01-17-2019 06:52 AM
instead of a value 10, try value 14. this will clear, enable, and activate the TPM. 10 only enables and activates. by using 14, you should be prompted to press F9 to actually clear the chip.
it's probably safe to leave out the first 2 query checks unless you've specificially disabled the TPM manually before deploying. these systems come from the factory with the TPM enabled anyway.
01-18-2019 07:02 AM
We tryed to change value from 10 to 14, but we didin't get any prompt to clear the chip. We even tried to press F9, but that didin't help at all. The installion went fine, but still no key protections or anything. Do you have ideas why it´s not prompting the chip clearing or could you send a pic how it should look like? maybe im just missing something..
Any ideas will be still a lotly appreciated.
01-18-2019 07:15 AM
01-18-2019 07:21 AM - edited 01-18-2019 07:22 AM
You mean picture of Security Chip on BIOS screen? I'll do this 1st thing on monday if that's okay.
Happy weekends, thanks for your advices so far.
Sorry for slow answering, we're on so difference time zones. haha.
01-20-2019 09:29 PM
Heres the picture you'd asked me to send. We've tried to manually to clear the TPM with 'Clear Security Chip' -button aswell, but that didin't help at all.
01-22-2019 06:12 AM
Today I tried to install Windows 1607 on T480s and L480 it worked really good. Before the installion I cleared the TPM with Clear Security Chip on BIOS. Since they both worked fine on older version, I made a new package with 1809 and tried installion the latest version but on 1809 (like 1803) there were no key protectors and BitLocker didin't active on 1803/1809. On these I also tried to Clear the TPM with Clear Security Chip on BIOS like on 1607. It seems older version works fine on our test computers (T480s and L480) but not latest 1803 or 1809.
I really need to get it working soon.. or I'll need to go with older 1709 (haven't test this one yet).
Any ideas!? Please.
01-22-2019 07:17 AM
have a read through this blog, which appears to be what you're encountering.
note the 2 causes referenced are from Microsoft Japan's technet blog
This problem occurs when the following two conditions are satisfied, and it does not occur when BitLocker is activated using the domain account credentials. We configured BitLocker recovery information to be stored in Active Directory by Group Policy. ( see the note below) You have activated BitLocker using local account credentials.
Can you confirm in your task sequence this is the case? Are you using the built-in Enable BitLocker step or a Run Command Line step calling manage-bde to perform the encryption tasks? If the latter, are you specifying a local account?
01-22-2019 07:39 AM - edited 01-22-2019 07:40 AM
Yes, were using the build-in Enabling for BitLocker. Not a Run Command line to call it.
In options were just checking with the Task Sequence variable "IsLaptop" is true, we also got a "Continue on Error" -option on.
I think in install we're using a Domain Account, not a Local account. I will get back to you on this one.. If I understand corrently, I should be using a domain account to Enabling the BitLocker not a local account, which I think we're doing already.
01-25-2019 05:00 AM
01-25-2019 06:44 AM
We had almost the same issue with activating Bitlocker with SCCM 1806. After updating the boot image with the latest SCCM client version it was working again. Please refer to this link for more information, maybe it will help also fixing the problem you are facing.