Boot WIM Woes

Matt Dillon 1,226 Reputation points
2021-10-26T14:43:49.487+00:00

My advice to everyone I meet learning SCCM is to not mess with the Boot.wim. This advice has proven itself true yet again. I recently updated one of my clients' SCCM to 2107 and updated the ADK to the latest Windows 11 version. Everything was Kool and the Gang for about a week until an issue with a particular model laptop from DELL. It kept failing on Pre-Provision BitLocker. I assumed operator error for a few days, but the problem persisted. I Google-fu'd the error and found that the new Windows 11 ADK may be to blame. There was a workaround offered that I tried 3 different ways with no success. The next advice was to installed ADK 2004 and that this will solve the issue. I figured - okay - how hard can this be?

Well, I uninstalled the Windows 11 ADK and ADK PE add-on and rebooted. Then I installed Windows 10 2004 ADK and rebooted. Then installed Windows 10 ADK 2004 and rebooted. I then went to redistribute and reload the Windows ADK and everything fails. OK. Maybe the boot.wim cannot go backwards. I try using CopyPE and that fails. I try copying an older boot.wim and that fails. I have no working boot.wim x86 or x64 at this point and am at a loss as to what to do next except reload Windows 11 ADK/ADK PE and at least be able to image the other items.

If anyone has any thoughts, I am willing to try anything at this point.

Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
1,028 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Matt Dillon 1,226 Reputation points
    2021-10-28T20:35:56.237+00:00

    Groan. User Error. I added the Command Line step before Pre-Provision and it worked immediately. reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\TPM" /v OSManagedAuthLevel /t REG_DWORD /d 2 /f

    Referenced here: https://learn.microsoft.com/en-us/answers/questions/534686/windows-adk-for-windows-11-breaks-bitlocker-in-win.html

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,781 Reputation points MVP
    2021-10-26T18:02:44.693+00:00

    It sounds you should open MS ticket if you think the ADK 11 is buggy. Do you actually have old Boot.wim file as back up, what happends when you import it as additional image? What errors, error messages and maybe smspxe.log or smsts.log you are experiencing when you say it is failing?

    As a work around, how about just forget about pre-provisoning bitlocker, and let it encrypt after the TS is finished? With SSD pre-provisioning is not critical anymore, with SSD it will be much faster at the end. Also, if you want make sure your end users are extra happy about the bitlocker, disable pre-provisioning and at the Enable Bitlocker step just enable the option it will stay there until encryption is finished. Or use manage-bde commands there.

    0 comments No comments

  2. Matt Dillon 1,226 Reputation points
    2021-10-28T13:36:29.837+00:00

    I have the actual laptop in hand and can report back my results shortly.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.