cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Fix Windows 10 Update Issues

    Resolve Windows 10 or update issues on HP computer or printer– Click Here

  • post a message
  • ×
    Information
    Fix Windows 10 Update Issues

    Resolve Windows 10 or update issues on HP computer or printer– Click Here

  • post a message
This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
Highlighted
Level 1
5 3 0 1
Message 1 of 7
3,088
Flag Post
HP Recommended

bitlocker

Elite X2 1012 G1
Microsoft Windows 8.1 (64-bit)

Hello,

 

i have just finished building a TaskSequence in SCCM 2012 for de HP Elite X2 1012 G1 notebook.

All is working except Bitlocker.

All other laptops (HP 650 G1, G2 and Elite X2 1011 G1, etc) bitlocker does work.

I receive an error with Active Directory not being setup correcty. Access Denied.

This is normally due to de SELF object not able to write the TPM ownerinformation.

 

But our AD has been setup for this a long time ago. And all other laptops etc bitlocker works fine.

When i check the bios. all other laptops have an option for OS managament of bitlocker.

The new HP Elite X2 1012 G1 however does not.

How can i enable bitlocker and write the key to the Active Directory for this laptop?

0 Kudos
6 REPLIES 6
Highlighted
Level 2
22 16 2 2
Message 2 of 7
3,067
Flag Post
HP Recommended

bitlocker

It looks like that setting can be found on page 20 of the manual under the Secourity -> TPM Embedded Security -> TPM State menu. Here's the link to the manual with detailed settings for the BIOS: http://h10032.www1.hp.com/ctg/Manual/c04947557

0 Kudos
Highlighted
Level 1
5 3 0 1
Message 3 of 7
3,063
Flag Post
HP Recommended

bitlocker

Tnx.

But TPM is activated in de Bios.

Windows Sees the TPM in TPM.msc. But i can not enable it any further.

It keeps telling me that the bios does not support TPM or an access denied in the active directory.

I know AD is setup correctly. All my laptops use the samen Windows 8.WIM file.

And all laptops are able to apply bitlocker and save the key to AD. Except this HP Elite x2 1012.

 

 

0 Kudos
Highlighted
Level 2
22 16 2 2
Message 4 of 7
3,059
Flag Post
HP Recommended

bitlocker

By process of elimination:

 

It not AD because AD is setup correctly, and its not SCCM because SCCM successfully enables BitLocker and backs up the key to the domain for other machines. Therefore the issue is with the machine. Since it is a machine issue, there are two possibilities: an incorrect setting or bad hardware. You have stated that it is "Activated" in the BIOS so it is not the BIOS. Which leaves us with only one option left: hardware issues.

 

TPM Device: Setting Makes the TPM available. The following settings are possible:  Hidden  Available  (Default is Available)

TPM State: Setting When checked, enables the ability for the OS to take ownership of the TPM (Default is Checked)

 

If you can manually enable BitLocker after the machine is imaged, you may need to re-examine your assumptions about what it can't be.

0 Kudos
Highlighted
Level 1
5 3 0 1
Message 5 of 7
3,057
Flag Post
HP Recommended

bitlocker

Unfortunatly i only have one device. If this works. It is tested. And than accepted. And then more devices are bought.

If i try to enable BL by hand after the laptop has been imaged. It also fails.
It might be a problem with UEFI. I have tried it with UEFI disabled and booting legacy bios.
That does not help.

Saw a comment about trying to use pure UEFI with legacy disabled. Will try that tomorrow

 

tnx for your thoughts.

0 Kudos
Highlighted
Level 2
22 16 2 2
Message 6 of 7
3,055
Flag Post
HP Recommended

bitlocker


@TimNieuwenhuijs wrote:


If i try to enable BL by hand after the laptop has been imaged. It also fails.


If you can't even manually enable BitLocker, then you have a bum machine.

 

My advice is to open a ticket with HP. It should be under warranty. When you do talk to HP Support, leave out all the parts about SCCM and AD and anything to do with your network. You will be dealing with a  first tier support person who probably got a two week training class on how to Google things before getting put on helpdesk. Focus solely on the fact that you installed your OS, tried to enable BitLocker, and it fails. Make sure to give them the EXACT error message you get when it fails so they can look it up.

0 Kudos
Highlighted
Level 1
5 3 0 1
Message 7 of 7
3,038
Flag Post
HP Recommended

bitlocker

Yes manually it also says not able to write to AD. Or bios version not supported.

 

Today i changed the bios from Legacacy enabled, secureboot enabled.  To Legacy disabled, secureboot enabled.

So it will only use UEFI. Disabled the legacy boot order. And enabled Fastboot.

 

This works!!
TS Now runs fine. And bitlockers is enabled with the key stored in AD.

 

 

This topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation