Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up bitlocker network unlock

Posted on 2016-08-24
6
Medium Priority
?
384 Views
Last Modified: 2016-09-12
I'm setting up bitlocker network unlock and on the wds server when a client sends a request I get to errors.

[WDSServer/WDSPXE/NKPPROV] NKP request processing failed while extracting key material. Remote address: ipaddress:68, Packet length: 573.

[WDSServer/WDSPXE/NKPPROV] Could not decrypt data with private key. HRESULT = 0x80090010.

Any ideas.  I verified on the client that the certificate is installed and the thumbprint matches what is installed on the wds server.
0
Comment
Question by:bnussbaum
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:Dave
ID: 41773474
Ok, i looked at the above error code. The "0x80090010" error is commonly caused by incorrectly configured system settings or irregular entries in the Windows registry. Just make sure that the private/public keys are in good shape and the above setup is correctly configured for these keys. I guess the error lies there.
0
 
LVL 3

Assisted Solution

by:Dave
Dave earned 2000 total points
ID: 41773479
In addition, i would try the following as part of troubleshooting: https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx#BKMK_Troubleshoot
0
 

Author Comment

by:bnussbaum
ID: 41774825
I tried setting the certificate up again but still doesn't work.  I verified the certificate in the FVE_NKP registry on the client matches what is installed on the WDS server, I ran the manage-bde -protectors command and network (Certified Based) is listed and the certificate thumbprint matches the server.  The client is running UEFI and CMS is disabled, network unlock is enabled in the group policy.    The WDS server is server 2012 and has the network unlock feature installed and the DHCP server is on a separate server.

Are there any settings that need to be configured on the DHCP server?  The DHCP server is setup us DHCP only and doesn't have Bootp enabled.   I haven't configured anything with that.  Not sure what else to check or try.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bnussbaum
ID: 41778803
Is create certificate template a step that needs to be done for network unlock?  Some articles I have read have said to set it up, some don't mention it.  I haven't done this step.
0
 

Accepted Solution

by:
bnussbaum earned 0 total points
ID: 41788513
I opened a case with Microsoft and the issue is resolved now.  It ended up the TechNet article that Microsoft had was incorrect and left out some things that needed to be used for the certificate.
0
 

Author Closing Comment

by:bnussbaum
ID: 41793916
Issue is resolved opening a case with Microsoft.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question