cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Giraffaman
Fanfold Paper
Posts: 6
Registered: ‎10-07-2019
Location: AT
Views: 127
Message 1 of 5

ThinkPad L590 cannot provision Bitlocker during SCCM task sequence

Hello,

 

As mentioned in this post, we're having deployment issues with one of two identical ThinkPad L590s which were ordere in one batch. While the frist device was deployed successfully including a fully working Bitlocker agent, the second machine cannot enable Bitlocker within the SCCM task sequence.

In smsts.log the following error information is given:

  • "Failed to run the action: Enable BitLocker. 
    BitLocker Drive Encryption cannot be enabled on the operating system drive. Contact the computer manufacturer for BIOS upgrade instructions. (Error: 80310048; Source: Windows)"

After this the only ways to enable Bitlocker at all are either a startup password or using a USB-Stick which is not acceptable and employees will rather leave Bitlocker disabled, which violates our policy.

 

BIOS was upgraded to the latest version (v1.11) but that also didn't help. Any other ideas as to what could be done to preprovision Bitlocker during deployment?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 109
Message 2 of 5

Re: ThinkPad L590 cannot provision Bitlocker during SCCM task sequence

Can you enable BitLocker manually after deployment?  I wonder if this would give you a more helpful error message or clue as to what the problem is.

Giraffaman
Fanfold Paper
Posts: 6
Registered: ‎10-07-2019
Location: AT
Views: 107
Message 3 of 5

Re: ThinkPad L590 cannot provision Bitlocker during SCCM task sequence

After the deployment finishes (Bitlocker provisioning runs as the last step in my sequence), I can boot into Windows and enable Bitlocker for my system drive, but I have to chose between specifying a startup password or using a USB stick at each boot.

Highlighted
Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 99
Message 4 of 5

Re: ThinkPad L590 cannot provision Bitlocker during SCCM task sequence

It sounds to me like you have some misconfiguration in your policies or image that is causing this problem.  I would focus on getting BitLocker to work post-deployment at first.  If you open TPM.msc, does it show a TPM with status "ready for use"?

Giraffaman
Fanfold Paper
Posts: 6
Registered: ‎10-07-2019
Location: AT
Views: 66
Message 5 of 5

Re: ThinkPad L590 cannot provision Bitlocker during SCCM task sequence


@someotherguy wrote:

It sounds to me like you have some misconfiguration in your policies or image that is causing this problem.  I would focus on getting BitLocker to work post-deployment at first.  If you open TPM.msc, does it show a TPM with status "ready for use"?


That was my first thought as well, but as I wrote in my initial post, another device of the same model and type was successfully deployed, including Bitlocker, a mere day before this one. If there would be a problem with the image (which is up to date) or with the task sequence, it would have failed on both devices.

 

TPM says in BIOS "TPM 2.0, enabled" and in Windows tpm.msc shows "ready to use".

 

Problem is now that we ran out of time and had to hand out the notebook to a newly arrived employee already, so I can't test on this devide anymore. Should we encounter this issue in the future I will update this thread or create a new one, possible with a solution we might have found by then. Thank you for your help anyways.

Check out current deals!


Shop current deals

Top Kudoed Authors