Solved

Setting up bitlocker network unlock

Posted on 2016-08-24
6
87 Views
Last Modified: 2016-09-12
I'm setting up bitlocker network unlock and on the wds server when a client sends a request I get to errors.

[WDSServer/WDSPXE/NKPPROV] NKP request processing failed while extracting key material. Remote address: ipaddress:68, Packet length: 573.

[WDSServer/WDSPXE/NKPPROV] Could not decrypt data with private key. HRESULT = 0x80090010.

Any ideas.  I verified on the client that the certificate is installed and the thumbprint matches what is installed on the wds server.
0
Comment
Question by:bnussbaum
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:Dave
ID: 41773474
Ok, i looked at the above error code. The "0x80090010" error is commonly caused by incorrectly configured system settings or irregular entries in the Windows registry. Just make sure that the private/public keys are in good shape and the above setup is correctly configured for these keys. I guess the error lies there.
0
 
LVL 3

Assisted Solution

by:Dave
Dave earned 500 total points
ID: 41773479
In addition, i would try the following as part of troubleshooting: https://technet.microsoft.com/en-us/library/jj574173(v=ws.11).aspx#BKMK_Troubleshoot
0
 

Author Comment

by:bnussbaum
ID: 41774825
I tried setting the certificate up again but still doesn't work.  I verified the certificate in the FVE_NKP registry on the client matches what is installed on the WDS server, I ran the manage-bde -protectors command and network (Certified Based) is listed and the certificate thumbprint matches the server.  The client is running UEFI and CMS is disabled, network unlock is enabled in the group policy.    The WDS server is server 2012 and has the network unlock feature installed and the DHCP server is on a separate server.

Are there any settings that need to be configured on the DHCP server?  The DHCP server is setup us DHCP only and doesn't have Bootp enabled.   I haven't configured anything with that.  Not sure what else to check or try.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:bnussbaum
ID: 41778803
Is create certificate template a step that needs to be done for network unlock?  Some articles I have read have said to set it up, some don't mention it.  I haven't done this step.
0
 

Accepted Solution

by:
bnussbaum earned 0 total points
ID: 41788513
I opened a case with Microsoft and the issue is resolved now.  It ended up the TechNet article that Microsoft had was incorrect and left out some things that needed to be used for the certificate.
0
 

Author Closing Comment

by:bnussbaum
ID: 41793916
Issue is resolved opening a case with Microsoft.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question