Cannot Enable Bitlocker - I believe machine has key still in Active Directory


have machine had bitlocker enabled previous hard drive.  we moved drive machine , ended having reformat drive , reinstall windows.  i sure drive had bitlocker disabled before happened.

have bitlocker save keys in active directory systems on network.  these new machines running windows 8.1.  

have new drive in laptop , when try enable bitlocker, have problems.  bitlocker passes check process , says restart system.  when restart system following error message:

bitlocker not enabled.  the bitlocker encryption key cannot obtained.  verify trusted platform module (tpm) enabled , ownership has been taken.  if computer not have tpm, verify usb drive inserted , available.  c: not encrypted.

system brand new dell precision m4800 , have tpm installed , enabled.  and said before, enabled on old hard drive @ 1 time.  

after doing bit of research, guess there key in active directory related old system has become orphaned.  (based on article found trying google solution: http://blogs.technet.com/b/askcore/archive/2013/08/05/how-to-cleanup-tpm-information-from-ad-for-windows-8-computers.aspx)  however, when in active directory under new key area, have 12 machines listed there.  unfortunately, information cryptic , doesn't have way me tell key machine.  i thinking might able remove key , solve problem.  

have tried searching solutions on place link above item i've found possibly relate.  thus trying here.  i cannot new machine encrypted can deploy user.  so must fixed.

i did already.  here problem.  

the machine has been removed active directory.  thus key orphaned.  

however, believe found work around problem.  this odd worked.  

when tried saving key usb drive fail every time.  when chose print key instead, worked.  i don't know why , it's possible isn't related active directory @ all.  i'll go ahead , close thread out since have fix.


steve eason, mcse fm:systems



Windows Server  >  Security



Comments

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

Failed to delete the test record dcdiag-test-record in zone test.com

Azure MFA with Azure AD and RDS