Tuesday, October 22, 2013

TPM cannot be enabled without physical presence.

During SCCM 2012 TS to enable start BitLocker encryption of OS drive, Task Sequence failed with following error:

The task sequence execution engine failed executing the action (BitLocker on C: Drive) in the group () with the error code 2147500037
Action output: ==============================[ OSDBitLocker.exe ]==============================
Command line: "OSDBitLocker.exe" /enable /wait:True /mode:TPM /pwd:AD
'IsSrkAuthCompatible' failed (2150105106)
'IsEndorsementKeyPairPresent' failed (2150105095)
TPM cannot be enabled without physical presence. The operating system reported error 2147500037: Unspecified error

Reason for this BitLocker Message issue is because TPM was not enabled during the SCCM Task Sequence.
For HP Models a solution is to export BIOS configuration in txt file and find right setting which enable TPM.
BiosConfigUtility.exe /getconfig:config.txt

Enter this BIOS setting in a file that will be used to modify BIOS settings.
This commands are particularly for HP machines:
BiosConfigUtility.exe /CurSetupPassword:"password" /setconfig:EnableTPM.REPSET

For model HP EliteBook 2570p EnableTPM.REPSET file should look like this:

TPM Activation Policy
    F1 to Boot
    Allow user to reject
    *No prompts
Activate TPM On Next Boot

BiosConfigUtility can be downloaded from HP web site.

No comments:

Post a Comment