none
MDT 2013 Update 1 Re-Release TPM Ownership Issues RRS feed

  • Question

  • Hi

    We are having issues with the latest MDT update in that it won't take ownership of TPM Machines. Just getting FAILURE ( 6743 ): TPM P@ssword missing at the end of the deployment process. Looking at the logs it looks like the script takes ownership of TPM but then when it checks to confirm it reports TPMOwner as false.

    <![LOG[Success TPM Enabled]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Success TPM Is Activated]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Success TPM Is Owned]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Success TPM Ownership Allowed]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[Check for Ensorsement Key Pair Present = 0]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[TpmEnabled: True]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[TpmActivated: True]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[TpmOwned: False]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[TpmOwnershipAllowed: True]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[EndorsementKeyPairPresent: True]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[TPM P@ssword missing. Please provide P@ssword via TpmOwnerP@ssword or AdminP@ssword]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="1" thread="" file="ZTIBde">
    <![LOG[FAILURE ( 6743 ): TPM P@ssword missing.]LOG]!><time="12:29:11.000+000" date="10-14-2015" component="ZTIBde" context="" type="3" thread="" file="ZTIBde">

    I cannot work out what is going on or how to fix, any help would be greatly appreciated.

    Wednesday, October 14, 2015 4:55 AM

Answers

  • I'm seeing that too, so I started to look into it this morning. Here's a comparison of ZTIBde.wsf between 2013 Update 1 and 2013

    Update 1

    If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
    
    	If oEnvironment.Item("TpmOwnerPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
    		TestAndFail iRetVal, 6741, "TPM Owner Password set"
    
    	ElseIf oEnvironment.Item("AdminPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
    		TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
    
    	Else			
    		oLogging.CreateEntry "TPM P@ssword missing. Please provide P@ssword via TpmOwnerP@ssword or AdminP@ssword", LogTypeInfo				
    		oLogging.ReportFailure "TPM P@ssword missing.", 6743				
    				
    	End If
    
    End If

    2013 (Previous version)

    If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
    
    	If oEnvironment.Item("TpmOwnerPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
    		TestAndFail iRetVal, 6741, "TPM Owner Password set"
    
    	ElseIf oEnvironment.Item("AdminPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
    		TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
    
    	Else
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with Default p@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner("M0nksH00d!4T3al")
    		TestAndFail iRetVal, 6743, "Set TPM Owner P@ssword to value"
    				
    	End If
    
    End If

    The difference I see is that the previous version of MDT would set a default TPM Owner password, whereas now it reports a failure of missing a TPM password. My guess is to set a password in CustomSettings, so I'm going to give that a try.


    If this post is helpful please vote it as Helpful or click Mark for answer.


    Wednesday, October 14, 2015 3:22 PM

All replies

  • I'm seeing that too, so I started to look into it this morning. Here's a comparison of ZTIBde.wsf between 2013 Update 1 and 2013

    Update 1

    If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
    
    	If oEnvironment.Item("TpmOwnerPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
    		TestAndFail iRetVal, 6741, "TPM Owner Password set"
    
    	ElseIf oEnvironment.Item("AdminPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
    		TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
    
    	Else			
    		oLogging.CreateEntry "TPM P@ssword missing. Please provide P@ssword via TpmOwnerP@ssword or AdminP@ssword", LogTypeInfo				
    		oLogging.ReportFailure "TPM P@ssword missing.", 6743				
    				
    	End If
    
    End If

    2013 (Previous version)

    If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
    
    	If oEnvironment.Item("TpmOwnerPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
    		TestAndFail iRetVal, 6741, "TPM Owner Password set"
    
    	ElseIf oEnvironment.Item("AdminPassword") <> "" Then
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
    		TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
    
    	Else
    			
    		oLogging.CreateEntry "TPM Ownership being intiated with Default p@ssword (not TPMOwnerP@ssword).", LogTypeInfo
    		iRetVal = SetTpmOwner("M0nksH00d!4T3al")
    		TestAndFail iRetVal, 6743, "Set TPM Owner P@ssword to value"
    				
    	End If
    
    End If

    The difference I see is that the previous version of MDT would set a default TPM Owner password, whereas now it reports a failure of missing a TPM password. My guess is to set a password in CustomSettings, so I'm going to give that a try.


    If this post is helpful please vote it as Helpful or click Mark for answer.


    Wednesday, October 14, 2015 3:22 PM
  • in cs.ini or DB

    TpmOwnerPassword=<SomePasswordYouChoose>

    As Dan said :)


    Logs are very important. If you are unsure how to post logs or where to find them then reference https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Also if you have made customizations please mention them when asking for help.


    • Edited by Ty GlanderModerator Wednesday, October 14, 2015 5:27 PM
    • Proposed as answer by jj_cu Monday, July 18, 2016 8:04 AM
    Wednesday, October 14, 2015 5:25 PM
    Moderator
  • Thanks Dan and Ty,

    You've hit the nail on the head. I trawled through the ZTIBDE scripts to try and compare them but obviously missed this! Thanks very much for the help, setting the password in the cs.ini fixed it up.

    Worth noting that if the machine has previously been imaged and TPM settings configured in BIOS then you won't see this issue, we were only seeing it on new machines or machines that had the BIOS settings reset to default.

    Thanks

    Alex

    Wednesday, October 14, 2015 11:01 PM