Solved

Setting up bitlocker network unlock

Posted on 2016-08-24
6
49 Views
Last Modified: 2016-09-12
I'm setting up bitlocker network unlock and on the wds server when a client sends a request I get to errors.

[WDSServer/WDSPXE/NKPPROV] NKP request processing failed while extracting key material. Remote address: ipaddress:68, Packet length: 573.

[WDSServer/WDSPXE/NKPPROV] Could not decrypt data with private key. HRESULT = 0x80090010.

Any ideas.  I verified on the client that the certificate is installed and the thumbprint matches what is installed on the wds server.
0
Comment
Question by:bnussbaum
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:Dave
ID: 41773474
Ok, i looked at the above error code. The "0x80090010" error is commonly caused by incorrectly configured system settings or irregular entries in the Windows registry. Just make sure that the private/public keys are in good shape and the above setup is correctly configured for these keys. I guess the error lies there.
0
 
LVL 3

Assisted Solution

by:Dave
Dave earned 500 total points
ID: 41773479
In addition, i would try the following as part of troubleshooting: https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx#BKMK_Troubleshoot
0
 

Author Comment

by:bnussbaum
ID: 41774825
I tried setting the certificate up again but still doesn't work.  I verified the certificate in the FVE_NKP registry on the client matches what is installed on the WDS server, I ran the manage-bde -protectors command and network (Certified Based) is listed and the certificate thumbprint matches the server.  The client is running UEFI and CMS is disabled, network unlock is enabled in the group policy.    The WDS server is server 2012 and has the network unlock feature installed and the DHCP server is on a separate server.

Are there any settings that need to be configured on the DHCP server?  The DHCP server is setup us DHCP only and doesn't have Bootp enabled.   I haven't configured anything with that.  Not sure what else to check or try.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:bnussbaum
ID: 41778803
Is create certificate template a step that needs to be done for network unlock?  Some articles I have read have said to set it up, some don't mention it.  I haven't done this step.
0
 

Accepted Solution

by:
bnussbaum earned 0 total points
ID: 41788513
I opened a case with Microsoft and the issue is resolved now.  It ended up the TechNet article that Microsoft had was incorrect and left out some things that needed to be used for the certificate.
0
 

Author Closing Comment

by:bnussbaum
ID: 41793916
Issue is resolved opening a case with Microsoft.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now