• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Windows 10 Bitlocker Query

    Scheduled Pinned Locked Moved Unsolved
    Windows Problems
    5
    36
    12.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • george1421G
      george1421 Moderator @Wayne Workman
      last edited by

      @Wayne-Workman Sorry we went to DM chat to work through the issues.

      The .0 thing was because his primary dhcp server was still handing out dhcp 66 and 67 and there was a dhcpProxy server (dnsmasq) sending out an Offer packet, so the target computer switched over to dhcpProxy mode and my configuration did not have that part configured (because its almost never used, except in conditions like this).

      We had to add this section.

      # PXEClient:Arch:00000
      pxe-service=X86PC, "Boot BIOS PXE", undionly.kpxe
      
      # PXEClient:Arch:00007
      pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi
      
      # PXEClient:Arch:00009
      pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi
      

      To create the complete config file here.

      port=0
      
      # Log lots of extra information about DHCP transactions.
      log-dhcp
      
      # Set the root directory for files available via FTP.
      tftp-root=/tftpboot
      
      # Disable re-use of the DHCP servername and filename fields as extra
      # option space. That's to avoid confusing some old or broken DHCP clients.
      dhcp-no-override
      
      # inspect the vendor class string and match the text to set the tag
      dhcp-vendorclass=BIOS,PXEClient:Arch:00000
      dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
      dhcp-vendorclass=UEFI,PXEClient:Arch:00007
      dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
      
      # Set the boot file name based on the matching tag from the vendor class (above)
      dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,10.1.0.102
      dhcp-boot=net:UEFI,ipxe.efi,,10.1.0.102
      dhcp-boot=net:UEFI64,ipxe.efi,,10.1.0.102
      
      # The boot filename, Server name, Server Ip Address
      dhcp-boot=undionly.kpxe,,10.1.0.102
      
      # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
      pxe-prompt="Booting FOG Client", 1
      
      # PXEClient:Arch:00000
      pxe-service=X86PC, "Boot BIOS PXE", undionly.kpxe
      
      # PXEClient:Arch:00007
      pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi
      
      # PXEClient:Arch:00009
      pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi
      
      dhcp-range=10.1.0.102,proxy
      

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      RobTitian16R 1 Reply Last reply Reply Quote 1
      • RobTitian16R
        RobTitian16 @sudburr
        last edited by

        @sudburr I read online that UEFI has to be enabled to run BitLocker. (Source: http://www.dell-forum.com/windows/bitlocker-cannot-be-enabled-when-changing-the-boot-sequence-to-legacy-mode/).
        It does exactly what it says in that forum post - asks for a key every time the system is booted, which can be incredibly cumbersome when you have to dig out the key from a file share (using another system). I suppose we could supply everyone with USB keys, but that might not be a very good idea from a security standpoint if the USB keys are with the users all the time.

        When enabling BitLocker, I enable the check and it returns after restarting saying that it could not activate BitLocker because it could not connect to the TPM chip.

        1 Reply Last reply Reply Quote 0
        • RobTitian16R
          RobTitian16 @Wayne Workman
          last edited by

          @Wayne-Workman I’m not trying to capture an image from a system that’s using BitLocker - I’m trying to enable it after the system has been imaged. From the forum post linked in my other reply, it says it needs to be imaged in UEFI mode (effectively) to enable BitLocker to run correctly.

          1 Reply Last reply Reply Quote 0
          • RobTitian16R
            RobTitian16 @george1421
            last edited by

            @george1421 We seem one step further 🙂
            It now boots from the network, but gets stuck on “iPXE initialising devices…”
            I’ve tried the suggestions here: (https://forums.fogproject.org/topic/6133/intel-nuc-dc53427hye-stuck-at-ipxe-initialising-devices/6) to no avail. It’s a Dell Latitude 6430 and I can see here (https://wiki.fogproject.org/wiki/index.php/WorkingDevices) that it looks like it may not work anyway.

            RobTitian16R 1 Reply Last reply Reply Quote 0
            • RobTitian16R
              RobTitian16 @RobTitian16
              last edited by

              @RobTitian16 I’ve also found this has stopped my ability to image VMs on Hyper-V:

              0_1480672488015_upload-f55fc67f-b107-457c-baa6-9dfba5bbe4e4

              george1421G 1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @RobTitian16
                last edited by

                @RobTitian16 Lets remove the dhcp options 66 and 67 from your primary dhcp server. Let dnsmasq supply these values. If that doesn’t work grab another pcap of the hyper-v pxe booting. Lets see what’s flying down the wire then.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                RobTitian16R 2 Replies Last reply Reply Quote 0
                • RobTitian16R
                  RobTitian16 @george1421
                  last edited by

                  @george1421 Yep, I removed those this morning.
                  I had to revert back to a previous build of my FOG server as I needed to image a VM for our production environment. I’ll go through the dnsmasq set-up again and then provide a pcap when the issue occurs again (likely to be on Monday now).

                  1 Reply Last reply Reply Quote 0
                  • RobTitian16R
                    RobTitian16 @george1421
                    last edited by

                    @george1421

                    Sorry about the delay - it’s been hectic this past week. Here’s the latest pcap:

                    0_1481287363618_output.pcap

                    Interestingly, what @sudburr said earlier rings true as the very system I was trying to get Bitlocker to work on earlier died and had the motherboard replaced by Dell. Once the motherboard was replaced, Bitlocker could then be enabled without any issue.

                    george1421G 1 Reply Last reply Reply Quote 0
                    • sudburrS
                      sudburr
                      last edited by

                      I have a growing hatred for Dell systems. 😎

                      [ Standing in between extinction in the cold and explosive radiating growth ]

                      1 Reply Last reply Reply Quote 0
                      • george1421G
                        george1421 Moderator @RobTitian16
                        last edited by george1421

                        @RobTitian16 said in Windows 10 Bitlocker Query:

                        @george1421

                        Sorry about the delay - it’s been hectic this past week. Here’s the latest pcap:

                        0_1481287363618_output.pcap

                        … Once the motherboard was replaced, Bitlocker could then be enabled without any issue.

                        If the tpm chip was initialized by another OS and then a new OS was overlaid onto the system with the activated tpm chip, I can understand why bitlocker would not init, because the system identity would have been changed. The information in the TPM chip would not match the current computing environment. From what I understand you must blank out and reset the TPM chip to enable it on the new OS.

                        <edit>Ref: http://www.dell.com/support/article/us/en/4/SLN155219/en </edit>

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        RobTitian16R 2 Replies Last reply Reply Quote 0
                        • RobTitian16R
                          RobTitian16 @george1421
                          last edited by

                          @george1421 Thanks, George. I’ll give this a go with one of the other laptops to see if I can get it to work.

                          1 Reply Last reply Reply Quote 0
                          • RobTitian16R
                            RobTitian16 @george1421
                            last edited by RobTitian16

                            @george1421 Still no dice with getting this to run with the legacy boot option.
                            I’ve cloned my FOG server for UEFI testing but the laptops don’t boot using IPV4 - they just hang. or say that the file is not found (going by the previous posts).

                            EDIT:
                            It seems to be working on a Dell E7270. I’ll test after the holidays with the other Dell laptop 🙂
                            Thanks for the help, George and everyone else! Much appreciated as always!

                            1 Reply Last reply Reply Quote 0
                            • 1
                            • 2
                            • 2 / 2
                            • First post
                              Last post

                            195

                            Online

                            12.0k

                            Users

                            17.3k

                            Topics

                            155.2k

                            Posts
                            Copyright © 2012-2024 FOG Project