Solved

Setting up bitlocker network unlock

Posted on 2016-08-24
6
168 Views
Last Modified: 2016-09-12
I'm setting up bitlocker network unlock and on the wds server when a client sends a request I get to errors.

[WDSServer/WDSPXE/NKPPROV] NKP request processing failed while extracting key material. Remote address: ipaddress:68, Packet length: 573.

[WDSServer/WDSPXE/NKPPROV] Could not decrypt data with private key. HRESULT = 0x80090010.

Any ideas.  I verified on the client that the certificate is installed and the thumbprint matches what is installed on the wds server.
0
Comment
Question by:bnussbaum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:Dave
ID: 41773474
Ok, i looked at the above error code. The "0x80090010" error is commonly caused by incorrectly configured system settings or irregular entries in the Windows registry. Just make sure that the private/public keys are in good shape and the above setup is correctly configured for these keys. I guess the error lies there.
0
 
LVL 3

Assisted Solution

by:Dave
Dave earned 500 total points
ID: 41773479
In addition, i would try the following as part of troubleshooting: https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx#BKMK_Troubleshoot
0
 

Author Comment

by:bnussbaum
ID: 41774825
I tried setting the certificate up again but still doesn't work.  I verified the certificate in the FVE_NKP registry on the client matches what is installed on the WDS server, I ran the manage-bde -protectors command and network (Certified Based) is listed and the certificate thumbprint matches the server.  The client is running UEFI and CMS is disabled, network unlock is enabled in the group policy.    The WDS server is server 2012 and has the network unlock feature installed and the DHCP server is on a separate server.

Are there any settings that need to be configured on the DHCP server?  The DHCP server is setup us DHCP only and doesn't have Bootp enabled.   I haven't configured anything with that.  Not sure what else to check or try.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:bnussbaum
ID: 41778803
Is create certificate template a step that needs to be done for network unlock?  Some articles I have read have said to set it up, some don't mention it.  I haven't done this step.
0
 

Accepted Solution

by:
bnussbaum earned 0 total points
ID: 41788513
I opened a case with Microsoft and the issue is resolved now.  It ended up the TechNet article that Microsoft had was incorrect and left out some things that needed to be used for the certificate.
0
 

Author Closing Comment

by:bnussbaum
ID: 41793916
Issue is resolved opening a case with Microsoft.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question