• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.

‎01-16-2015 07:58 AM

HP Recommended

I am doing a test to transition away from PGP Desktop Encryption on our notebooks to BitLocker Windows 7 Enterprise.

I set it up in GPO on the Server Windows 2012 Std.

When I started bitLocker, it says "A compatible Trusted platform Module (TPM) issecurity device must be present on this computer, but a TPM was not found."

The Device manager shows Infineon Trusted Platform Module, driver dated 12/14/2007 Driver Version 2.1.1.0.  I did an update driver and it found nothing.  I looked in HP support for a newer driver but it was down.  :smileysad:

 

So I looked in the BIOS to make sure it was not disabled. 

Tried adding a couple of things,First I checked -Reset of TMP from OS

.IMG_0032-Resized.jpg

Next I tried Poweron Authentication Support and Reset Authentical Credential:

IMG_0034-resized.jpg

No happiness with either.

What do i need to do to proceed please?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

‎01-20-2015 06:25 AM

HP Recommended

Hi Peter ,

 

I just simulated the BIOS - All the settings seems perfect .

 

 

If thats the case since this is an enterprise version of the OS - i suspect issue is with the group policy 

 

 

If thats the case  to resolve this issue, do the following:

  1. Log on as Administrator.
  2. Click Start, select Run, type gpedit.msc and press Enter.
  3. Select Adminstrative templates.
  4. Select Windows components.
  5. Select Bit locker drive encryption.
  6. Select Operating system drive.
  7. Select Require additional authentication at startup.
  8. Select Enable, click OK and exit
  9. Click Start, select Run, type gpupdate.exe /force and press Enter.
  10. Reboot the notebook after the process completes.
  11. Click Start, select Control Panel, double-click BitLocker Encryption and select Turn On BitLocker for the local hard disk drive.

Im sure this should help :smileyhappy:

 

Regards,

PraTH_KR

 

 

 

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.

View solution in original post

9 REPLIES 9

‎01-19-2015 05:51 AM

HP Recommended

Hi,  Im Not sure if youve already tried this but you could check If this helps .

You could try setting up an administrator password & then enable TPM and check if it helps .

Because the TRusted Platform module sometimes might need some prerequisites to be completed first .

 

Before enabling the BitLocker feature in Windows 7 , first enable TPM modules in BIOS setup page, as follows:

  1. Restart the notebook and press F10 to enter the BIOS setup screens.
  2. Select the Security tab.
  3. Set the Administrator Password.
  4. Set the Embedded Security Device to Available.
  5. Set the  Status to Enabled.
  6. Save and restart.

 

However IF your setting  a BIOS Administrator password please make a note not to forget it cos on a business unit resetting the forgotten  BIOS password is a little too tricky & takes time .

 

You could also try updating the BIOS .

 

Also just an FYI  from The document - http://www8.hp.com/h20195/v2/GetDocument.aspx?docname=c04110992 

 

It also does mention that * TPM module disabled where use is restricted by law; for example, Russia and China.

 

 

Hope this helps

 

Regards 

PraTH_KR

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.

‎01-19-2015 09:04 AM

HP Recommended

Prath,

I appreciate your assistance.  I clicked the Thumbs up several times, but no result.  :smileysad:

I thought it was fixed, but no success.

Our W7 Enterprise images all come with a BIOS setting password so that was already accomplished.

I was able to find a newer BIOS update.  Then I went into the BIOS looking for the items you mentioned, I found Security\TPM Emedded Security.  This is what I set:

  • Embedded Security Device Avabilablity:  "Available"
  • Embedded Security Device State:  "Check Mark"
  • Factory Defaults:  "No"
  • Power-On Authentification Support:  "Check Mark"
  • Reset Authentication Credential;  "No"
  • OS Management of TPM:  "Check Mark"
  • -Reset of TPM from OS:  "Not Checked"

When I saved it I received a Prompt, "Do you want to Enable TPM", and I said "Accept" fully thinking it would work now.

No luck

‎01-20-2015 06:25 AM

HP Recommended

Hi Peter ,

 

I just simulated the BIOS - All the settings seems perfect .

 

 

If thats the case since this is an enterprise version of the OS - i suspect issue is with the group policy 

 

 

If thats the case  to resolve this issue, do the following:

  1. Log on as Administrator.
  2. Click Start, select Run, type gpedit.msc and press Enter.
  3. Select Adminstrative templates.
  4. Select Windows components.
  5. Select Bit locker drive encryption.
  6. Select Operating system drive.
  7. Select Require additional authentication at startup.
  8. Select Enable, click OK and exit
  9. Click Start, select Run, type gpupdate.exe /force and press Enter.
  10. Reboot the notebook after the process completes.
  11. Click Start, select Control Panel, double-click BitLocker Encryption and select Turn On BitLocker for the local hard disk drive.

