Windows 10 Enterprise 2019 LTSC - BitLocker Not Working

ismpearson 1 Reputation point
2020-09-02T13:41:45.967+00:00

Hello,

I am building a Windows 10 Enterprise 2019 LTSC v1809 system using the Windows System Image Manager. I have run into a problem where BitLocker will not run. I get an error that says "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it". I have checked the BitLocker service and although it is set to Manual I can start it without a problem. I did try changing it to Automatic but that did not fix the issue.

If I install the full version of Windows 10 Enterprise 2019 LTSC v1809 BitLocker runs correctly.

So what I am wondering is if anyone knows if there is something specific that needs to be added to my answer file in Windows System Image Manager to get BitLocker to run?

Thanks.

Windows 10 Compatibility
Windows 10 Compatibility
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Compatibility: The extent to which hardware or software adheres to an accepted standard.
453 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,728 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Jenny Feng 14,131 Reputation points
    2020-09-03T02:51:58.353+00:00

    Hi,

    BitLocker in Windows 10 has two requirements in regard to an operating system deployment:

    A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
    Multiple partitions on the hard drive.

    For more information, please refer to the following article:
    https://learn.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker

    Hope above information can help you.
    ---Please Accept as answer if the reply is helpful---

    0 comments No comments

  2. ismpearson 1 Reputation point
    2020-09-15T16:10:48.347+00:00

    Hello,

    Sorry, for the delay, I had lost the link to this page and didn't setup email replies!

    Anyway, so first yes, we have a TPM on this system.

    So when I say full version, I mean I download a copy of Windows 10 Enterprise LTSC v1809 and install it. When I do that i can run BitLocker.

    The issue is when I use the Windows System Image Manager and create the answer file. Then BitLocker does not work.

    I have attached a copy of the Answer File (i have removed the product key).24912-answerfile-09-15-2020-no-key.xml


  3. Sean Liming 4,506 Reputation points
    2020-11-27T17:11:41.723+00:00

    There is no component setting in the answer file that needs to be added for BitLocker to run. The device driver for the TPM chip has to be running. Please make sure you see the TPM driver under Security Feature in Device manager. Also, go to Control Panel->Administrative Tools->Services, and check the settings for BitLocker Drive Encryption Service. Make sure it is running, and set to auto start. If the services is disabled for some reason, the you can add a Pass7 sync command to start teh service using sc.exe.

    Do you see BitLocker Drive Encryption in Control Panel?
    From a command prompt, if you run manage-dbe -on c: -skipthardwaretest, does the encryption process start?

    If you are deploying the image to multiple systems, each system has to run BitLocker since the TPM chip is unique for each system. BitLocker has to be disabled in the master image, and using a Pass7 sync command, you can kick of the encryption using manage-dbe.exe utility. Sometimes BitLocker kicks off automatically for some systems, but that doesn't sound like what is happening here.

    Regards,

    Sean Liming

    0 comments No comments