cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Swedish_SCCMGuy
What's DOS?
Posts: 1
Registered: ‎07-26-2017
Location: SE
Views: 2,677
Message 61 of 79

Re: X270 Bitlocker requests recovery key every time

I have this exact same issue with X270 (20k5) here in sweden.

 

On another note: HP 840G3 hade a similar issue just recently and we had to solve this by downgrading the bios. (they came shipped with a bios version that made the bitlocker recovery appear)

 

 

Lenovo Staff
Lenovo Staff
Posts: 5,046
Registered: ‎10-29-2009
Location: NC
Views: 2,670
Message 62 of 79

Re: X270 Bitlocker requests recovery key every time

Swedish_SCCMGuy

 

Can you please post screenshots of tpm.msc and diskmgmt.msc?

Are you seeing recovery prompt at every reboot?  Or only the first reboot?

Also, can you tell me how to reproduce the issue here?

Highlighted
kuvinod7
Punch Card
Posts: 60
Registered: ‎07-19-2017
Location: US
Views: 2,650
Message 63 of 79

Re: X270 Bitlocker requests recovery key every time

Just a quick update. We removed all Symantec products from our TS deployments and also all Software updates. The device imaged without any issues. No bitlocker recovery key prompted so far. Multiple reboots and Shutdown performed. So far looks good. Now installing all the Software updates and verifying. Once it looks good then finally install the Symantec Endpoint and see how it goes. I have a gut feeling that Symantec is causing some problem but it is too early to decide. So would like to test and validate it completely.

Will keep you posted.

 

Since one more user is confirmed, can you check if he has Symantec and WinPE 10 with SCCM 2012 SP1 running ?

DRW1
Fanfold Paper
Posts: 8
Registered: ‎10-02-2015
Location: GB
Views: 2,623
Message 64 of 79

Re: X270 Bitlocker requests recovery key every time

Hi,

 

Have you had any further results? We're still struggling with our T470s, and have aslso found this thread:

https://forums.lenovo.com/t5/Enterprise-Client-Management/T470-20JN-Bitlocker-Problem-with-PCR-5-and...

 

Any connection? Will the BIOS work on our T470s (20JT) also?

Lenovo Staff
Lenovo Staff
Posts: 5,046
Registered: ‎10-29-2009
Location: NC
Views: 2,619
Message 65 of 79

Re: X270 Bitlocker requests recovery key every time

DRW1

 

The other thread about PCR5 is only about Windows installed in UEFI mode, and then, only if the BitLocker default settings are changed to include PCR5.  Are you doing this?

 

I'm confused about what issue you are reporting.  Your recent post was about pressing F1 to enter BIOS setup, and then exiting without saving - this will cause a BitLocker recovery prompt by design (same as all previous ThinkPads).

 

To clarify your configuration, please post a screenshot of tpm.msc and diskmgmt.msc

DRW1
Fanfold Paper
Posts: 8
Registered: ‎10-02-2015
Location: GB
Views: 2,461
Message 66 of 79

Re: X270 Bitlocker requests recovery key every time

All,

 

Just as a bit of closure to my comments / issues on this thread - our problem was eventually resolved with the release of BIOS v1.14 for the T470s model. as soon as the BIOS was at this level the repeated bitlocker recovery prompts ceased - with no other changes to the build image.

 

Thanks for everybodies comments on this thread, it all helped in someway. Smiley Happy

SCCMDownUnder
Paper Tape
Posts: 2
Registered: ‎10-08-2017
Location: AU
Views: 2,032
Message 67 of 79

Re: X270 Bitlocker requests recovery key every time

I am getting all the same symptoms with T470S Skylake edition (20JT) running

 

- Win7

- TPM 1.2

- Legacy Boot only

- BIOS: latest (1.17)

 

After the TS/build completes and the drive encrypts, on next restart I get prompted for recovery key, even if PIN has been set.

 

 

I've used "someotherguy's" dropbox link to use readPCR and can clearly see PCR 05 is changing. The funny thing is it then seems to change back to its original value after a subsequent restart which then prompts another recovery screen (since I suspended and resumed with changed value already). I have no idea why it could be changing, we use the same image for many Lenovo models and this only occurs so far with T470S.

 

Any ideas appreciated. 

Lenovo Staff
Lenovo Staff
Posts: 5,046
Registered: ‎10-29-2009
Location: NC
Views: 2,004
Message 68 of 79

Re: X270 Bitlocker requests recovery key every time


@SCCMDownUnder wrote:

I am getting all the same symptoms with T470S Skylake edition (20JT) running

 

- Win7

- TPM 1.2

- Legacy Boot only

- BIOS: latest (1.17)

 


What's your boot order look like in the F12 menu?  For Win7/legacy, the HDD must be the first device, and there must not be any entry like "Windows Boot Manager" which is only for UEFI OS.

 

 

SCCMDownUnder
Paper Tape
Posts: 2
Registered: ‎10-08-2017
Location: AU
Views: 1,977
Message 69 of 79

Re: X270 Bitlocker requests recovery key every time

Thanks someotherguy, moving the disk (NVMe) to the top of the boot order solves the issue. Curious because I checked some older models (eg X260/X250) and these are fine without this.

There is a "Windows Boot Manager" entry but it seems fine with it being there, just down the list.

Thanks again.
amy1432
What's DOS?
Posts: 1
Registered: ‎10-11-2017
Location: US
Views: 1,920
Message 70 of 79

Re: X270 Bitlocker requests recovery key every time

Same issue here Recovery Key required after every reboot.

Image is legacy

Flex 4-1580 Ideapad Model 80VE

Once bitlocker is enabled the rec key is req after everyreboot.

Also when i try to run lenovo thinkvange updates i get an error while trying to do the bios update "Mount the EFI System Partition fail."

 

Check out current deals!


Shop current deals

Top Kudoed Authors