none
MDT 2013 update 2 bitlocker issue

    Question

  • I was able to update my MDT server to update two this week but on testing deployment I found that I'm not able to choose to encrypt with bitlocker. This worked with the previous version. The first reboot after it applies the image comes up to a bitlocker recovery screen that says there are no recovery options for your PC. If I choose to not encrypt the system the image completes successfully and I can then encrypt manually from windows 8.1. There were no errors in the bdd.log or the smsts.log.

    I choose encrypt using TPM only.

    My custom settings look like this

    [Settings]
    Priority=Default
    Properties=MyCustomProperty

    [Default]
    ApplyGPOPack=NO
    OSInstall=Y
    SkipCapture=NO
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerBackup=YES
    BDEInstall=TPM
    BdeInstallSuppress=NO
    BDeWaitForEncryption=False
    BDEDriveSize=2000
    BDEDriveLetter=S:
    BDEKeyLocation=C:
    BDERecoveryKey=AD
    BDEKeyLocation=C:\Windows\BDEKey
    SkipTimeZone=YES
    TimeZoneName=Eastern Standard Time
    SkipUserData=YES
    SkipLocaleSelection=YES
    OSDComputername=BLAH#Right("%SerialNumber%",4)#

    I noticed that the disk partitions are different on a system imaged with the previous version of mdt and encrypted. Could this be the issue?

    Update 2 laptop:
    499 MB EFI system
    117 GB C:\
    1.2 GB recovery

    pre-update laptop:
    300 MB recovery
    1.95 GB EFI system
    117 GB 

    I found the task steps that control the partition size and changed them to be more in line with what they were pre-update:

    Boot (EFI)

    2000 MB

    Windows (Primary)

    99% of remaining

    Recovery (Recovery)

    1GB NTFS

    This did not resolve the error though (still comes up  to the recovery screen and says there are no recovery options for your computer)

    Any help you could provide would be appreciated :)

    Monday, January 04, 2016 3:54 PM

Answers

All replies