Windows 11 24H2 26100.1150 SysPrep /generalize breaks BitLocker functionality

Krzysztof Gajda 60 Reputation points
2024-07-27T11:01:07.64+00:00

I'm using SysPrep for years, currently with Windows 10 22H2 19045.4529 and Windows 11 23H2 22631.3737 I have no problems at all.

Today I've tried to prepare deploy image using Windows 11 24H2 26100.1150.

Steps:

  1. Start fresh install of Windows 11 24H2 26100.1150. then enter in audit mode (CTRL+SHIFT+F3)
  2. do things (Firefox, Thunderbird, some tweaking etc)
  3. run sysprep /oobe /generalize /shutdown
  4. capture the image, deploy to test device

System boots ok, WU works well (updates and drivers), then I've enable BitLocker then reboot and Windows was unable to boot (system repair starts)

I've tried the same steps 1-4 using Windows 11 23H2 22631.3737 iso image and after enabling BitLocker I did restart and everything works fine (Windows boot normally)

Next I went back to fresh instance Windows 11 24H2 26100.1150 and after audit I did 1-4 steps, but in 3rd step sysprep without "/generalize" (sysprep /oobe /shutdown) and I repeated test (enabling BitLocker in deployed image) and this time Windows 11 24H2 boots normally, but SID of this instance remains unchanged (lack of /generalize step).

I think that there is a bug in sysprep generalize step in 24H2 26100.1150 regards bitlocker subsystem (the /generalize step did something that render bitlocker unusable)

Regards

Chris

Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

Accepted answer
  1. Anonymous
    2024-07-30T10:46:11+00:00

    Found the same issue but I have a workaround. There is an issue with the BCD configuration.

    After the Sysprep, I've added these 3 lines in the script WINDIR%\Setup\Scripts\SetupComplete.cmd :

    • bcdedit -set {current} osdevice partition=C:
    • bcdedit -set {current} device partition=C:
    • bcdedit -set {memdiag} device partition=\Device\HarddiskVolume1

     Of course, the lines can be a bit different depending on your disk configuration.

    This leaves me with a strong impression that this version of Win 11 has not been tested properly.

    7 people found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Tomasi Jürgen - ZID 25 Reputation points
    2025-01-10T15:31:07.1266667+00:00

    I had the same problem with build 2605 (Windows 11 Enterprise LTSC 2024 / 24H2). BSOD after sysprep /generalize /oobe. Because the solution above did not work for me, i fully disabled Bitlocker before sysprep - i added the following lines in my RunSysprep.cmd for automation:

     net stop bdesvc
    
     sc config BDESVC start=disabled
    

    After this change a reboot without BSOD was possible. After deployment i re-enabled the bitlocker service in the startup phase.

    5 people found this answer helpful.

  2. HYPE0215 5 Reputation points
    2025-06-11T14:25:19.63+00:00

    I was also bothered by this problem, but I solved it.

    I verified it with Windows 11 Enterprise LTSC 2024, but I hope it is also solved for normal Win11 24H2.

    1. Install LTSC 2024 (or 24H2) from ISO on a Hyper-V VM.
    2. Enter audit mode.
    3. Then apply the June 2025 cumulative update KB5060842 (OS Build 26100.4349) through Windows Update.
    4. Run Sysprep (with "Generalize" checked).
    5. When you boot the generalized image, the BCD configuration remains normal ("device partition=C:").
    6. After enabling BitLocker, I was able to confirm that Windows boots normally when rebooted.

    The "Improvements" section of the release notes for the May 2025 preview update KB5058499 (OS Build 26100.4202) states that another issue with BitLocker has been resolved. Perhaps this issue with Sysprep and BitLocker has also been indirectly resolved.

    May 28, 2025—KB5058499 (OS Build 26100.4202) Preview

    However, if you have already generalized an image that does not have the June 2025 update applied and deployed it to a device, you should be careful. Even if you later apply the June 2025 update on that device, it does not seem to fix the BCD configuration.

    In that case, you'll need to manually fix the BCD configuration, or apply the June 2025 or later updates to your golden image, then run Sysprep and redeploy the image to the device. Then you can enable BitLocker as usual.

    Run Sysprep before the update:

    C:\Users\Administrator>ver
    Microsoft Windows [Version 10.0.26100.1742]
    C:\Users\Administrator>bcdedit /enum
    Windows Boot Manager
    --------------------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    path                    \EFI\Microsoft\Boot\bootmgfw.efi
    description             Windows Boot Manager
    locale                  ja-JP
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {551382cf-46bf-11f0-b916-b12fc3d99bac}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
    Windows Boot Loader
    --------------------------------
    identifier              {current}
    device                  locate=\WINDOWS\system32\winload.efi
    path                    \WINDOWS\system32\winload.efi
    description             Windows 11
    locale                  ja-JP
    inherit                 {bootloadersettings}
    recoverysequence        {551382d3-46bf-11f0-b916-b12fc3d99bac}
    displaymessageoverride  Recovery
    recoveryenabled         Yes
    isolatedcontext         Yes
    allowedinmemorysettings 0x15000075
    osdevice                locate=\WINDOWS
    systemroot              \WINDOWS
    resumeobject            {551382cf-46bf-11f0-b916-b12fc3d99bac}
    nx                      OptIn
    bootmenupolicy          Standard
    

    Run Sysprep after the update:

    C:\Windows\System32>ver
    Microsoft Windows [Version 10.0.26100.4349]
    C:\Windows\System32>bcdedit /enum
    Windows Boot Manager
    --------------------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    path                    \EFI\Microsoft\Boot\bootmgfw.efi
    description             Windows Boot Manager
    locale                  ja-JP
    inherit                 {globalsettings}
    isolatedcontext         Yes
    default                 {current}
    resumeobject            {8663d6ed-469e-11f0-b76d-00155d0bfe17}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
    Windows Boot Loader
    --------------------------------
    identifier              {current}
    device                  partition=C:
    path                    \WINDOWS\system32\winload.efi
    description             Windows 11
    locale                  ja-JP
    inherit                 {bootloadersettings}
    recoverysequence        {8663d6f1-469e-11f0-b76d-00155d0bfe17}
    displaymessageoverride  Recovery
    recoveryenabled         Yes
    isolatedcontext         Yes
    allowedinmemorysettings 0x15000075
    osdevice                partition=C:
    systemroot              \WINDOWS
    resumeobject            {8663d6ed-469e-11f0-b76d-00155d0bfe17}
    nx                      OptIn
    bootmenupolicy          Standard
    
    1 person found this answer helpful.
    0 comments No comments

  3. Михаил Глушко 0 Reputation points
    2025-05-28T05:22:03.01+00:00

    Run CMD. Put command and reboot after

    manage-bde -off C:
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.