Page 1 of 1
Unable to remove TPM Keys
Posted: Fri Dec 23, 2022 8:58 pm
by dgonzalez2882
Hello,
I am having an issue where I have a drive which shows as not encrypted in the plug in and on the computer, I try to remove the tpm key by clicking and selecting remove. When I check the terminal results it errors out and displays the following results:
- Capture.JPG (59.56 KiB) Viewed 3412 times
Re: Unable to remove TPM Keys
Posted: Wed Dec 28, 2022 2:46 pm
by Cubert
In the error you can see the commands that are being executed. You should attempt to recreate the issue by executing the first half of the commands and then validate what the returned variables are.
This is all done in powershell so open the PS ISE as administrator and enter the following
Code: Select all
$BLV = get-BitLockervolume -mountpoint c:
Now print out the needed variable for command #2
Code: Select all
write-host $BLV.keyprotector[0].keyprotectorid
This is what it should look like and what it should return if a Key protector is there
- Screenshot 2022-12-28 093914.png (33.6 KiB) Viewed 3390 times
The value returned for me is {88E8A649-A86E-49DE-A9A0-33CDDFA1249A}
The final command then should look like this
Code: Select all
Remove-BitlockerKeyProtector -mountpoint c: -keyprotectorid {88E8A649-A86E-49DE-A9A0-33CDDFA1249A}
Keep in mind that this ID was from my protector and not yours so you will have a different ID from what I show above.
By running through the 2 commands you should find the issue that is causing the failure. It is pretty basic so if you want to drop the protector just rerun the 2 commands over again. Send us any outputs you receive from the above commands so we can see what your environment is trying to do.
Re: Unable to remove TPM Keys
Posted: Tue Jan 03, 2023 3:09 pm
by dgonzalez2882
Tried it out this is what i got
- Capture.JPG (25.77 KiB) Viewed 3375 times
Re: Unable to remove TPM Keys
Posted: Fri Jan 06, 2023 4:47 pm
by Cubert
Is there a key still showing inside the plugin? If so this is a stale record and should be replaced upon next volume scan.
You have no keys currently set, So you look to have a completely unencrypted drive at the moment.
You have to add a key protector to the drive before it can encrypt.
And I guess that is why you are getting this error.
- Screenshot 2023-01-06 114848.png (5.9 KiB) Viewed 3339 times
You have no encrypted volume using any protector keys.
Re: Unable to remove TPM Keys
Posted: Mon Jan 09, 2023 9:17 pm
by dgonzalez2882
Is there a key still showing inside the plugin? If so this is a stale record and should be replaced upon next volume scan.
***Yes, how often is the scan? I posted about this issue a while ago so I would assume the volume scan already took place.
You have no keys currently set, So you look to have a completely unencrypted drive at the moment.
You have to add a key protector to the drive before it can encrypt.
***The drive is already unencrypted, for some reason the plugin in is not seeing it that way
And I guess that is why you are getting this error.
Screenshot 2023-01-06 114848.png
Screenshot 2023-01-06 114848.png (5.9 KiB) Viewed 61 times
You have no encrypted volume using any protector keys.
*** I followed the directions from this forum, Is there anything more detailed?
Re: Unable to remove TPM Keys
Posted: Tue Jan 10, 2023 2:51 pm
by Cubert
There should be daily scans taking place. These scans are run via a scheduled script.
We need to see when the script is running and what it's current output is.
To manually run scans:
In client view select to run scans:
- Screenshot 2023-01-10 094812.png (55.6 KiB) Viewed 3267 times
Next go to agent in question and view script logs for scan: (Should look something like this)
- Screenshot 2023-01-10 094847.png (145.9 KiB) Viewed 3267 times
As you read the log it should be running several SQL queries to add and remove records.
Can you send me these logs(post them here) so I can see what its doing.
Re: Unable to remove TPM Keys
Posted: Wed Jan 11, 2023 3:09 pm
by dgonzalez2882
Here is the log info
The Script(616) was successful in the Then section.
Script: S616 - Starting at Server Time: Tuesday, January 10, 2023 7:14:07 PM
IF F1 T: 1.0538637
L4 F235 T: 1.0814415
L5 F70 Value (P1): VOLUMEDATA Comparer (P2): 8 To (P3): ('289','6283' Jump (P4): :INSERTVOLUMES T: 9.1172481
L8 F139 Note (P1): :INSERTVOLUMES T: 9.1172481
L9 F67 Sql (P1): 'INSERT IGNORE INTO plugin_p4a_bitlocker_volumes (`ClientID`,`ComputerID`,`VolumeType`,`Mou...' T: 9.1172481
L10 F235 T: 12.6247572
L11 F67 Sql (P1): 'DELETE FROM plugin_p4a_bitlocker_volumes WHERE ComputerID = '6283' and MountPoint NOT IN (...' T: 20.6632545
L12 F235 T: 20.6632545
L13 F67 Sql (P1): 'INSERT IGNORE INTO plugin_p4a_bitlocker_protectors (`ComputerID`,`ProtectorType`,`MountPoi...' T: 31.9232169
L14 F235 T: 31.9232169
L15 F67 Sql (P1): 'DELETE FROM plugin_p4a_bitlocker_protectors WHERE KeyProtectorID NOT IN )
and ComputerI...' T: 39.8027453
Re: Unable to remove TPM Keys
Posted: Wed Jan 11, 2023 3:34 pm
by Cubert
Ok I see the issue,
Give me 20 minutes to make an update to the script. I'll post the updates here with link when available.
P.s,
There is a malformed delete query when no Key ID's are present. A simple value test in script should correct the issue your seeing.
Re: Unable to remove TPM Keys
Posted: Wed Jan 11, 2023 4:05 pm
by Cubert
Ok I have now posted up build 1.0.0.14 that should resolve this issue.
After updating the plugin, restarting the DBagent, you should find the /maintenance/Bitlocker Automation script now at build 1.0.0.14.
If so then the upgrade was successful and you can now rescan agents or allow automation to do it. Automation is once a day so it may take several hours if not overnight for it to update itself.
Here is download link
https://delivery.shopifyapps.com/-/c148 ... a9a48ea2ae