Deploying BitLocker via SCCM 2107 - TPM issue
Hello,
I am deploying BitLocker via SCCM (version 2107). I have several laptops of different brands, everyone have TPM 2.0, Windows 10 22H2. I created BitLocker Management policy which should encrypt only system partition. At first run everything work properly but when I decrypt drive using "manage-bde -off "C"' and try encrypt again I received notification about problem with TPM.
When I deploy policy (sometimes, not every time) on these laptops I received notification:
"BitLocker could not be enabled.The BitLocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken. If this computer does not have a TPM, verify that the USB drive is inserted and available.C: was not encrypted."
TPM is clear and ready to use.
I don't use USB drive. Setting "Allow BitLocker without a compatible TPM" isn't enabled. This setting is set to "Do Not Allow" - but it doesn't matter, I tried any available option.
Sometimes when I return to work after a few hours after the error occurs, the disk is encrypted even though nothing has changed. I don't see any logical connections here. I tried clear TPM, unblock TPM and Initialize TPM separately and together, but it doesn't help. When I encrypt drive manually problem doesn't ocure.
I found posts with similar cases, but nowhere did I find a solution. Does anyone have any ideas?
Thank you in advance