Windows ADK for Windows 11 breaks Bitlocker in WinPE with some models (MECM/SCCM)

Jouni Mikkola 1 Reputation point
2021-08-31T16:11:45.047+00:00

After upgrading to ADK for Windows 11, SCCM task sequence step "Pre-Provision Bitlocker" fails with error: Failed to take TPM ownership. This only affects some models, such as HP Elitebook 830 G8. Tested with multiple laptops. Other users on Reddit have seen similar behavior. See thread https://www.reddit.com/r/SCCM/comments/pao0uo/task_sequence_step_preprovision_bitlocker_fails/

Verified ADK TPM permissions , rebuilt boot image, updated BIOS, cleared TPM, set TPM steps to ready state for pre-provision etc.

Downgrading to Windows ADK for Windows 10 2004 solved the issue. Anyone else seen anything like this yet?

Some logs:
Set command line: OSDOfflineBitlocker.exe /enable /drive:%OSDisk% /ignoretpm:False /full:False /crypt:7 TSManager 23.8.2021 15.18.03 1304 (0x0518)
Start executing the command line: OSDOfflineBitlocker.exe /enable /drive:%OSDisk% /ignoretpm:False /full:False /crypt:7 TSManager 23.8.2021 15.18.03 1304 (0x0518)
!--------------------------------------------------------------------------------------------! TSManager 23.8.2021 15.18.03 1304 (0x0518)
Expand a string: WinPE TSManager 23.8.2021 15.18.03 1304 (0x0518)
Executing command line: OSDOfflineBitlocker.exe /enable /drive:%OSDisk% /ignoretpm:False /full:False /crypt:7 with options (0, 4) TSManager 23.8.2021 15.18.03 1304 (0x0518)
==============================[ OSDOfflineBitlocker.exe ]============================== OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Running module version 5.0.9049.1000 from location 'X:\sms\bin\x64\OSDOfflineBitlocker.exe' OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Command line: "OSDOfflineBitlocker.exe" /enable /drive:C: /ignoretpm:False /full:False /crypt:7 OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Initialized COM OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Command line for extension .exe is "%1" %* OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Set command line: "OSDOfflineBitlocker.exe" /enable /drive:C: /ignoretpm:False /full:False /crypt:7 OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
User specified valid encrypt method value: xts_aes256 OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Target drive is C: OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Initializing TPM... OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm is enabled OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm is activated OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm is not owned OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm ownership is allowed OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm has compatible SRK OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Tpm has EK pair OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Initial TPM state: 55 OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Creating TPM owner authorization value OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Taking ownership of TPM OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
uStatus == 0, HRESULT=80070002 (..\tpm.cpp,645) OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
'TakeOwnership' failed (2147942402) OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
pTpm->TakeOwnership(sOwnerAuth), HRESULT=80070002 (offlinebitlocker.cpp,204) OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
The system cannot find the file specified. (Error: 80070002; Source: Windows) OSDOfflineBitLocker 23.8.2021 15.18.03 908 (0x038C)
Process completed with exit code 2147942402 TSManager 23.8.2021 15.18.03 1304 (0x0518)
!--------------------------------------------------------------------------------------------! TSManager 23.8.2021 15.18.03 1304 (0x0518)
Failed to run the action: Pre-provision BitLocker. Error -2147024894 TSManager 23.8.2021 15.18.03 1304 (0x0518)

Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
990 questions
0 comments No comments
{count} votes

8 answers

Sort by: Most helpful
  1. John Osti 1 Reputation point
    2021-10-12T06:08:42.837+00:00

    I did try the fix works fine when building via PXE or USB media, but when OSD imaging inside windows with USMT I receive the same error. Anyone else having this issue.?

    0 comments No comments

  2. Matt Dillon 1,216 Reputation points
    2021-10-26T18:30:55.123+00:00

    The workaround is not working on a DELL Precision 7510 or 7520. I tried adding the Key Storage setting in BIOS and that failed as well. Client is sending me the laptop so I can try everything on my own instead of relying on info sent to me via email.


  3. Jonathan Conway 36 Reputation points
    2021-11-24T18:49:51.967+00:00

    Having the same issue with a couple of customers. Is there any news on when a fix might be released? Would it be helpful or wasteful to raise a support ticket for this?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.