Dell CCTK (Command and Configure) - Enable and activate TPM (for Credential Guard)
Hi all,
I'm currently facing issues regarding the activation of the TPM in my Scripted install.
I'm using a WinPE 10 Bootimage (with the following packages: WinPE-WMI, WinPE-NetFx, WinPE-PowerShell, WinPE-HTA, WinPE-DismCmdlets, WinPE-Scripting)
After enabling the TPM (using the CCTK), I'm trying to active it using the Dell Command and Configure tooling with this command: "cctk.exe --tpmactivation=activate".
This is returning the following error: "To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated.".
I stumbled accross this blog which holds a powershellscript to determine if the TPM is owned/activated, but it didn't work for me.
I ran the cmdlets manually and it gives me the error "Get-wmiobject: Provider load failure"
Other powershell cmdlets seem to work, so I don't have an idea what might be wrong. Enabling the TPM doesn't provide an issue.
The default Microsoft driver is also loaded and CCTK is used in WinPE to activate the TPM.
Using wbemtest, I see that the class is present on the computer, but it only holds <null> values.
Purpose TPM: I'm trying to active the TPM to protect the keys of Credential Guard.
Does anyone have an idea how I could resolve this?
Thanks in advance!
Regards
I'm currently facing issues regarding the activation of the TPM in my Scripted install.
I'm using a WinPE 10 Bootimage (with the following packages: WinPE-WMI, WinPE-NetFx, WinPE-PowerShell, WinPE-HTA, WinPE-DismCmdlets, WinPE-Scripting)
After enabling the TPM (using the CCTK), I'm trying to active it using the Dell Command and Configure tooling with this command: "cctk.exe --tpmactivation=activate".
This is returning the following error: "To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated.".
I stumbled accross this blog which holds a powershellscript to determine if the TPM is owned/activated, but it didn't work for me.
I ran the cmdlets manually and it gives me the error "Get-wmiobject: Provider load failure"
Other powershell cmdlets seem to work, so I don't have an idea what might be wrong. Enabling the TPM doesn't provide an issue.
The default Microsoft driver is also loaded and CCTK is used in WinPE to activate the TPM.
Using wbemtest, I see that the class is present on the computer, but it only holds <null> values.
Purpose TPM: I'm trying to active the TPM to protect the keys of Credential Guard.
Does anyone have an idea how I could resolve this?
Thanks in advance!
Regards
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
Silencer001
8 years ago
I'm still struggling with the enablement, but figured out what was the problem with the powershell command. I haven't added the WinPE-SecureStartup.cab package to the WinPE image.
Posted by:
pollewops
8 years ago
Hi I have the same issue...did you manage to solve the issue and activate the TPM chip as well during the TS phase ?
Comments:
-
No not really to be honest.. To have a smooth integration with these components, implementing MS ConfigMgr would be a solution :) - Silencer001 8 years ago
Posted by:
pollewops
8 years ago
What do you mean with "implementing MS ConfigMgr would be a solution" ?
I use configmgr and still have the issue.
I am now trying to use cctk within Winpe phase which now seems to work.
Important is that a setup password is available before you configure TPM (enable and activate) !
I use configmgr and still have the issue.
I am now trying to use cctk within Winpe phase which now seems to work.
Important is that a setup password is available before you configure TPM (enable and activate) !
Comments:
-
I haven't tested this in a ConfigMgr setup, but the blogpost (see first post) succesfully uses ConfigMgr. It's been a long time for me since I was working on this, but I thought that a reboot was required for the TPM between activating en enabling. Dell KACE doens't have the standard step like ConfigMgr to reboot the computer and start the TS.. Setting a setup password or converting disk to UEFI and secure boot is no issue with Dell KACE in combination with the CCTK. I've got this working.. It's just the reboot part that isn't available by default in Dell KACE.. - Silencer001 8 years ago
Posted by:
pollewops
8 years ago
Hi,
I tried configuring using the blog post but that does not work with me either :-(
The problem is when an owner is already available. Then re-enabling and re-activating seems not to work.
Will investigate further.
I tried configuring using the blog post but that does not work with me either :-(
The problem is when an owner is already available. Then re-enabling and re-activating seems not to work.
Will investigate further.