Bitlocker on system drive failing - Win10 LTSB 1607

F

Filippotosi

Member
Dear Nuhi,
for the first time I tried to enable Bitlocker on system drive in my 1607 LTSB installation and I got a strange error: "The specified procedure could not be found".
My hardware has TPM.

Attached is used preset.
Please consider that original source image has been updated with W10UI (and resetbased) with following packages:
- windows10.0-kb4033393-x64.cab
- Windows10.0-KB4035631-x64.msu
- Windows10.0-KB4041688-x64.msu
- windows10.0-kb4051613-x64_baa8164a0d8f30d5979930999c39b91c1791ab2f.msu

Maybe you can check if it is working on your side?
Thank you,
Fil
 
Nuhi, I installed original Win10 rs3, untouched iso, and bitlocker on system drive is working correctly. I also applied my tweaks, still working.
Now I'm almost sure something is wrong on ntlite side.
Please tell me how can I help you in debugging this.

Fil
 
Nuhi, maybe I've found something interesting: it looks like bitlocker fails on ntlited install when target hard disk partition scheme has no reserved / recovery partition.
Fil
 
@Filippotosi, thx, will check the PDF these days.
Regarding the Bitlocker. Why do you think that only lite OS requires recovery partition, have you tried the full OS without the recovery partition?
Please see here for more info.
 
Nuhi,
I wrote about recovery partition as, on original installation, I had prepared a disk layout without it and, after bitlocking system drived it appeared.
It looks like during "preparation" stage of bitlocker wizard on ntlited os, something goes wrong and setup cannot do some operations. One of these operations could be related to disk layout?
Yesterday I installed LTSB again and I can confirm bitlocker of system drive is still broken.
So now I have checked different hardwares, different tpms, uefi and mbr, ltsb and rs3, so I'm almost sure this is ntlite related.

Fil
 
OK, will try these days (current update is already done) and report back, thanks.
 
@Filippotosi, so I retried on VMWare this time, as your tweak disables the need for TPM.
Loaded 1709 patched to .125, with your preset and added the REG file.
I have set in unattended partition setup that there is no Recovery partition, it was UEFI preset with 0MB recovery, MSR 16MB, EFI 100MB, rest for the system.
After setup encrypted the C drive with password, printed the key, rebooted, it finished without errors.
Confirmed in Disk Management still no recovery partition.
Used latest version.

Any differences in our methods so that I can catch the issue?

Thanks.
 
Thank you Nuhi.
Are you sure my tweak is disabling TPM? It should not be supposed to do so but I can easily be wrong.

However could you install Bitlocker on system drive on 1709, patched to .125, on TPM enabled machine without any issue?
Did you enable Bitlocker by command line or standard wizard?

I will recheck tomorrow new version, using same partition setup as yours.

Fil
 
The tweak is not disabling TPM, but allows Bitlocker without it.
EnableBDEWithNoTPM = 1

I'll retry on my laptop these days, reason why I'm not too stressed about it is because I did try before and it worked. Granted now I'll make sure that no recovery partition is there first.

Thanks, bit more patience please, at least now you know a workaround by creating the recovery partition in the first place, if I'm not mistaken.
 
You must log in or register to reply here.
Back
Top