BitLocker, TPM, and Gateway

[Jamie Hunter [MS]]

Hi APA, did you run this on an elevated command prompt?
To get an elevated command prompt, right-click on the "Command Prompt"
shortcut under All Programs->Accessories and click "Run as administrator".
The command prompt window should say "Administrator: Command Prompt" in the
title.
Thanks!
-
Jamie Hunter [MS]

Jamie,

My apologies for not answering this sooner. I don't know how I missed you
question. BTW, I installed build 5728 but still have the same conditions
that I originally posted. Here's the output from manage-bde...

-SNIP

C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: An error occurred while connecting to the BitLocker management
interface.

Check that you have administrative rights on the computer and the computer
name is correct.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: An error occurred while connecting to the BitLocker management
interface.

Check that you have administrative rights on the computer and the computer
name is correct.

C:\Windows\System32>

-END SNIP

I do have admin rights and I assume the computer name is correct.

Thanks,

APA

Hi APA, can you try these instead?

(1)
cscript manage-bde.wsf -tpm -TurnOn

(2)
cscript manage-bde.wsf -on c:

I expect one or both of these to fail, but I am interested in the failure
messages, which will tell me where to go from here. I'm not familiar with
the Gateway M280 or if it has the necessary BIOS support, but I know
we've
had success with other Gateway machines.

Thanks!
-
Jamie Hunter [MS]

Jamie,

Here's the output from 'manage-bde'

C:\Windows\System32>cscript manage-bde.wsf -tpm
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

C:\Windows\System32>

Thanks,

APA

:

I'll talk to my co-workers on Monday, see if anyone has an idea what
may
be
going on. Can you also try the "manage-bde" command-line and see if
the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it
is
listed
in Device Manager under "Security Devices" as a Broadcom TPM. The
properties
specify it as 1.2 using MS drivers.

Thanks,

APA

:

What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM
support
on
a Gateway computer? I have Vista RC1 installed on a Gateway
M280.
The
M280
has a Broadcom TPM 1.2 chip that is installed properly according
to
Device
Manager.

However, the TPM managment console, BitLocker Control Panel
applet,
and
the
"manage-bde.wsf" script will not recongize the chip. All other
devices
are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA

 

[Guest]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA

 

[Jamie Hunter [MS]]

Ok, thanks! Can you look in the event log to see if there are any errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

 

[Jeff]

Jamie,
Not to jump in but;
My Dell e1505 has TPM too; and Vista is saying TPM not found.
Same message.

Jeff

Ok, thanks! Can you look in the event log to see if there are any errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the
output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to
Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA

 

[Guest]

Jamie,

Here's the event log data from the TBS:

-SNIP
A compatible TPM is not found. TBS requires TPM version 1.2 or greater, but
the version of the TPM on the computer is ?.?.
-END SNIP

The event id is 538. FWIW, in Device Manager, under Security Devices,
'Broadcom TPM' is listed. On the Details tab of the Broadcom TPM Properties,
with Device description as the selected property the Value is: Broadcom
Trusted Platform Module (A1), v1.2.

If I change the selected Property to 'Install State' the Value reported is:
00000000. I have tried searching the registry for 'TPM' and hopefully
changing this value. No luck in finding a registry key cooresponding to this
value.

Jamie, thank again for sticking with me on this issue. It is greatly
appreciated!

Best regards,

APA

Ok, thanks! Can you look in the event log to see if there are any errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to
Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA

 

[Guest]

Jamie,

I found one more event viewer entry relating to TBS. Here it is:

Log Name: System
Source: Microsoft-Windows-TBS
Date: 10/3/2006 10:56:08 PM
Event ID: 16392
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: RC1B5728.domain.local
Description:
An error occurred while starting the TBS. The error code was 0x8029021a.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TBS"
Guid="{51480c1a-90aa-416e-98fd-4c11f735349b}" />
<EventID>16392</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2006-10-04T02:56:08.950Z" />
<EventRecordID>1790</EventRecordID>
<Correlation />
<Execution ProcessID="1168" ThreadID="2340" />
<Channel>System</Channel>
<Computer>RC1B5728.domain.local</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorCode">0x8029021a</Data>
</EventData>
</Event>

Thanks,

APA

Jamie,

Here's the event log data from the TBS:

-SNIP
A compatible TPM is not found. TBS requires TPM version 1.2 or greater, but
the version of the TPM on the computer is ?.?.
-END SNIP

The event id is 538. FWIW, in Device Manager, under Security Devices,
'Broadcom TPM' is listed. On the Details tab of the Broadcom TPM Properties,
with Device description as the selected property the Value is: Broadcom
Trusted Platform Module (A1), v1.2.

