/build/static/layout/Breadcrumb_cap_w.png

Dell CCTK (Command and Configure) - Enable and activate TPM (for Credential Guard)

Hi all,

I'm currently facing issues regarding the activation of the TPM in my Scripted install.
I'm using a WinPE 10 Bootimage (with the following packages: WinPE-WMI, WinPE-NetFx, WinPE-PowerShell, WinPE-HTA, WinPE-DismCmdlets, WinPE-Scripting)

After enabling the TPM (using the CCTK), I'm trying to active it using the Dell Command and Configure tooling with this command: "cctk.exe --tpmactivation=activate".
This is returning the following error: "To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated.".

I stumbled accross this blog which holds a powershellscript to determine if the TPM is owned/activated, but it didn't work for me.
I ran the cmdlets manually and it gives me the error "Get-wmiobject: Provider load failure"
Myp8Wb.jpeg

Other powershell cmdlets seem to work, so I don't have an idea what might be wrong. Enabling the TPM doesn't provide an issue.
The default Microsoft driver is also loaded and CCTK is used in WinPE to activate the TPM.
Using wbemtest, I see that the class is present on the computer, but it only holds <null> values.
e8qRfC.jpeg

Purpose TPM: I'm trying to active the TPM to protect the keys of Credential Guard.

Does anyone have an idea how I could resolve this?

Thanks in advance!

Regards

0 Comments   [ + ] Show comments

Answers (4)

Posted by: Silencer001 8 years ago
Orange Senior Belt
0
I'm still struggling with the enablement, but figured out what was the problem with the powershell command. I haven't added the WinPE-SecureStartup.cab package to the WinPE image.
Posted by: pollewops 8 years ago
Senior Yellow Belt
0
Hi I have the same issue...did you manage to solve the issue and activate the TPM chip as well during the TS phase ?

Comments:
  • No not really to be honest.. To have a smooth integration with these components, implementing MS ConfigMgr would be a solution :) - Silencer001 8 years ago
Posted by: pollewops 8 years ago
Senior Yellow Belt
0
What do you mean with "implementing MS ConfigMgr would be a solution" ?

I use configmgr and still have the issue.

I am now trying to use cctk within Winpe phase which now seems to work.
Important is that a setup password is available before you configure TPM (enable and activate) !

Comments:
  • I haven't tested this in a ConfigMgr setup, but the blogpost (see first post) succesfully uses ConfigMgr. It's been a long time for me since I was working on this, but I thought that a reboot was required for the TPM between activating en enabling. Dell KACE doens't have the standard step like ConfigMgr to reboot the computer and start the TS.. Setting a setup password or converting disk to UEFI and secure boot is no issue with Dell KACE in combination with the CCTK. I've got this working.. It's just the reboot part that isn't available by default in Dell KACE.. - Silencer001 8 years ago
Posted by: pollewops 8 years ago
Senior Yellow Belt
0
Hi,

I tried configuring using the blog post but that does not work with me either :-(
The problem is when an owner is already available. Then re-enabling and re-activating seems not to work.

Will investigate further.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