SCCM Task Sequence - Bit locker Encryption task sequence step failing

Craig Paulsen
Craig Paulsen used Ask the Experts™
Team, need help resolving a laptop build that's continously failing at the bitlocker stage of task sequence, it's specific to just this model laptop, and I suspect it's related to some BIOS config.
Can you advise or direct me please,
Laptop Model = HP Elite X2 1012

Error in logs:

... r
Initial TPM state: 55
Creating TPM owner authorization value
Succeeded loading resource DLL 'C:\Windows\CCM\1033\TSRES.DLL'
Taking ownership of TPM
uStatus == 0, HRESULT=80070005 (e:\nts_sccm_release\sms\framework\tscore\tpm.cpp,645)
pTpm->TakeOwnership( sOwnerAuth ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,522)
InitializeTpm(), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1313)
ConfigureKeyProtection( keyMode, pwdMode, pszStartupKeyVolume ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1552)
pBitLocker->Enable( argInfo.keyMode, argInfo.passwordMode, argInfo.sStartupKeyVolume, argInfo.bWait ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\main.cpp,382)
'TakeOwnership' failed (2147942405)
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
ccess is denied. (Error: 80070005; Source: Windows)
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexSenior Infrastructure Analyst

What OS are you trying to put on, apparently the TPM with that laptop only works when you have a BIOS password

Sorry I didn't respond sooner but the Elite x2 actually can be upgraded to 10, working with an HP Tech to solve the TPM issue (Just had to create a passcode for the bios) and a couple other problems he updated the bios on the machine to the latest revision (as well as several drivers) and so far so good with the upgraded machine.  I apreciate the help.
Craig PaulsenSenior Systems Engineer


The BIOS is password protected, we deploying windows 8.1 via SCCM, I think this laptop bios config is very specific around that secure boot, clear TPM config, I just can't recall what exactly needs to be set, not sure why my company keeps purchasing these fiddly machines
Senior Systems Engineer
we found the issue to be related to the version of TPM running on these laptops, all the newer models are being shipped with TPM version 2.0, our windows 7/8 laptops was certified whilst using the TPM ver.1.3, I managed to get around this by removing the step that pre-provisions bitlocker in the task sequence, currently in discussion with our client in terms of the way forward (IE: recertify all laptops using the new TMP Ver. (IE: ver. 2.0) or have suppliers configure these with ver.1.3 prior to shipping to us.
Craig PaulsenSenior Systems Engineer


the other feedback provided did not resolve my issue

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial