locked
Surface Book UEFI - Win10 1607 Enterprise with Bitlocker and WinRE RRS feed

  • Question

  • Hey guys,

    Have a pretty "out of the box" Client TS looking to deploy a custom WIM of a configured and Sysprepped Surface Book (SB) using MDT 2013 Update 2.

    When the custom WIM is deployed to a new SB Bitlocker is advising that it's awaiting activation. Digging into it the system drive is encrypted but not protection was off. It seems this is being triggered because WinRE is failing to be installed to the correct partition (no custom work here - let MDT use the EUFI action).

    I have "PrepareWinRE=YES" configured in my CustomSettings.ini (no DB), but get the following in the ZTIWinRe.log:

    FindFile: The file WinRE.wim could not be found in any standard locations.	ZTIWinRE	8/03/2017 13:47:36	0 (0x0000)
    Copy File: D:\Deploy\Boot\LiteTouchPE_x64.wim to V:\Recovery\WindowsRE\WinRE.wim	ZTIWinRE	8/03/2017 13:47:36	0 (0x0000)
    FindFile: The file REAgentC.exe could not be found in any standard locations.	ZTIWinRE	8/03/2017 13:47:39	0 (0x0000)
    About to run command: E:\Windows\System32\REAgentC.exe /info /target E:\Windows	ZTIWinRE	8/03/2017 13:47:39	0 (0x0000)

    I've seen posts about this issue advising that WInRE doesn't. I've also seen a bunch of posts that say it should just work fine with Win10 and no custom partitioning.

    The only other thing I have seen that doesn't look "right" is that the GPT Attrib on the Recovery partition is missing the "1" on the end as detailed in the TechNet article for WinRE partitioning:

    ID=”de94bba4-06d1-4d40-a16a-bfd50179d6ac”
    GPT Attributes=0x8000000000000000

    My partition table:

      Partition ###  Type              Size     Offset
      -------------  ----------------  -------  -------
      Partition 1    System             499 MB  1024 KB
      Partition 2    Reserved           128 MB   500 MB
      Partition 3    Primary            117 GB   628 MB
      Partition 4    Recovery           1215 MB  118 GB

    Any suggestions on what I'm missing here? All help welcomed :)

    Cheers,

    Adam




    Wednesday, March 8, 2017 3:39 PM

Answers

  • Hi Dan,

    Thanks for responding :)

    Seeing your configuration gave me an idea. I followed the link in my OP to the TechNet guidance on the recommended partition format and in MDT I created a Format Partition Disk task that mirrored the EUFI DiskPart script. Basically, this just moved the Windows RE partition from 4 to 1, and I made it 1GB in size.

    Not expecting it to do much I reran an Offline Media build and it worked fine. WinRe is happy and Bitlocker was enabled. As these machines are AAD joined we're not backing the Recover Password to AD but I did notice that the Protector was missing and hence removing the manual link to be able to backup your Bitlocker key. Just looking at adding this as a step in the TS and everything should be fine.

    Interesting that on my personal SB (with no custom build on it) the WinRE partition is 4, but to be honest as long as it works I don't really care why it was so pedantic right now. Something to review at a later date.

    Cheers,

    Adam

    Thursday, March 9, 2017 5:21 PM

All replies

  • This was my solution and so far it's been working well.

    Example of Surface Pro 4 w/256GB drive.

    Partition ###  Type              Size     Offset
    -------------  ----------------  -------  -------
    Partition 1    Recovery           499 MB  1024 KB
    Partition 2    System             499 MB   500 MB
    Partition 3    Reserved           128 MB   999 MB
    Partition 4    Primary            237 GB  1127 MB

    My custom solution:


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, March 8, 2017 8:44 PM
  • Filter so it only applies to Surfaces


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Wednesday, March 8, 2017 8:45 PM
  • Hi Dan,

    Thanks for responding :)

    Seeing your configuration gave me an idea. I followed the link in my OP to the TechNet guidance on the recommended partition format and in MDT I created a Format Partition Disk task that mirrored the EUFI DiskPart script. Basically, this just moved the Windows RE partition from 4 to 1, and I made it 1GB in size.

    Not expecting it to do much I reran an Offline Media build and it worked fine. WinRe is happy and Bitlocker was enabled. As these machines are AAD joined we're not backing the Recover Password to AD but I did notice that the Protector was missing and hence removing the manual link to be able to backup your Bitlocker key. Just looking at adding this as a step in the TS and everything should be fine.

    Interesting that on my personal SB (with no custom build on it) the WinRE partition is 4, but to be honest as long as it works I don't really care why it was so pedantic right now. Something to review at a later date.

    Cheers,

    Adam

    Thursday, March 9, 2017 5:21 PM