If I change the selected Property to 'Install State' the Value reported is:
00000000. I have tried searching the registry for 'TPM' and hopefully
changing this value. No luck in finding a registry key cooresponding to this
value.

Jamie, thank again for sticking with me on this issue. It is greatly
appreciated!

Best regards,

APA

Ok, thanks! Can you look in the event log to see if there are any errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to
Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA

 

[Gary G. Little]

More than likely it it because the BIOS in your Dell is not doing the
"magic" that makes Vista a happy camper with a TPM.
What is required is a BIOS/firmware refresh and at least the Precision M70
A04 BIOS that I tried is not correct. I can only assume that other BIOS for
TPM support is the same, probably until either Vista is released or Dell
gets enough support requests to move towards a fix.

--
The personal opinion of
Gary G. Little

Jamie,
Not to jump in but;
My Dell e1505 has TPM too; and Vista is saying TPM not found.
Same message.

Jeff

Ok, thanks! Can you look in the event log to see if there are any errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the
output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to
Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA

 

[Jamie Hunter [MS]]

Ok, thanks APA.
So I got a couple of PM's in my office with me to figure out what happened.
This is what we understand to be the case:

Some machines report Broadcom 1.1 parts with the same PnP ID as other
machines report Broadcom 1.2a1 parts. Vista is incorrectly detecting this
machine to have a 1.2 TPM, when it has a 1.1 TPM. This got caught later by
TBS as a "Pre 1.2 TPM"

The upshot is, the TPM is not usable on this machine as it's pre 1.2. There
is confusion however as device manager reports that you have a 1.2 TPM when
in fact it's a 1.1 TPM. Even if the TPM did work, the BIOS is very unlikely
to have the necessary support anyway but the code never got far enough to be
able to check that.

Sorry for the frustration this caused and thanks for bearing with me on
trying to figure out the problem.
-
Jamie Hunter [MS]

Jamie,

I found one more event viewer entry relating to TBS. Here it is:

Log Name: System
Source: Microsoft-Windows-TBS
Date: 10/3/2006 10:56:08 PM
Event ID: 16392
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: RC1B5728.domain.local
Description:
An error occurred while starting the TBS. The error code was 0x8029021a.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TBS"
Guid="{51480c1a-90aa-416e-98fd-4c11f735349b}" />
<EventID>16392</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2006-10-04T02:56:08.950Z" />
<EventRecordID>1790</EventRecordID>
<Correlation />
<Execution ProcessID="1168" ThreadID="2340" />
<Channel>System</Channel>
<Computer>RC1B5728.domain.local</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorCode">0x8029021a</Data>
</EventData>
</Event>

Thanks,

APA

Jamie,

Here's the event log data from the TBS:

-SNIP
A compatible TPM is not found. TBS requires TPM version 1.2 or greater,
but
the version of the TPM on the computer is ?.?.
-END SNIP

The event id is 538. FWIW, in Device Manager, under Security Devices,
'Broadcom TPM' is listed. On the Details tab of the Broadcom TPM
Properties,
with Device description as the selected property the Value is: Broadcom
Trusted Platform Module (A1), v1.2.

If I change the selected Property to 'Install State' the Value reported
is:
00000000. I have tried searching the registry for 'TPM' and hopefully
changing this value. No luck in finding a registry key cooresponding to
this
value.

Jamie, thank again for sticking with me on this issue. It is greatly
appreciated!

Best regards,

APA

Ok, thanks! Can you look in the event log to see if there are any
errors
logged by the TBS (TPM Base Services). Thanks!
-
Jamie Hunter [MS]

Jamie,

Ok, I started the command prompt with Admin permissions. Here's the
output
from from the two commands...
-SNIP
C:\Windows\System32>cscript manage-bde.wsf -tpm -turnon
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

C:\Windows\System32>cscript manage-bde.wsf -on c:
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Volume C:
[OS Volume]
ERROR: Specifying the parameter '-StartupKey' is required to
Bitlocker-protect
the OS volume.
Type "manage-bde -on -?" for more information.
-END SNIP

Thanks,

APA