BitLocker–MBAM–Error

Here are some error/solutions findings about rolling out the MBAM (Microsoft BitLocker Administration and Monitoring) Agent.

Problem 1 – “Error checking whether TPM chip is ready”:

image

Solution 1:

Check if the driver for the TPM Chip is loaded correctly. If the drivers couldn’t be loaded, uninstall the device (incl. the existing drivers) from the Device Manager and reboot. After the reboot the TPM chip device should be loaded correctly.

 

 

Problem 2 – “Error taking ownership of the TPM”:

image

Solution 2:

This issue occurs when the TPM Endorsement Key is missing. The following VBS code helps you out by setting the TPM Endorsement Key:

=============== Script Text ===============

Set objWMIService = GetObject(“WinMgmts:{impersonationLevel=impersonate,AuthenticationLevel=pktprivacy}//” & “.” & “\root\CIMV2\Security\MicrosoftTpm”)

Set objItems = objWMIService.InstancesOf(“Win32_Tpm”)

For Each objItem In objItems

‘rvaluea = objItem.IsEnabled(A)

‘rvalueb = objItem.IsActivated(B)

‘rvaluec = objItem.IsOwned(C)

rvalued = objItem.IsEndorsementKeyPairPresent(D)

‘If A Then

‘WScript.Echo “TPM Is Enabled: ” & A

‘Else

‘WScript.Echo “TPM Is Enabled: ” & A

‘End If

‘If B Then

‘WScript.Echo “TPM Is Activated: ” & B

‘Else

‘WScript.Echo “TPM Is Activated: ” & B

‘End If

‘If C Then

‘WScript.Echo “TPM Is Owned: ” & C

‘Else

‘WScript.Echo “TPM Is Owned: ” & C

‘End If

‘If D Then

‘WScript.Echo “TPM Is EndorsementKeyPairPresent: ” & D

‘Else

If Not D Then

‘WScript.Echo “TPM Is EndorsementKeyPairPresent: ” & D

‘WScript.Echo “CreateEndorsementKeyPair… Please Wait”

rvaluee = objItem.CreateEndorsementKeyPair(E)

‘WScript.Echo “CreateEndorsementKeyPair… Returns:” & rvaluee & ” and E=” & E

If (rvaluee <> 0) Then

WScript.Quit -1

End If

End If

Next
WScript.Quit 0

=============== Script Text ===============

Source: http://support.microsoft.com/kb/2640178

 

 

Problem 3 – “Encryption failed – BitLocker could not encrypt one or more drives on this computer”

image

manage-bde –on c: comes up with the Error Code 0x80310004

Solution 3:

Sometimes Acronis (or other Imaging tools maybe too) modifies the MBR and that stops BitLocker from proceeding.

So, you need a Windows 7 DVD or a System Repair Disc to get into the Windows Recovery Environment – Command Prompt repair console and execute these commands:

bootrec.exe /fixmbr

bootrec.exe /fixboot

See also: http://support.microsoft.com/kb/927392/en-us

 

 

Problem 4 – “Error code 0x80310018”

manage-bde –on c: comes up with the Error Code 0x80310018 resp. Not Owned

Solution 4:

Manage-bde –tpm –o Test_Password (<- choose something random)

See also: COM Error Codes (TPM, PLA, FVE)

Advertisements
This entry was posted in Computer und Internet and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s