myITforum and Windows IT Pro Forums

 SCCM Bitlocker Disk Partition Task Sequence Problems

Author Message
cchan

  • Total Posts : 8
  • Scores: 0
  • Reward points : 0
  • Joined: 2/10/2006
  • Status: offline
SCCM Bitlocker Disk Partition Task Sequence Problems Tuesday, September 16, 2008 1:28 PM (permalink)
0
In the tast sequence I created two primary volumes. The primary volume is the MBR with a 1538 MB fixed size.
 
The problem i'm having is naming the drive letter to Q. I used the Advanced option with a Variable Q in the Format and Partition Disk properties . During the imaging process SCCM chooses the next available drive letter D by default. Does anyone know how to assign a drive letter?
 
Thanks,
Calvin

[image]local://upfiles/20600/88A420D085A548C198EE45DD99EC846A.jpg[/image]
Attached Image(s)
 
#1
    brpo

    • Total Posts : 28
    • Scores: 1
    • Reward points : 0
    • Joined: 8/11/2006
    • Status: offline
    RE: SCCM Bitlocker Disk Partition Task Sequence Problems Tuesday, September 16, 2008 3:24 PM (permalink)
    0
    Hi
    You can't set a drive letter while in Winpe, as it won't be kept anyway.
    however, you can use the Q variable you set in the TS to change the drive letter to Q after you reboot in a full os.
    (the variable will be kept after reboot). You will need to script this though.
    brgds

     
    #2
      cchan

      • Total Posts : 8
      • Scores: 0
      • Reward points : 0
      • Joined: 2/10/2006
      • Status: offline
      RE: SCCM Bitlocker Disk Partition Task Sequence Problems Tuesday, September 16, 2008 3:32 PM (permalink)
      0
      Would you happen to have a script I can use? Would the diskpart commands work?
       
      #3
        brpo

        • Total Posts : 28
        • Scores: 1
        • Reward points : 0
        • Joined: 8/11/2006
        • Status: offline
        RE: SCCM Bitlocker Disk Partition Task Sequence Problems Wednesday, September 17, 2008 3:21 AM (permalink)
        0
        Hi
        I don't see a reason why the diskpart command would not work
        you would have to select the volume based on your variable, then change drive letter
        assign letter=o:
        (you might also check that the drive is not being used already).
        brgd
         
         
        #4
          tomeyers

          • Total Posts : 15
          • Scores: 0
          • Reward points : 11270
          • Joined: 8/27/2008
          • Status: offline
          RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, September 25, 2008 3:27 AM (permalink)
          0
          This doesn't work because you can't modify the drive letter assignment on a boot partition.  I'm trying to work through this same issue, and it's a pain in the ass.  If you follow Microsoft's steps for using the built-in Format and Partition Disk and Enable BitLocker tasks, you get C and D partitions and your DVD drive becomes E, which is not acceptable for our 40,000 users.
           
          #5
            swilbers

            • Total Posts : 21
            • Scores: 2
            • Reward points : 19790
            • Joined: 5/21/2007
            • Status: offline
            RE: SCCM Bitlocker Disk Partition Task Sequence Problems Monday, December 08, 2008 10:54 AM (permalink)
            0
            I am not sure if you resolved your issue, but here is what i did to get a specifc drive letter for the second partion:
             
            1. For your "Format and partition" tasks, just create one partition using the entire disk
            2. Download the Bitlocker Drive Prep Tool - http://www.microsoft.com/downloads/details.aspx?FamilyID=320b9aa9-47e8-44f9-b8d0-4d7d6a75add0&displaylang=en
            3. Install this on a test workstation and copy the files from the install dir (if i remember correctly it is in Program Files) to all distirubtion points.  I have MDT integrated into SCCM in my environment, so i copied the files into the Application Dir of the MDT package.
            4. Create a new task in your State Restore Phase with this command line:  bdehdcfg.exe -target C: shrink -newdriveletter s: -size 1536 -quiet
            5. Working dir for my task looks like this: %deployroot%\Applications\Bitlocker Prep Tool\x86
            6. Add a restart computer task after this step
            7. Add the "Enable Bitlocker" task after the reboot
             
            This will work for anything that is being started through a PXE boot or boot from media.  For a refresh scenario, you will have to add a couple additional tasks:
            1. During the State Capture phase you will need to add a task to detect if Bitlocker is configured and set/add a TS variable to use later.
            2. During the Install phase, directly after the "Restart to Windows PE" task, add an additional "Format and Partition Disk" task and add a condition so that it will only run if Bitlocker was detected during the State Capture phase
             
             
            #6
              mlindgren

              • Total Posts : 18
              • Scores: 0
              • Reward points : 0
              • Joined: 2/8/2006
              • Status: offline
              RE: SCCM Bitlocker Disk Partition Task Sequence Problems Wednesday, December 10, 2008 12:21 PM (permalink)
              0
              I´m also running MDT and I tried the method with Bitlocker Drive Prep Tool, it works great when running New Computer scenario but I´m not able to figure out how to make it work in the refresh computer scenario. The task sequence fails with an error in the smsts.log saying that the drive needs to be decrypted before Windows PE can be staged on the drive. Even if I decrypt the drive with a task sequence step, I´m not sure that I will be able to repartition the drive when rebooting in PE? And what about backed up user state data if it is saved to local drive? Then I also need to back up user state data to state migration point or other network place if the computer is running Bitlocker.
               
