Martin Kubini
asked on
Windows 10 1709, after install cumulative update bitlocker asks for recovery key
We are in the phase of implement of Windows 10 1709 in our company. Since April 2018 we cause the problem that computer with Windows 10 ask for BitLocker recovery key. We investigated root cause, and it looks that recovery key asks computer after installing Windows 10 cumulative update (April). I removed temporarily this update from SCCM, everything works fine. Yesterday Microsoft released may cumulative update for Win10 and the problem continue. After install may cumulative update, BitLocker always asks for recovery key. Do you have any idea? BitLocker is implemented on all computers in the company.
Sam Simon Nasser
let me check it, but for your information, latest Windows 10 build is 1803, why you want to install 1709?
Does not happen here and would be widely known if a common problem.
Please investigate what happened around the same time as the april CUs were installed that might have triggered bitlocker recovery.
->was the firmware changed?
->did you change boot settings or other bios settings?
Please investigate what happened around the same time as the april CUs were installed that might have triggered bitlocker recovery.
->was the firmware changed?
->did you change boot settings or other bios settings?
try this:
Once you input the recovery key and the system boots you should then login, suspend bitlocker, perform a normal reboot, login, resume bitlocker. This will reestablish the trust.
check here also https://community.spiceworks.com/canonical_answer_pages/58-get-bitlocker-recovery-key
Go into the BIOS and turn off the TPM. Then in Windows open a command prompt and enter the following commands:
set devmgr_show_nonpresent_devices=1
start devmgmt.msc
In the Device Manager view Hidden devices, find the TPM device and delete it. Restart and go into the BIOS and reenable the TPM. Restart Windows. Give Windows a chance to reinstall the TPM device. You should now be able to enable bitlocker again.
One of the frequently missed requirements for Bitlocker is that the Microsoft TPM drivers must be loaded and running. Third party TPM drivers will not work with Bitlocker.
ASKER
Sam Simon Nasser > suspend and resume bitlocker is not the solution for thousand computers. And why 1709? We are a big company with a lot of custom apps and every new version of OS have to be tested before deploy.
@martin,
suspending and enabling bitlocker: do not try it on the whole computer at once! try on one computer, if it workied we can go to step 2 on how to make it on all of the computers, if it did not work, we will find another solution.
1709 and 1803: Microsoft plans to release an update for windows 10 every 6 months (fall and spring)
suspending and enabling bitlocker: do not try it on the whole computer at once! try on one computer, if it workied we can go to step 2 on how to make it on all of the computers, if it did not work, we will find another solution.
1709 and 1803: Microsoft plans to release an update for windows 10 every 6 months (fall and spring)
ASKER
McKnife > i am doing investigation for several days :). We are deploying on computers which have this problem a new version of ESET Antivirus. I am going to test uninstallation before install of cumulative update.
ASKER
Sam Simon Nasser
The solution with suspend and resume Bitlocker works fine, till another cumulative update :)
The solution with suspend and resume Bitlocker works fine, till another cumulative update :)
"The solution with suspend and resume Bitlocker works fine, till another cumulative update :)" - that's what you think. Cumulative updates have nothing to do with bitlocker problems, sorry. We have the company bitlocked for 10 years - NEVER did an update trigger bitlocker recovery mode.
You can scirpt-deploy bitlocker suspension, if you are looking for a mass-solution, by the way.
You can scirpt-deploy bitlocker suspension, if you are looking for a mass-solution, by the way.
glad to hear that.
ASKER
McKnife
I mean that cumulative update is not the main source of the problem. CU connects with another process/program which cause the problem. I am testing task sequence without ESET antivirus. I will let you know the result.
I mean that cumulative update is not the main source of the problem. CU connects with another process/program which cause the problem. I am testing task sequence without ESET antivirus. I will let you know the result.
ASKER
This problem probably cause ESET Endpoint security 6.6. Without this antivirus Windows works fine after cumulative update installation. We opened a ticket to Eset support. I'm curious about the findings.
Objection. Sam, read correctly. His final comment suggests, that it seems as though it is an interaction with ESET AntiVirus software, so he found the solution by himself.
@Martin Kubini: please return and close the question accordingly.
@Martin Kubini: please return and close the question accordingly.
McNiefe,
i requested closure and marked my answer as correct according hot reply
like you mentioned, its up for Martin Kubini to distribute the points.
i requested closure and marked my answer as correct according hot reply
The solution with suspend and resume Bitlocker works fine, till another cumulative update :)and since he did not feedback, i though my solution fixed it.
like you mentioned, its up for Martin Kubini to distribute the points.
ASKER
@Sam Simon Nasser , your answer is not the solution, only operation to regenerate password in TPM. We are working together with ESET to identify the problem. The problem still occurs.
sorry for the misunderstanding then, i though my answer solved your issue.
ASKER
After the week of investigation with ESET, the problem disappeared. Probably ESET updated some components in his antivirus software. I post more information if I will receive it.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.