Automated Bitlocker Deployment Issues
Hi All,
I am having an issue trying to deploy Bitlocker via a script in our imaging process, we tested on previous models we have and the script works fine. For some reason, we are testing our FY20 computer models (Lenovo X390 and L490) and the script runs as the last task and works but it seems that it is registering a change in the system right after the restart because it is asking for the recovery key on startup.
If I omit the BitLocker script and run it from the GUI or run the script that is run during the imaging process, it runs without issue.
For a while, I was able to reset the BIOS settingz, change a few things (secure boot, UEFI/Legacy settings), rerun the image and it would work, but if I ran the image a second time without changing anything, it would run into the same issue of asking for the BL key.
Has anyone seen or ran into anything like this when using Bitlocker.
-Wil
Answers (1)
The new Bitlocker TPM 2.0 only works with UEFI, make sure you are indeed booting from a UEFI source and make sure this is a UEFI compatible image.
Unfortunately, we need Secure Boot Disabled.
And the same Image+tasks work fine on a different hardware???
I was googling around, and it seems that some BIOS versions might a have a setting totally not related to BitLocker that could trigger this type of behavior....
e.g.
https://www.dell.com/support/article/us/en/04/sln304584/bitlocker-asks-for-a-recovery-key-every-boot-on-usb-c-thunderbolt-systems-when-docked-or-undocked?lang=en
https://www.reddit.com/r/sysadmin/comments/8ra7rv/bitlockered_pc_asks_for_recovery_key_every_time/