SCCM Task Sequence - Bit locker Encryption task sequence step failing

Craig Paulsen
Craig Paulsen used Ask the Experts™
on
Team, need help resolving a laptop build that's continously failing at the bitlocker stage of task sequence, it's specific to just this model laptop, and I suspect it's related to some BIOS config.
Can you advise or direct me please,
Laptop Model = HP Elite X2 1012

______________________________________________________________________________________________________________________________________________
Error in logs:

... r
Initial TPM state: 55
Creating TPM owner authorization value
Succeeded loading resource DLL 'C:\Windows\CCM\1033\TSRES.DLL'
Taking ownership of TPM
uStatus == 0, HRESULT=80070005 (e:\nts_sccm_release\sms\framework\tscore\tpm.cpp,645)
pTpm->TakeOwnership( sOwnerAuth ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,522)
InitializeTpm(), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1313)
ConfigureKeyProtection( keyMode, pwdMode, pszStartupKeyVolume ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1552)
pBitLocker->Enable( argInfo.keyMode, argInfo.passwordMode, argInfo.sStartupKeyVolume, argInfo.bWait ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\main.cpp,382)
'TakeOwnership' failed (2147942405)
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
ccess is denied. (Error: 80070005; Source: Windows)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexSenior Infrastructure Analyst

Commented:
What OS are you trying to put on, apparently the TPM with that laptop only works when you have a BIOS password

https://h30434.www3.hp.com/t5/Windows/HP-Elite-x2-11b-G1-TPM/td-p/5496616

Sorry I didn't respond sooner but the Elite x2 actually can be upgraded to 10, working with an HP Tech to solve the TPM issue (Just had to create a passcode for the bios) and a couple other problems he updated the bios on the machine to the latest revision (as well as several drivers) and so far so good with the upgraded machine.  I apreciate the help.
Craig PaulsenSenior Systems Engineer

Author

Commented:
The BIOS is password protected, we deploying windows 8.1 via SCCM, I think this laptop bios config is very specific around that secure boot, clear TPM config, I just can't recall what exactly needs to be set, not sure why my company keeps purchasing these fiddly machines
Senior Systems Engineer
Commented:
we found the issue to be related to the version of TPM running on these laptops, all the newer models are being shipped with TPM version 2.0, our windows 7/8 laptops was certified whilst using the TPM ver.1.3, I managed to get around this by removing the step that pre-provisions bitlocker in the task sequence, currently in discussion with our client in terms of the way forward (IE: recertify all laptops using the new TMP Ver. (IE: ver. 2.0) or have suppliers configure these with ver.1.3 prior to shipping to us.
Craig PaulsenSenior Systems Engineer

Author

Commented:
the other feedback provided did not resolve my issue

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial