"Enable Bitlocker" in Task Sequence do not "Wait for Bitlocker to complete... before.. continues..." even if option is selected.

Chaput, Dominique 96 Reputation points
2021-06-02T14:04:23.7+00:00

The "Enable Bitlocker" task as been placed near the End of the Task Sequences, and the option to "Wait for Bitlocker to complete the drive encryption..." has been checked, but despite this we see that the task does not wait for the encryption to be completed before continuing to the nex task.

The result is that when the TS is completed, we run a QA script and the script still detects that the disk encryption is not complete.
But the process of encryption is running...

In the SMSTS.LOG we can see the Bitlocker task which runs in less than a few seconds and moves on to the next task.
So it doesn't wait for encryption to finish even if the option has been checked !!

Has anyone ever encountered this ?

(SCCM Version 1910)

Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
975 questions
0 comments No comments
{count} votes

Accepted answer
  1. Chaput, Dominique 96 Reputation points
    2021-07-08T11:23:52.243+00:00

    We ended up using the Powershell command (Get-Bitlockervolume) in the task sequence, and the WMI command (That can run without Admin rights) when the QA is run outside the task sequence.

    Thanks @Colin Ford for your help.


6 additional answers

Sort by: Most helpful
  1. Colin Ford 1,026 Reputation points
    2021-06-02T20:36:18.423+00:00

    A few questions

    • When did this start happening? Did it used to work?
    • Is it for all hardware models or a specific model?
    • Can you post a snippet of the smsts.log for the Enable Bitlocker step where this occurs?

    -Colin

    0 comments No comments

  2. Chaput, Dominique 96 Reputation points
    2021-06-03T12:30:17.213+00:00

    It is on all model computer.
    Here is the step with the option activated:
    102131-tsbitlocker.png

    And this is where the step is running in the SMSTs.log:
    102090-2021-06-02-09h17-02.png

    0 comments No comments

  3. Colin Ford 1,026 Reputation points
    2021-06-03T20:52:45.077+00:00

    That looks like an extract from an exported task sequence's object.XML. smsts.log is generated on the local device when you build a machine, and you should find it in C:\Windows\ccm\logs right after you build a machine. If you open it with cmtrace.exe it will let us see whether the action is even running or returning an error.

    0 comments No comments

  4. Chaput, Dominique 96 Reputation points
    2021-06-04T11:11:23.483+00:00

    Sorry, my mistake, I did not share the correct section of the SMSTS.log. Thanks you, you guided me to the correct section... Here it is (Attachment). Maybe the problem is not with the TS... we have a QA script executed at the end of the sequence, this script validates if Bitlocker is active and the disk is fully encrypted. If this script is executed after the TS in a user session, it does not report any error, but it seems that when executed in the TaskSequence it does not detect that the disk is completely encrypted.

    The command used in the script is:

    if(Get-WmiObject -Class win32_battery){If ((New-Object -ComObject Shell.Application).NameSpace('C:').Self.ExtendedProperty('System.Volume.BitLockerProtection') -eq "1"){Return "Activé"}Else{Return "False"}}Else{Return "Non requis (Il ne s'agit pas d'un portable)"}

    I will test it while the TS is running to see if it return the correct value...

    102541-smsts-bitlocker.log

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.