Dell E5570 Windows 10 bitlocker problem - Dell DSS - Security - Dell Community

Dell E5570 Windows 10 bitlocker problem

Security

Security
All things Dell Security related

Dell E5570 Windows 10 bitlocker problem

This question is not answered

Laptop: Latitude E5570

Description of problem:

I am trying to encrypt a Latitude E5570 with Windows 10 bit-locker.

I have updated the BIOS to 1.3.8 using the BIOS update on the web site to the latest version,

I followed the procedures described on the DELL forums & various web sites.

I have also initialised the TPM chip & cleared / reset the BIOS to factory defaults.

When the laptop restarts it prompts for the bitlocker password :-(

It does write the password to active directory.

 

Does anyone have any ideas?

I have bitlocked various DELL laptops in the past without any problems, it is this particular laptop is driving me nuts. DELL technical support told me to contact Microsoft who are normally as helpful as a hole in the head.

Thanks

S.

 

All Replies
  • Hello There,

    Are you attempting to leverage the Dell Data Protection | Security Tools application to manage Bitlocker or are we trying to leverage the built in Windows items to turn it off and configuring it?

    It sounds like the OS is not seeing the TPM chip, if you go to device manager do you see Security Devices and under that TPM, if so what version does the TPM report?  If you do a run command and type services.msc do you see TPM Base Services as a service listing?  

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • I am trying to use the windows bit locker.

    When I prepare the TPM from inside I get TPM is ready with reduced functionality.

    The TPM Base services is not listed within services.msc.

    The BIOS is updated to the latest as per the DELL website.

    I am currently getting ‘Bitlocker could not be enabled. The Bitlocker encryption key cannot be obtained from the Trusted Platform Module (TPM). C: was not encrypted’.

    The TPM is ver 2.0 and the driver is version 10.0.10240.16384

    I don’t know what else to do at this stage.

  • I am trying to use the windows bit locker.

    When I prepare the TPM from inside I get TPM is ready with reduced functionality.

    The TPM Base services is not listed within services.msc.

    The BIOS is updated to the latest as per the DELL website.

    I am currently getting ‘Bitlocker could not be enabled. The Bitlocker encryption key cannot be obtained from the Trusted Platform Module (TPM). C: was not encrypted’.

    The TPM is ver 2.0 and the driver is version 10.0.10240.16384

    I don’t know what else to do at this stage.

  • It sounds like the OS cannot see the TPM for whatever reason.  If you do a run command and type tpm.msc does that Microsoft MMC see the TPM and allow you to turn it off or on? If it does perhaps we can try to turn the TPM Off, then on, then clear it and see if that allows you to provision BitLocker to leverage the TPM on boot.

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Ok, I ran the tpm.msc and "The TPM security hardware on this computer is ready for use, with reduced functionality". The manufacturer name: NTC   Version 1.3   Specification version: 2.0

    We I try to turn on Bit locker, it goes through the process of encrypting and then "Encryption complete", reboot the pc and "Enter the recovery key for this drive".  

    Bugger.

    The key is saved in active directory.

    BUT when the laptop is powered off / back on it asks for the recovery key.

    :-(

  • I found this MS support article that might help.  support.microsoft.com/.../3123365

    If that doesn't play out it sounds like we might have to replace the motherboard in that machine due to a faulty TPM.  You can call our dedicated support queue at 877.459.7304 Ext. 4310039 and they can try to troubleshoot further but if the BIOS\UEFI configuration doesn't play out I think the next step should be to replace the motherboard.  

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039

  • Do you have a ROI /UK number as we are in Ireland?

    This is also effecting another laptop.

  • Sure thing.  All our global DSS\Exts can be found at the following KB

    www.dell.com/.../SLN302833

    Best Regards,

    Stephen O

    Senior Principal Engineer, Support & Delivery Services

    Dell Data Security

    Need Immediate help? Please call DDS Support @ +1.877.459.7304 Ext. 4310039