Im sure this should help :smileyhappy:

 

Regards,

PraTH_KR

 

 

 

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.

‎01-20-2015 07:07 AM

HP Recommended

Prath,

That was it.  I first ran the steps on our Site Poilicy but it did not work so I ran it on the notebok and it worked.

Thanks so much.

Do you have any idea why the site policy setting did not work?

‎01-20-2015 07:15 AM

HP Recommended

Hi Peter,

 

 

 On a frank note im not sure why the the Site policy Setting did not work .

 

But the only thing i could assume is - I guess this is a unit specific change that needs to be done . 

 

 

But Im really glad it worked for you :smileyhappy: 

 

Regards,

PraTH_KR

 

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.

‎01-20-2015 07:24 AM

HP Recommended

Prath,

I spoke too soon.  After it created the system disk and restarted in preferences it says:

This computer does not appear to have TPM.  Require a Startup key at every step.

IMG_0036.JPG

 

I just noticed TPM management in there, so i clicked on it and it says Compatible TPM Not found. Verify if this computer has a 1.2 TPM and it is turned on in the BIOS.

I did not find an Infineon driver for this notebook when I check drivers last week bu I will look again.  Perhaps my version is too old??

Device manager says Infineon Trusted platform Module driver version is 2.1.1.0.  doing an update search on the Internet says the best driver is installed.

 

‎01-20-2015 08:01 AM

HP Recommended

Hi Peter,

 

Oh thats too bad,

 

Was this unit serviced any moment of time - for example a system board replacement  any time before?

 

 

If not then please go ahead and go back to the BIOS - perform a restore  defaults in   BIOS  .

& then reverify the settings for the TPM As discussed before  - save & Exit from the BIOS & check if makes any difference .

 

 

And sorry about the delayed posts - I was  a little occupied ! 

 

 

Regards

PraTH_KR

 

 

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.

‎01-20-2015 08:20 AM

HP Recommended

Prath,

Do not apologize, i greatly appreciate the help.  Like I said this is a test to see what we need to accomplish to switch from PGP encryption and there is no rush.

No this notebook is the one I use to take home and has hardly been used.  one of our newest.

I cleared the TPM after resetting BIOS.

I will go back through the routine and check back later.

 

Nope Same thing, still saying I need to use a USB to unlock and this is what TPM Administration looks like:

Administer TPM.PNG

Is there a Registry Hack I can do, since it definitely has TPM, and BitLocker doesn't believe it does?

Update, I looked in the registry and found this clearly showing 1.0:

tpm registry.PNG

 So I uninstalled Infineon TPM in Device manager and did a scan and a new device showed up "Security Devices (with a Key)"\Trusted Platform Module 1.2.TPM1.2.PNG

So the System Device Infineon TPM was probably version 1.0 and messing me up.

Drive is encrypted with BitLocker.  Yeah!

have a great day,

Peter

 

‎01-20-2015 10:33 AM

HP Recommended

Hi Peter ,

 

Thats great that its working now with what you did .

 

Uninstalling & Refreshing the TPM module from the device manager was just brilliant :smileyhappy:

 

But let me also show you what i found .

 

 

 

To check whether your PC  has a TPM version 1.2?

Click Start, click Control Panel, click System and Security, click BitLocker Drive Encryption, and then click Turn On BitLocker. If your computer does not have a TPM version 1.2 or the BIOS is not compatible with the TPM, you will receive the following error message:

A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker.

 

If you receive this error message on a computer that has a TPM, check if either of the following situations applies to your computer:

  • Some computers have TPMs that do not appear in the Windows 7 TPM Microsoft Management Console snap-in (tpm.msc) due to a BIOS setting that hides the TPM by default and does not make the TPM available unless it is first enabled in the BIOS. If your TPM might be hidden in the BIOS, consult the manufacturer's documentation for instructions to display or enable the TPM.

  • Some computers might have an earlier version of the TPM or an earlier version of the system BIOS that is not compatible with BitLocker. Contact the computer manufacturer to verify that the computer has a TPM version 1.2 or to get a BIOS update.

 

 

OR

 

 

You can enable BitLocker on an operating system drive without a TPM version 1.2, if the BIOS has the ability to read from a USB flash drive in the boot environment. This is because BitLocker will not unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs will not be able to use the system integrity verification that BitLocker can also provide.

To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.

To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setup Group Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPM check box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard.

 

 

Well all in all If everything is working fine then thats all we are looking for .

 

 

However Just an FYI - you could update the BIOS to be on a safer note & have the above mentioned information Handy - you know just in case if  you need it :smileywink:

 

Cheers for  the encrypted drive though  :smileyhappy:

 

 

Regards,

PraTH_KR

 

Although I am an HP employee, I am speaking for myself and not for HP.

**Click on “Kudos” Star if you think this reply helped** Or Mark it as "Solved" if issue got fixed.
Archived This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.