TPM Presence Indicated

This forum is used to support the BitLocker for Automate plugin. You will find documentation on the plugin as well as an area to post issues and requests. Please post
Post Reply
PL-MSTech
Posts: 70
Joined: Mon Jul 31, 2023 10:07 pm
1

TPM Presence Indicated

Post by PL-MSTech »

Am I missing something... should we be able to filter which machines have TPM?

If not, couldn't you have the icons for the 'BitLocker Compatible Agents' in the Main 'BitLocker Manager' window for each client indicate whether or not that machine has a TPM module? Perhaps by showing those machines as a different color, etc.?
OR put them into a different group in that window?

It seems VERY counter-intuitive to have to run a command on each and every machine to "attempt" to enable TPM just to determine whether or not it is capable.

Thanks
Top
PL-MSTech
Posts: 70
Joined: Mon Jul 31, 2023 10:07 pm
1

Re: TPM Presence Indicated

Post by PL-MSTech »

I was testing on an older agent that I know does not have TPM, but is listed in the Manager under "BitLocker Compatible Agents" (compatible means that it should install, correct?).... so with no TPM I realize that the key or password would have to be entered at startup...

But no matter which protector I attempt to apply, I get the - same - following error:

Reaching out to DESKTOP-DTS0VIJ
Updating DESKTOP-DTS0VIJ - -> agent volume has been updated

Set-BitLockerVolumeInternal : A compatible Trusted Platform Module (TPM) Security Device cannot be found on this
computer. (Exception from HRESULT: 0x8028400F)
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:3593 char:52
+ ... eInternal = Set-BitLockerVolumeInternal -MountPoint $MountPoint[$i] - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Set-BitLockerVolumeInternal
Top
PL-MSTech
Posts: 70
Joined: Mon Jul 31, 2023 10:07 pm
1

Re: TPM Presence Indicated

Post by PL-MSTech »

Update... this machine, although it is an older test machine, does have TPM... I have enabled it, as well as secure boot in the BIOS, so the Manager recognizes it now; however, it is still unable to install... apparently due to the fact that the OS is Windows Home ver??
If that is the case, why does the "BitLocker Manager" display it under "BitLocker **COMPATIBLE** Agents" ???


Reaching out to DESKTOP-DTS0VIJ
Testing Agent for TPM -> DESKTOP-DTS0VIJ has TPM available
Initializing TPM ->

TpmReady : True
RestartRequired : False
ShutdownRequired : False
ClearRequired : False
PhysicalPresenceRequired : False
Updating DESKTOP-DTS0VIJ - -> agent volume has been updated

Set-BitLockerVolumeInternal : This version of Windows does not support this feature of BitLocker Drive Encryption. To
use this feature, upgrade the operating system. (Exception from HRESULT: 0x8031005A)
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:3593 char:52
+ ... eInternal = Set-BitLockerVolumeInternal -MountPoint $MountPoint[$i] - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Set-BitLockerVolumeInternal
Top
User avatar
Cubert
Posts: 2694
Joined: Tue Dec 29, 2015 7:57 pm
9
Contact:
Contact Cubert

Re: TPM Presence Indicated

Post by Cubert »

PL-MSTech wrote: Sat Sep 21, 2024 12:02 am Update... this machine, although it is an older test machine, does have TPM... I have enabled it, as well as secure boot in the BIOS, so the Manager recognizes it now; however, it is still unable to install... apparently due to the fact that the OS is Windows Home ver??
If that is the case, why does the "BitLocker Manager" display it under "BitLocker **COMPATIBLE** Agents" ???


Reaching out to DESKTOP-DTS0VIJ
Testing Agent for TPM -> DESKTOP-DTS0VIJ has TPM available
Initializing TPM ->

TpmReady : True
RestartRequired : False
ShutdownRequired : False
ClearRequired : False
PhysicalPresenceRequired : False
Updating DESKTOP-DTS0VIJ - -> agent volume has been updated

Set-BitLockerVolumeInternal : This version of Windows does not support this feature of BitLocker Drive Encryption. To
use this feature, upgrade the operating system. (Exception from HRESULT: 0x8031005A)
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:3593 char:52
+ ... eInternal = Set-BitLockerVolumeInternal -MountPoint $MountPoint[$i] - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Set-BitLockerVolumeInternal

List of agents is not a list of compatible agents but a list of Windows agents. We do not filter out agents based on OS version but only OS type.

I believe we could recraft the SQL queries to exclude where OS LIKE "%Home%" and OStype = "Windows" which would screen out the home agents. We just not had a request for that untill now. Let me add that to the feature requests and have it added toi the next build.
Top
Post Reply

Return to “BitLocker for Automate”