              Do you have a more detailed explanation on how to make refresh computer scenario work with bitlocker?
               
              Thanks!
               
              #7
                swilbers

                • Total Posts : 21
                • Scores: 2
                • Reward points : 19790
                • Joined: 5/21/2007
                • Status: offline
                RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, January 22, 2009 9:53 AM (permalink)
                0
                You need include the "Disable Bitlocker" task during the State Capture phase after the script that detects bitlocker.
                 
                #8
                  tomeyers

                  • Total Posts : 15
                  • Scores: 0
                  • Reward points : 11270
                  • Joined: 8/27/2008
                  • Status: offline
                  RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, January 22, 2009 6:17 PM (permalink)
                  0
                  Hey swilbers, when I follow your steps for enabling BitLocker, as soon as the machine reboots, I get an error reporting the system drive has changed and prompting me to manually enter the BitLocker key.
                   
                  #9
                    swilbers

                    • Total Posts : 21
                    • Scores: 2
                    • Reward points : 19790
                    • Joined: 5/21/2007
                    • Status: offline
                    RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, January 22, 2009 7:29 PM (permalink)
                    0
                    Couple questions for you tomeyers:
                     
                    1. Where at in the task sequence do you have the Enable Bitlocker task?  Is it near the end or closer to the beginning of the State Restore Phase
                    2. Was there a bootable CD\DVD in the drive?  If so, that caused it to require the key when I was doing my testing
                    3. you did verify that there was a restart between the Bitlocker Drive prep tool task and the Enable Bitlocker task
                     
                     
                     
                    #10
                      tomeyers

                      • Total Posts : 15
                      • Scores: 0
                      • Reward points : 11270
                      • Joined: 8/27/2008
                      • Status: offline
                      RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, January 22, 2009 8:30 PM (permalink)
                      0
                      1. It's early in the State Restore Phase, right after Reboot/Toolkit/Gather/Tatoo.
                      2. There's no media in the drive.  If media is in the drive, the Enable BitLocker task actually prompts you to remove it and click OK to continue.
                      3. There is a Reboot/Toolkit/Gather/Tatoo between the BitLocker Drive Prep Tool and Enable BitLocker.
                       
                      #11
                        tomeyers

                        • Total Posts : 15
                        • Scores: 0
                        • Reward points : 11270
                        • Joined: 8/27/2008
                        • Status: offline
                        RE: SCCM Bitlocker Disk Partition Task Sequence Problems Thursday, January 22, 2009 8:49 PM (permalink)
                        0
                        Here's something very strange.  At reboot, the system prompts for manual entry of the key if I try to boot WITHOUT media in the DVD drive.  If I insert the SCCM boot disc, the system starts right up and happily continues OSD where it left off.  The same thing happens at each subsequent reboot.

                        I know that sounds crazy, because it's exactly the opposite of how it should work.  The only thing I can think of is perhaps having boot media in the DVD drive while the BitLocker Drive Prep Tool ran somehow caused the boot partition to be misconfigured.  I'm going to eject before that step and see if it changes anything.
                         
                        EDIT: That resolved the issue.  I've never seen that documented anywhere, but then I suppose they don't expect you to run BdeHdCfg in OSD with bootable media in the drive.
                        <message edited by tomeyers on Thursday, January 22, 2009 8:53 PM>
                         
                        #12
                          mlindgren

                          • Total Posts : 18
                          • Scores: 0
                          • Reward points : 0
                          • Joined: 2/8/2006
                          • Status: offline
                          RE: SCCM Bitlocker Disk Partition Task Sequence Problems Friday, January 30, 2009 10:27 AM (permalink)
                          0
                          When doing a refresh install and deactivating the bitlocker before restarting to PE and then enabling bitlocker again in the task sequence, the driveletter initially configured with bdehdcfg is not preserved. Anyone have a fix for this? Tried to change driveletter with diskpart before enabling bitlocker, but that is not possible since it is the boot drive...
                           
                          #13
                            mlindgren

                            • Total Posts : 18
                            • Scores: 0
                            • Reward points : 0
                            • Joined: 2/8/2006
                            • Status: offline
                            RE: SCCM Bitlocker Disk Partition Task Sequence Problems Friday, January 30, 2009 10:39 AM (permalink)
                            0

                            2. During the Install phase, directly after the "Restart to Windows PE" task, add an additional "Format and Partition Disk" task and add a condition so that it will only run if Bitlocker was detected during the State Capture phase

                             
                            That solved my problem...
                             
                            #14
                              Online Bookmarks Sharing: Share/Bookmark

                              Jump to:

                              Current active users

                              There are 0 members and 2 guests.

                              Icon Legend and Permission

                              • New Messages
                              • No New Messages
                              • Hot Topic w/ New Messages
                              • Hot Topic w/o New Messages
                              • Locked w/ New Messages
                              • Locked w/o New Messages
                              • Read Message
                              • Post New Thread
                              • Reply to message
                              • Post New Poll
                              • Submit Vote
                              • Post reward post
                              • Delete my own posts
                              • Delete my own threads
                              • Rate post

                              2000-2014 ASPPlayground.NET Forum Version 3.9