Posts Tagged ‘BitLocker’

Yesterday I was working on deploying Windows 8 Enterprise to Surface Pro for a customer and I ran into a problem with BitLocker.

When running the ‘Enable BitLocker’ step in the TS the following error message was returned;

Failed to run the action: Enable BitLocker.
No pre-boot keyboard or Windows Recovery Environment detected. The user may not be able to provide required input to unlock the volume. (Error: 803100B6; Source: Windows)

I enable BitLocker on laptops the exact same way with no problem, so I knew this problem was related to the device being a Surface Pro, so I did a quick search for it and found the following article by Niall Brady and clearly he deployed it without any problems.

So what was really the difference between this Surface Pro and the other laptops I deploy, UEFI.

When looking at the Niall’s article I see that he was using a regular Task Sequence and not a MDT Task Sequence, so I decided to try that just to check, and BitLocker was applied with no problems. So what is the difference between the steps in the regular Task Sequence and the MDT Task Sequence? Since this is working on my regular laptops I decided to start looking at the steps that only run on UEFI machines first, more specific the ‘Format and Partition Disk (UEFI)’ step and compared it to the same step in the regular Task sequence;

1_2

As you can see above there is a difference in this step between the MDT TS and the regular TS when it comes to the 300MB Recovery Partition, this partition is set as a primary partition in the MDT TS and as a Recovery partition in the regular TS.

So I edited the step in the MDT TS and changed the Partition type from Primary to Recovery;

3_4

Now BitLocker was also applied successfully to the Surface Pro using the MDT Task Sequence and everybody was happy.

Not sure why this Partition is set as a Primary partition in the MDT TS by default, could be a bug? Please feel free to enlighten me in the comment field.

Advertisements