English Community

ThinkPad NotebooksThinkPad: T400 / T500 and newer T series Laptops
All Forum Topics
Options

13 Posts

03-28-2014

San Francisco

17 Signins

89 Page Views

  • Posts: 13
  • Registered: ‎03-28-2014
  • Location: San Francisco
  • Views: 89
  • Message 1 of 10

T470s Bitlocker Problem

2017-05-12, 19:01 PM

I've just gotten my hands on a new T470s and I'm having trouble getting Bitlocker working on Windows 10 (Enterprise). Everything seems fine, Bitlocker's hardware test succeeds, but on reboot Windows throws an error saying "The Bitlocker encryption key could not be obtained from the TPM".

 

I've cleared the TPM, disabled and re-enabled it, everything I can think of. We are a shop full of T-series laptops and have at least a dozen T460s machines where Bitlocker works just fine.

 

Any thoughts?

Solved! See the solution
Reply
Options

1 Posts

05-15-2017

US

2 Signins

36 Page Views

  • Posts: 1
  • Registered: ‎05-15-2017
  • Location: US
  • Views: 36
  • Message 2 of 10

Re: T470s Bitlocker Problem

2017-05-15, 15:39 PM

Having the same issue with the TPM 2.0. Asking for a bitlocker key everytime I reboot the machine. I've ran all windows, Lenovo updates (BIOS), and everything else before I even enabled bitlocker. It asks each time I reboot, I've cleared the TPM, suspended and restarted. The T460s' we have been ordering have come with the option to use discreet TPM instead of the Intel TPM and it allows the C drive to stay encrypted without asking for the recovery key after every restart. Never had an issue with bitlocker to this extent. It is on Windows 10 fyi, any help would greatly be appreciated.

Reply
Options

13 Posts

03-28-2014

San Francisco

17 Signins

89 Page Views

  • Posts: 13
  • Registered: ‎03-28-2014
  • Location: San Francisco
  • Views: 89
  • Message 3 of 10

Re: T470s Bitlocker Problem

2017-05-18, 22:16 PM

My issue is (was) different - I couldn't get encryption to start. But I figured out the issue; these machines need to have BIOS set to UEFI only and Secure Boot enabled. Once I changed those settings it worked perfectly.

0 person found this solution to be helpful.

This helped me too

Reply
Options

5 Posts

06-01-2017

US

12 Signins

80 Page Views

  • Posts: 5
  • Registered: ‎06-01-2017
  • Location: US
  • Views: 80
  • Message 4 of 10

Re: T470s Bitlocker Problem

2017-06-01, 18:48 PM

I am also having this issue with the T470. We have T460's that are fine (using TPM 1.2, Discrete TPM, Secure boot: disabled, Both Legacy and UEFI boot, Windows 10 Enterprise).I am using these same settings to image the T470 and set bitlocker in the task sequence from SCCM 2012, but everytime it boots, it prompts for the recovery key instead of the PIN. The only difference is TPM 2.0 on the T470.


I have tried different BIOS settings (and have the latest BIOS), I have turned bitlocker on and off, etc. but the problem remains.


I see that Dell has released an utility to downgrade their chip from 1.2 to 2.0, but I need to find a solution for these Lenovos.


Can anyone help with the correct settings? It didn't think it was a requirement to set the BIOS to UEFI and enable secure boot for TPM 2.0 - any advice?
Thanks

 

Reply
Options

2 Posts

06-06-2017

US

5 Signins

43 Page Views

  • Posts: 2
  • Registered: ‎06-06-2017
  • Location: US
  • Views: 43
  • Message 5 of 10

Re: T470s Bitlocker Problem

2017-06-06, 19:22 PM

Having the same issue with Lenovo ThinkPad T470. After installing our Windows 10 x64 Enterprise software and enabling BitLocker everytime system is restarted or freshly booted I am prompted to enter BitLocker's 36 character recovery key. Tried several times suspending BitLocker and resuming protection but still prompted for recovery key.

 

Tried several different BIOS settings and rebuilt system several time with 2 different issues happening.

 

Set in BIOS Secure Boot only with UEFI only. Rebuilt system, installed Lenovo system update and did updates. When system rebooted started System Recovery.

 

Disabled Thunderbolt and rebuilt system, installed Lenovo system updates. When restarted the system started System Recovery.

 

Not sure what else to try. Anyone else having the issue with BitLocker find the right BIOS settings to work correctly with BitLocker?

 

This is marked solved, but I don't see a true fix for the issue.

