MDT – BitLocker Encrypting Failed

One of the steps deploying a computer these days is to encrypt the disk by enabling BitLocker in the sequence. But I was getting an error message telling me that the encryption failed because

TPM Password missing. Please provide Password via TpmOwnerPassword or AdminPassword

Since none of the password is present in the sequence or the configuration file, the encryption wasn’t going through.

So where to put the these passwords so that the deploy sequence can go through without the problem?

In MDT’s DeploymentWorkbench, right-click the Deployment Share you have, and choose Properties.

Switch to Rules tab and add the following line under [Default] section.

TpmOwnerPassword=passphase

Click OK to save the setting, which saves the change to CustomSettings.ini file under Control folder in MDT deployment share folder.

Now try again and the encryption should go through.

Behind the scene, the TpmOwnerPassword is used during the TPM initialization process for encryption. However, since retaining ownership password is no longer a safe measure in BitLocker, it will be set to a random value in the latest Windows 10 builds. So, it seems that the TpmOwnerPassword is obsolete and no longer used. However, if it still prevents you from enabling BitLocker during the deployment, hope this one helps.

Leave a Reply

Your email address will not be published. Required fields are marked *