4,608 questions
Mmm ... wasnt that error being fixed with this command ? something to do with the ownership
reg.exe add HKLM\SOFTWARE\Policies\Microsoft\TPM /v OSManagedAuthLevel /t REG_DWORD /d 2 /f
OSD PRE-PROVISION BITLOCKER FAILS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 13%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Steve Stone
25
Reputation points
I have upgraded my Config Manager to 2309 and ADK to newest. Once I did I started getting failure in the task sequence pre-provision step. Below is the log of step. I also went into command prompt once the task failed and ran manage-bde -on c: manually and it failed with this error "the system cannot find the file specified." Error 0x80070002. Not sure how to fix.
Initializing TPM... OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is enabled OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is activated OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm is not owned OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm ownership is allowed OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm has compatible SRK OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Tpm has EK pair OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Initial TPM state: 55 OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Creating TPM owner authorization value OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Taking ownership of TPM OSDOfflineBitLocker 11/27/2023 5:15:54 PM 588 (0x024C)
Volume C: is a valid target. OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Target drive C: is not same as OS drive. OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Start enabling BitLocker offline ... OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Encrypting used disk space OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Using default disk encryption method setting provided by OS OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Command line for extension .exe is "%1" %* OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Set command line: "X:\Windows\system32\manage-bde.exe" -on C: -used OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Executing command line: "X:\Windows\system32\manage-bde.exe" -on C: -used with options (0, 0) OSDOfflineBitLocker 11/27/2023 5:15:55 PM 588 (0x024C)
Process completed with exit code 2147942402 OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
ulExitCode == 0, HRESULT=80004005 (K:\dbs\sh\cmgm\1026_005344\cmd\w\src\client\OsDeployment\OfflineBitlocker\offlinebitlocker.cpp,133) OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
Failed to run command line 'X:\Windows\system32\manage-bde.exe -on C: -used' with exit code 2147942402 OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
COfflineBitLocker::Enable(argInfo.sDrive, argInfo.bFullDisk, argInfo.dwEncryptMethod), HRESULT=80004005 (K:\dbs\sh\cmgm\1026_005344\cmd\w\src\client\OsDeployment\OfflineBitlocker\main.cpp,493) OSDOfflineBitLocker 11/27/2023 5:15:57 PM 588 (0x024C)
Microsoft Security | Intune | Configuration Manager | Other
2 answers
Sort by: Most helpful
-
Rudy Ooms 701 Reputation points MVP2023-11-28T19:30:02.45+00:00 -
Steve Stone 25 Reputation points
2023-11-28T19:33:40.0333333+00:00 I tried that and did not work. This is dealing with manage-bde failing not tpm ownership.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 85%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Paul Peyker 0 Reputation points2023-11-29T17:41:45.61+00:00 Hi,
This is not working at all, i guess it is a bug, or maybe they have a reason todo so..
But the ADK PE Part with Version 10.0.25398 is nut supported for SCCM and W11
This is the Server 23H2 Version
I will rollback my ADK an PE to 10.0.22621, and wait until they Support it official, or maybe depending on my time i will open a Support case
Never the less i got it running..
This as TS Step does the trick
reg.exe delete HKLM\SYSTEM\CurrentControlSet\Control\MiniNT /fmanage-bde -on C: -used -em xts_aes256reg.exe add HKLM\SYSTEM\CurrentControlSet\Control\MiniNT /fOSDOfflineBitlocker.exe /enable /disk:0 /part:3 /ignoretpm:False /full:False /crypt:7and you have to replace the pre-provisioning Bitlocker step with it ...
At this Point the Encryption is starting, but no TPM as protector is enabled, so take care that after the OS is applied the Protector gets correctly enabled
But i like to be on the supported way, so i will not use it in production, and will use the Oktober ADK until something changes..
Regards
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 92%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Paul Andrews 0 Reputation points2023-12-01T15:59:42.08+00:00 We're started seeing this problem the other day as well. Similar issue, however I had a technician open the command prompt and try to execute;
X:\Windows\System32\manage-bde.exe -on C: -used
and the following error was returned;
ERROR: An error occurred (code 0x80070002): The system cannot find the file specified. NOTE: If the -on switch has failed to add key protectors or start encryption, you may need to call “manage-bde -off” before attempting -on again.
I found this article - https://drivestrike.com/solution-for-bitlocker-error-the-system-cannot-find-the-file-specified/ which says the likely cause of the error is a corrupt or unreadable ReAgent.xml file, located in C:\Windows\System32\Recovery\ReAgent.xml. This file does not exist on the boot media, but I also checked previous boot media and don't see it in there so not sure what is up. Don't think this file gets created until the OS is laid down, so not sure what is impacting the Pre-provisioning phase.
Any assistance would be greatly appreciated.
-
Steve Stone 25 Reputation points
2023-12-01T16:05:36.2233333+00:00 I put in a case with Microsoft and yesterday they told me that the new ADK with OS Version 10.0.25398.1 is not compatible with Config MGR 2309 and they are working on a fix.
-
Paul Andrews 0 Reputation points
2023-12-01T16:52:11.05+00:00 Lovely, did they say what the work around is? For you is this issue just impacting Windows 11 or have you seen issues with Windows 10?
I'll get a case in as well can't hurt to have more people reporting the issue. Care to share your case number so they can reference if needed?
-
Steve Stone 25 Reputation points
2023-12-01T17:03:05.7133333+00:00 Not tried with 10 just going 11 from here on out. They said only work around was go back to older ADK. Ticket ID is 2311280040014747
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Anthony Meluso 31 Reputation points2023-12-06T15:49:04.23+00:00 They should put some type of warning on that ADK download page so people don't go updating to that version. I knew there was something odd with that version number.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 87%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RobinCM 91 Reputation points2023-12-15T17:38:43.0266667+00:00 Same problem here. Hope this gets sorted soon.
Sign in to comment -