![]() I can ping the MBAM server both by FQDN and hostname/NetBIOS name. Error code: -2143485939 Details: The remote endpoint does not exist or could not be located. The filtered TCG log for PCR is included in this event.Įvent ID 784 confirms the key was backed up to AD DS at 2:06 PM.Įvent ID 4: An error occurred while sending encryption status data. That said, here's what the BitLocker & MBAM logs look like around the time this is all setup.Įvent ID 813: BitLocker cannot use Secure Boot for integrity because the expected TCG Log entry for variable 'SecureBoot' is missing or invalid.Įvent ID 834: BitLocker determined that the TCG log is invalid for use of Secure Boot. ![]() ![]() Turning BitLocker protection on and encrypting the volume via manage-bde.Applying the BitLocker & MBAM registry settings pulled from a machine with the proper GPO configuration.Applying the XTS-AES 256 registry settings. ![]() Instead, once we're in Windows proper we are: In order to enable full disk encryption and XTS-AES 256, we're not pre-provisioning BitLocker during OSD. But even after 120 minutes the key still wasn't in MBAM which is what prompted me to dive deeper. Yup, ours is still set to the default 90 minutes. Meanwhile, the keys for my machine have been in AD for 2 hours - so what's the hold up with MBAM? Just looking to understand what triggers the MBAM client to backup the password. And as evidenced by every machine imaged, the MBAM client 'kicks in' at some point, does what it needs to do and the keys appear in MBAM.īut we don't know what specifically that is. My machine isn't a one off as this is also true for several dozens of machines in various offices. My machine has been restarted a handful of times today after imaging as well. Yet searching for the Key ID In MBAM yields 'Recovery key not found'. (NOTE: If there's a way to do this in WinPE, we're all ears.)Īs machines come off the line, we're finding that the keys are not immediately available in MBAM.įor example, my machine was imaged earlier today and is currently encrypting. Is setup we're in Windows proper and waiting for the system to encrypt. In order to satisfy some security requirements (full disk encryption XTS-AES 256) we are not enabling BitLocker while in WinPE during OSD. We're an SCCM shop (1602 with MDT of course) deploying Windows 10 to a large pilot group.
0 Comments
Leave a Reply. |