my bde partition is still set to active which it is

    I omit a few steps like drivers as its not important...

    4) Setup Windows and Configmgr

    This works fine, reboots into the real OS and does other stuff.

    Scenario B looks like this:

    I cannot use the "format" ts step as I need to preserve the D drive

    1) Delete all partitions except the D drive using diskpart

    2) Create the BDE partition (1.5GB) using diskpart and set it to active

    3) create the C drive using diskpart from the remaining space

    4) pre-provision the C drive for bitlocker

    5) get the recovery key from MBAM for the existing D drive and unlock and disable protectors

    At this point I have a pause and everything looks just like it did in scenario A re: diskpart - same partitions, same sizes, same drive letters, bde "S" drive active.

    6) Apply operating system image

    At first this failed as I had assigned my bde drive the letter "S" and it tried to copy the OS image down and failed with "not enough free space". Why it tried to use the "S" drive to cache the OS is beyond me and why it ignored it when it was drive "S" assigned by the "format" ts step instead of diskpart ??????...

    I then removed the drive letter and the Apply OS step worked but did not set my BDE partition as the System partition (which I mentioned in my first post).

    So now I have left the drive letter "S" on my BDE partition and used the option "Access content directly from DP". This didnt try to cache it so it worked. And in the pause after this step, my BDE partition was set to active so I thought I'd solved it until....

    7) Setup Windows and configmgr

      This got to the point where it had to reboot and failed. I tried this several times and it kept failing with different things. It first failed on reboot but I didnt capture the errors - something about saved environment. The second time it failed after two reboots and just rebooted to windows 7 without completing any task sequence steps after the "setup windows". This is getting quite frustrating.

    Anyone spot anything I have missed?

    The key point for me is that the disks seem to be configured exactly the same prior to "Apply operating system", and scenario A always succeeds but scenario B always fails.....

    Cheers

    David Z

    Wednesday, April 2, 2014 2:40 AM
  • Got the answer by carefully following %_smstsmdatapath....

    This is my original scenario B

    task sequence starts. It finds my BDE, C and D drives which it calls C, D and E respectively.

    sets %_smstsmdatapath to E:

    task sequence deletes C and D and changes drive letter E to D.

    %_smstsmdatapath is now confused - unable to set permissions etc errors but soldiers on

    by the time it got to reboot in step 7 it didnt know arthur from martha and spat the dummy....

    So...I added SMSTSLOCALDataDrive = C: to my collection - now it went like this:

    Finds C,D and E (BDE,C,E)

    sets %_smstsmdatapath to C (the old BDE)

    delete C and D and rename E to D. Cannot create _smstasksequence on D as its bitlockered so it errors but continues.

    Very next step creates the bde partition and sets it to drive S.

    Task sequence sighs with relief and recovers by setting _smstsmdatapath to s:

    then I create my c drive and apply OS and its happy until....

    Gets to setup windows and configmgr and when it restarts the TS bombs and does not continue with the next step. My guess is that %_smstsmdatapath was on my BDE drive (S) but on a reboot, this drive letter is hidden so it cant find itself and dies.

    But I have a plan......

    Thursday, April 3, 2014 2:32 AM
  • Solved! Like this:

    add SMSTSLOCALDataDrive = C: to my collection

    TS starts, creates %_smstsmdatapath on C (BDE)

    Use diskpart IN ONE STEP to

    delete all existing partitions except D, create BDE and C drives

    at the end of this step, it now uses the real C drive for %_smstsmdatapath, not the bde space. Immediately after this step I do have to do a "Use toolkit package", but the rest of the task sequence flies

    Hope someone finds all this rambling useful - maybe we are the only people who run BDE, C and D drives on our laptop and need a TS to preserve D and recreate the OS?

    Cheers

    David Z

    • Marked as answer by David Zemdegs Thursday, April 3, 2014 4:50 AM
    Thursday, April 3, 2014 4:50 AM
  • Hi David,

    Did you manage to solve the "S" drive problem. I also have the same issue and the strange thing is that it not always generates (or leaves) an "S" drive.

    Sometimes it runs perfectly and I got a pre-proviosned system with a C and D drive.

    And another time I do have a "S" drive as well :-((((

    Do I need to put some sleep in between the pre-prov C: en pre-prov D: or a waiting script which loops until pre-prov C: is finished.

    I hope you can help me out.

    Wednesday, February 25, 2015 10:05 AM