Reply
Options

1 Posts

06-14-2017

US

1 Signins

11 Page Views

  • Posts: 1
  • Registered: ‎06-14-2017
  • Location: US
  • Views: 11
  • Message 6 of 10

Re: T470s Bitlocker Problem

2017-06-14, 18:46 PM

That didn't work for me. I turned off TPM instead. Bitlocker for Win10 will work without it.

I'd prefer to use TPM, but will wait until Lenovo puts out a TPM downgrade to 1.2 or BIOS update to fix it.

Reply
Options

52 Posts

02-03-2016

Germany

75 Signins

488 Page Views

  • Posts: 52
  • Registered: ‎02-03-2016
  • Location: Germany
  • Views: 488
  • Message 7 of 10

Re: T470s Bitlocker Problem

2017-06-16, 10:07 AM

I can only recommend using TPM 2.0 instead of 1.2 when possible.

 

I had lots of different Lenovo systems fail randomly with Windows 10 1703 Enterprise when TPM 1.2 was in use.

And Device Health Attestation in SCCM 1702 seems to work with TPM 2.0 only as well.

 

T550: Randomly cannot retrieve the BitLocker Key from TPM 1.2 (never had this issue with TPM 2.0 on these, switching all to TPM 2.0 now)

M900: Hangs everytime on first boot with a BitLocker error (TPM 2.0 option missing in BIOS, and Lenovo cannot reproduce the issue :/)

P310: at least two machines had issues to retrieve the BitLocker key from TPM 1.2 - switched all to TPM 2.0 now - never had any issues again

 

 

Reply
Options

21 Posts

11-20-2017

AT

32 Signins

370 Page Views

  • Posts: 21
  • Registered: ‎11-20-2017
  • Location: AT
  • Views: 370
  • Message 8 of 10

Re: T470s Bitlocker Problem

2017-11-22, 9:55 AM

Good Morning,

We encounter the same issues, but currently trying to get Bitlocker enalbed with the Windows 7 OS.

Somehow we think the BIOS is the issue, can anybody ack that?
We try to update the BIOS from 1.54 or 1.56 to the current 1.58. It does the BIOS, but does not change the Embedded Controller firmware. Once we did the BIOS Update, we are not able to rerun the BIOS update to get the EC to be updated (not even with the USB-Image) supplied.

Somehow if we do this process manually with the TVSU, it does both?

The GPO ist set to backup the RecoveryKeys to the AD and not to start the encryption before that state.
The Script enables TPM, takes TPM Ownership, sets protectors and enables BT.

The issues vary a lot:
A) Everything works fine, BT RKeys are transfered to the AD, even after some days no issues.

B) Bitlocker ist enabled and active, but the BT RKeys are not transfered. 
C) Bitlocker can not be enabled due to TPM issues (verifying shows TPM on an and TO is set)..?
D) Bitlocker is enabled and active, BT RKeys are transfered. BUT after 1-2 days the device boots into the
RecoveryScreen, requires the BT RKs - no changes to the system.

any ideas? Due to Windows 7, we have to use TPM 1.2 and Legacy boot.

We are looking forward hearing from you! Thank you for your asisstance.

Reply
Options

12 Posts

12-10-2015

IT

21 Signins

152 Page Views

  • Posts: 12
  • Registered: ‎12-10-2015
  • Location: IT
  • Views: 152
  • Message 9 of 10

Re: T470s Bitlocker Problem

2019-03-19, 17:35 PM

GoodMorning

I'm still struggling with a Lenovo T470 laptop.

I just want to enable Bitlocker saving the key to a network share and to AD, has we do with every laptop.

BitLocker doesn't work due TPM 2.0.

It always asks me to save the key to a USB key, no other options.

I set up the bios password, I used the srsetupwin64.exe tool, it says It changed to 1.2 TPM version and asks for reboot... but after reload nothing is changed.

 

I have dozens of Lenovo laptops that are behaving this way.

Is it possibile there is no solutions from Lenovo?

 

Please, any help is appreciated

 

Regards

 

 

Reply
Options

6641 Posts

10-29-2009

NC

17702 Signins

163137 Page Views

  • Posts: 6641
  • Registered: ‎10-29-2009
  • Location: NC
  • Views: 163137
  • Message 10 of 10

Re: T470s Bitlocker Problem

2019-03-19, 18:45 PM

If BitLocker doesn't work with TPM 2.0, it means you deployed Windows the wrong way.  Make sure you are using UEFI boot on a GPT partition.  Then TPM 2.0 will work.  It won't work with legacy boot.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms