cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 1,543
Message 1 of 10

X270 Shutdown Bitlocker

On X270 [Model : 20K5S29H00], with Windows 7 and Legacy Bios [1.19], every time the machine is shutdown it asks for Bitlocker Recovery key. When the machine is restarted, it does not prompt at all. There are no special PCR's configuration. Not sure what else have to be checked in. Any help ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 1,514
Message 2 of 10

Re: X270 Shutdown Bitlocker

Is this the same issue you reported here?  https://forums.lenovo.com/t5/ThinkPad-X-Series-Laptops/X270-Bitlocker-requests-recovery-key-every-ti...

 

Your last update in that thread was that you removed some other software and your problem stopped.  And you tested multiple reboots and shutdowns.

 

What's changed since then?

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 1,512
Message 3 of 10

Re: X270 Shutdown Bitlocker

Hi - Yes, the issue is somewhat similar. But it seems that was not the right solution - Symantec products.

This time there is no change with our image deployments and only thing it happens is only during the shutdown. If i restart everytime all looks good. Can you please confirm if in my boot order before imaging the device, the first one should be the HDD and then followed by others ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 1,508
Message 4 of 10

Re: X270 Shutdown Bitlocker

Yes, in legacy mode, HDD should be the first device in the boot order.

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 1,503
Message 5 of 10

Re: X270 Shutdown Bitlocker

I believe this is the cause of all our problems. In our Boot order, we have the following

1. Windows Boot Manager

2. USD CD

3. USDB FDD

4. NvmE0 Samsung HDD

5. ATA HDD1

 

So do you want us to change the boot order and make NvMe0 Samsung HDD as first ?

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 1,501
Message 6 of 10

Re: X270 Shutdown Bitlocker

It is MSFT's best practice to put HDD as 1st in the boot order.  If you don't do this, then you may get unexpected recovery prompts.  https://technet.microsoft.com/en-us/library/hh831507(v=ws.11).aspx

 

You told me earlier that you are doing legacy boot, but legacy boot does not put a "Windows Boot Manager" entry in the boot order.  So at some point you must have booted a UEFI-enabled OS.  Having this UEFI boot entry for legacy Windows might also cause a problem.  

 
 
kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 1,494
Message 7 of 10

Re: X270 Shutdown Bitlocker

This boot order is from out-of-the box device. As we unpack and went in to BIOS, this is what we found.

 

 

Lenovo Staff
Lenovo Staff
Posts: 5,862
Registered: ‎10-29-2009
Location: NC
Views: 1,487
Message 8 of 10

Re: X270 Shutdown Bitlocker


@kuvinod7 wrote:

This boot order is from out-of-the box device. As we unpack and went in to BIOS, this is what we found.

 

 


Right, and you will have to change the boot order as per MSFT's best-practice for deploying BitLocker.  It can be done in a remote/automated way by using WMI:  https://support.lenovo.com/us/en/solutions/ht100612

Highlighted
arodriguezrccl
Serial Port
Posts: 30
Registered: ‎03-31-2016
Location: US
Views: 1,463
Message 9 of 10

Re: X270 Shutdown Bitlocker

I have just spent the last 3 days working on this same issue.  This is only a suggestion and let us know what happens.  So far is working on the machines that I am still testing today on windows 7x64 T470 and X270.

 

*Make sure you have updated the bios to the latest version.

 

Set the TPM 1.2

Secure boot disabled

UEFI\LEGACY = BOTH = LEGACY FIRST

 

This is what everyone suggest

 

What I changed today is that I set in the boot order - Hard drive first.

remove the windows boot manager to the end of the list.

 

So far I am testing 6 machines with different boot options and I have not received the bitlocker key request since I have made the change.

 

Let me know what happens.  crossing fingers.

kuvinod7
Punch Card
Posts: 62
Registered: ‎07-19-2017
Location: US
Views: 1,461
Message 10 of 10

Re: X270 Shutdown Bitlocker

Hey - Yes, this is what we did and it worked without any issues.

Check out current deals!


Shop current deals

Top Kudoed Authors