07-21-2017 10:02 AM
The part that really has me stumped is that you can ignore the recovery prompt, reboot the system, and then you won't see the recovery prompt. I don't understand how that is possible, and can't explain it.
So let me make sure that I completely understand what you are saying:
1. deploy Win7
2. turn on bitlocker
3. shutdown windows
4. turn on the computer <-- recovery prompt happens here
5. don't enter recovery key, instead, just press power button to turn off the computer
6. turn on the computer again <-- this time, no recovery key, and Windows boots successfully
Is my understanding correct?
07-21-2017 12:58 PM
This is the process we follow
Using SCCM Task Sequence.
Install OS and apply required drivers
Install MBAM Client
Start the Bitlocker Encryption
Can you describe where reboots happen in the above process?
Can you show a screenshot of your Task Sequence order in the SCCM console?
07-21-2017 01:35 PM
07-24-2017 04:46 AM
Can you please try an experiment to remove the BitLocker steps from your TS, deploy the PC, and then manually do the BitLocker steps post-deployment? If you do this, does the unexpected recovery prompt still happen?
07-24-2017 06:21 AM
Yes. we tested that as well. Just installed the MBAM agent and after the OS is up and running we started to encrypt the drives. It still asking for Bitlocker Recovery key. We are running out of ideas now
07-24-2017 06:33 AM - edited 07-24-2017 06:35 AM
I'm also running out of ideas. Something is changing the partition or boot sequence only for that initial reboot, but it doesn't happen here. Can you please test another deployment and skip the following steps in the TS:
- Symantec Endpoint Protection
- Check Point Endpoint Security
- Symantec DLP