none
Bitlocker issue - Unable to encrypt the OS drive. All other drives are OK. RRS feed

  • Question

  • Hi All,

    I am experiencing a strange issue which I hope is something very simple. 

    I have an SCCM task sequence which builds a Windows 7 x64 workgroup based laptop that is destined to be used in a KIOSK like fashion, i.e. running one app. with a specific purpose. The Task Sequence Enables, Activates and Takes Ownership of the TPM. After that Bitlocker is enabled on Drive C: and then Drive D:. A Recovery Password, the TPM and a PIN are added as Key protectors.

    The partition scheme is:

    • Boot partition (100MB) - standard
    • System Partition (60GB)
    • Data Partition (Rest of drive)

    The issue I have is that the Enable Bitlocker (C:\) step is failing. When I check the state of the TPM, it is indeed enabled, activated and ownership has been taken. The command that is run during the failing step is "manage-bde c: -on -rp [valid password here]"

    When I run this command the error is:

    "ERROR: An error occurred (code: 0x8007001f)

    A device attached to the system is not functioning"

    If I execute the next task sequence step ... "manage-bde d: -on -rp [valid password here]." the command runs as expected and enables Bitlocker as expected. The D:\ drive fully encrypts and after a reboot locks (also as expected given the OS dive is not protected). It is only the OS partition that I cannot encrypt. I get the same experience after a reboot, if I use the Bitlocker Control Panel applet, even if I clear and re-initialise the TPM.

    I have been building these devices for months without issue with Bitlocker. I have now hit this problem which causes the task sequence to fail more often than it works. Just recently I recreated the OS base image so as to include all of the Windows patches up to and including June 2013. I also added 4/5 other issue specific patches. I am hoping that it is a simple recent hotfix that is causing it. I am yet to revert back to my previous OS image to see if the problem goes away.

    Windows Event logs have not yielded any information except to show the Drive D: encrypting. As a precaution I ran a chkdsk on drive c:, no errors were detected.

    Any suggestions would be great.

    Thanks,


    Nathan Sutton




    Wednesday, June 19, 2013 8:08 AM

Answers

  • Hi All,

    I have determined the differences in hotfixes between our previous base OS image and the current base OS image. Hotfix KB2799926 is the culprit. After removing this hotfix I can enable Bitlocker on the OS drive. If I disable bitlocker, put the hotfix back on and reboot I get the same error as reported above. Interestingly enough KB2799926 relates to Bitlocker-to-go.

    I am logging a call with premiere support and will hopefully post the results here.

    Cheers,

    Nathan Sutton


    NSutton

    Thursday, June 20, 2013 1:04 AM

All replies

  • Hi All,

    I have determined the differences in hotfixes between our previous base OS image and the current base OS image. Hotfix KB2799926 is the culprit. After removing this hotfix I can enable Bitlocker on the OS drive. If I disable bitlocker, put the hotfix back on and reboot I get the same error as reported above. Interestingly enough KB2799926 relates to Bitlocker-to-go.

    I am logging a call with premiere support and will hopefully post the results here.

    Cheers,

    Nathan Sutton


    NSutton

    Thursday, June 20, 2013 1:04 AM
  • Glad to hear that you have worked it out. We’d love to hear your feedback about the solution. It will help other community members facing similar problems.


    Tracy Cai
    TechNet Community Support

    Thursday, June 20, 2013 3:24 AM
    Moderator
  • I wanted to let you know that I had a very similar problem with adding 4 bitlockered volumes to an existing setup (that already had 10+ volumes).  In my case, I was trying to encrypt 4 additional data volumes through the UI and through the command-line, but I received the same error ("A device attached to the system is not functioning").  Removing Hotfix KB2799926 solved the problem for me, too.

    Thanks for tracking that down.

    Thursday, August 1, 2013 3:40 PM
  • Hi All,

    I have determined the differences in hotfixes between our previous base OS image and the current base OS image. Hotfix KB2799926 is the culprit. After removing this hotfix I can enable Bitlocker on the OS drive. If I disable bitlocker, put the hotfix back on and reboot I get the same error as reported above. Interestingly enough KB2799926 relates to Bitlocker-to-go.

    I am logging a call with premiere support and will hopefully post the results here.

    Cheers,

    Nathan Sutton


    NSutton

    Hello all,

    I have the same problems with re-imaging W7 systems with a image with this Update installed.

    Strange thing is that with older bios systems (no UEFI) is works with the update installed!

    If i do a uninstall i can encrypt the drives again!

    regards.

    Monday, October 21, 2013 2:27 PM
  • Sorry to drag an old thread out again, but all these years later this update is still causing issues. We had the exact same problem, but even though this update is applied to all PCs, only some had this problem. Removing the update fixed it though for those PCs affected.

    I'm curious about what happened with your call to Premier Support back then, as the update doesn't seem to have ever been fixed since it came out in 2013.

    Monday, December 5, 2016 10:55 AM