Unable to encrypt drives with bitlocker after deploying image with Fog
-
Hello. I have a problem with Fog deployed images that I could not figure out. I’ve installed a fresh copy of WIndows 11 from scratch, installed Office, fog agent and antivirus. During installation Windows 11 by default encrypted the C drive using bitlocker, I’ve decrypted the drive, Sysprep the system, captured the image with Fog and deployed it.
The deploy worked without errors, Windows 11 was installed, joined to domain and printers deployed. The problem appears when I try to encrypt the drive of a deployed Windows using Bitlocker, it ends up with error “The path specified in the Boot Configuration Data (BCD) for a BitLocker Drive Encryption
integrity-protected application is incorrect”…
I was able to reproduce this error in multiple configurations:- capturing from different physical laptops with TPM and secure boot (HP, Lenovo, Dell)
- capturing from different virtual machine with TPM and secure boot
- using Windows 11 Enterprise or Professional.
The image always creates 3 partitions, boot/EFI, system and recovery. I could not find any obvious erros in BCD by checking bcdedit.
Can someone help here? thank you so very much!
-
@dtiganas said in Unable to encrypt drives with bitlocker after deploying image with Fog:
The path specified in the Boot Configuration Data (BCD) for a BitLocker Drive Encryption
integrity-protected application is incorrectPlease try the information here:
https://support.microsoft.com/en-us/topic/error-message-when-you-try-to-run-the-bitlocker-drive-encryption-program-cannot-run-39e3c3f5-4f5f-242c-504a-ee55e5015eeeMaybe here as well:
https://www.mcbsys.com/blog/2019/01/bitlocker-wizard-initialization-has-failed/FOG isn’t the “reason” this is happening though it, I suspect, is playing a small part.
Ultimately I think it boils down to the bcd thinking this is one drive, but you’ve cloned it so bcd needs a resync to find the actual drive it’s sitting on.
I think BCD is using a unique identifier to find the paths and that unique identifier isn’t that actual information on that newly deployed system. so This article should help fix that, I hope.
-
Unfortunately nor the links provided or any other info from internet helped. I’ve edited the BCD, updated it, changed the volumes order, even erase it completely (don’t try this at home!) Bitlocker would not work.
I suspect the issue is caused by the partclone. The next step is to try different configurations, like Single Disk not resizable or raw, using partclone alone (without fog). I will keep you updated, if interested.
Thank you very much! -
@dtiganas Did you get anywhere with this? I’m having the same issue on our machines and am getting no where with fixing it…
