• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
We have new content about Hotkey issue, Click here to check it out!
Locked

‎02-09-2018 06:19 AM

HP Recommended
Product: HP Prodesk 400 G3 & G4
Operating System: Microsoft Windows 10 (64-bit)

Hi,

 

I am trying to setup bitlocker network unlock on me current domain, however I am getting stuck with the follwing issue;

 

"Bootmgr failed to obtain the BitLocker volume master key from the network key protector: failed to send request."

 

Looking at it, the device fails to send the request for a DHCP address; does anyone know why this would happen; there has been several references to a network stack but looking into the BIOS/UEFI there is nothing that relates to a "network stack". I am able to PXE boot the machines though.

 

Any help would be great.

3 REPLIES 3

‎02-15-2018 01:02 AM

HP Recommended

Hi, 

I haven't worked with this model before but are you running boot mode as UEFI Native (Without CSM) ?

If you can successfully PXE boot and your boot mode is set to the above setting, you are successfully getting an IP from DHCP.

Another thing to check would be TPM, from the OS, run "TPM.msc" and the status is "The TPM is ready for use with reducd functionality", you may need to look into clearing the TPM.

I used these two articles and they are very helpful in understanding and implementing Bitlocker Network Unlock:

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-...

https://blogs.technet.microsoft.com/dubaisec/2016/04/14/bitlocker-network-unlock/

 

Let me know how it works out for you.

 

Tags (1)
Was this reply helpful? Yes No

‎02-15-2018 07:02 AM

HP Recommended

Hi,

 

I have checked the TMP status and it was set to "ready to use"

 

I did think that the PXE was working and that it was able to get a DHCP address;

 

However when I run wireshark to capture the packets on WDS nothing shows up until the machine boots into windows.

 

Hence why I though that something is stopping the connection.

 

I have followed both articles and neither advise how to troubleshoo the client.

 

I take it works on your network, can I ask how yours is setup?

 

Currently my setup is as follows;

 

DC/DHCP

-- CA 

 ---- WDS

 ------- Clients

 

I installed Wireshark on all serves and still only picks up anything after windows boots.

 

I have a firewall between clients and servers but this has IP helpers on and DHCP is configured to look at WDS for PXE.

 

Completely lost, there is no comprehensive guide.

 

thanks.

Was this reply helpful? Yes No

‎02-18-2018 05:47 AM

HP Recommended

Hi,

 

Sorry to hear that it's still not working, I have it configured as follows:

DC/DHCP

-- CA 

 ---- WDS

 ------- Clients

 

IP Helpers for DHCP servers and WDS server

DHCP options for WDS server

CA signed certificate with private key in the Computer\Bitlocker Drive Encryption Network Unlock store

The certificate without the key is in the GPO that applies the "Bitlocker drive encryption Network Unlock certificate" and enables network unlock at startup.

Client boot mode is set to UEFI native (Not BIOS or Hybrid (With CSM))

 

 

It sounds like your IP Helper is only for the DHCP server and not the WDS server. I tested and without the IP helper, the machine will not send the DHCP packet to the WDS server.

 

Regards

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.