OSD PRE-PROVISION BITLOCKER FAILS

Steve Stone 25 Reputation points
2023-11-28T17:47:21.58+00:00

I have upgraded my Config Manager to 2309 and ADK to newest. Once I did I started getting failure in the task sequence pre-provision step. Below is the log of step. I also went into command prompt once the task failed and ran manage-bde -on c: manually and it failed with this error "the system cannot find the file specified." Error 0x80070002. Not sure how to fix.

Initializing TPM... OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is enabled OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is activated OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is not owned OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm ownership is allowed OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm has compatible SRK OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm has EK pair OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Initial TPM state: 55 OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Creating TPM owner authorization value OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Taking ownership of TPM OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Volume C: is a valid target. OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Target drive C: is not same as OS drive. OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Start enabling BitLocker offline ... OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Encrypting used disk space OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Using default disk encryption method setting provided by OS OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Command line for extension .exe is "%1" %* OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Set command line: "X:\Windows\system32\manage-bde.exe" -on C: -used OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Executing command line: "X:\Windows\system32\manage-bde.exe" -on C: -used with options (0, 0) OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Process completed with exit code 2147942402 OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
ulExitCode == 0, HRESULT=80004005 (K:\dbs\sh\cmgm\1026_005344\cmd\w\src\client\OsDeployment\OfflineBitlocker\offlinebitlocker.cpp,133) OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
Failed to run command line 'X:\Windows\system32\manage-bde.exe -on C: -used' with exit code 2147942402 OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
COfflineBitLocker::Enable(argInfo.sDrive, argInfo.bFullDisk, argInfo.dwEncryptMethod), HRESULT=80004005 (K:\dbs\sh\cmgm\1026_005344\cmd\w\src\client\OsDeployment\OfflineBitlocker\main.cpp,493) OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rudy Ooms 601 Reputation points MVP
    2023-11-28T19:30:02.45+00:00

    Mmm ... wasnt that error being fixed with this command ? something to do with the ownership

    reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f

    https://learn.microsoft.com/en-us/answers/questions/534686/windows-adk-for-windows-11-breaks-bitlocker-in-win


  2. Paul Andrews 0 Reputation points
    2023-12-01T15:59:42.08+00:00

    We're started seeing this problem the other day as well. Similar issue, however I had a technician open the command prompt and try to execute;

    X:\Windows\System32\manage-bde.exe -on C: -used

    and the following error was returned;

    ERROR: An error occurred (code 0x80070002): The system cannot find the file specified. NOTE: If the -on switch has failed to add key protectors or start encryption, you may need to call “manage-bde -off” before attempting -on again.

    I found this article - https://drivestrike.com/solution-for-bitlocker-error-the-system-cannot-find-the-file-specified/ which says the likely cause of the error is a corrupt or unreadable ReAgent.xml file, located in C:\Windows\System32\Recovery\ReAgent.xml. This file does not exist on the boot media, but I also checked previous boot media and don't see it in there so not sure what is up. Don't think this file gets created until the OS is laid down, so not sure what is impacting the Pre-provisioning phase.

    Any assistance would be greatly appreciated.