TPM error with Windows 11 MDT deployment (original) (raw)
Hey Everyone,
wondering if anyone can assist me, running into a error “failure (6711):-2144272335 0x80310031:protectkeywithtpm” when imaging Windows 11. even with that error it passes and bitlocker is functioning. as well as the bitlocker recovery key is added to AD. so I am bit confused.
here is the log where it fails
<![LOG[Success TPM Enabled]LOG]!><time=“16🔞53.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Success TPM Is Activated]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Success TPM Is Owned]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Success TPM Ownership Allowed]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Check for Ensorsement Key Pair Present = 0]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[TpmEnabled: True]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[TpmActivated: True]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[TpmOwned: True]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[TpmOwnershipAllowed: True]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[EndorsementKeyPairPresent: True]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[TPM Validation Complete]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Encryptable Volume Count:1]LOG]!><time=“16🔞54.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Attempting to bind to: C:]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Success setting oBdeVol ]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[BDE Instance Bind Complete]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Performing ProtectKeyWithTpm Installation]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[Attempting to enable BitLocker TPM]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
<![LOG[FAILURE ( 6711 ): -2144272335 0x80310031: ProtectKeyWithTPM]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“3” thread=“” file=“ZTIBde”>
<![LOG[Event 41002 sent: FAILURE ( 6711 ): -2144272335 0x80310031: ProtectKeyWithTPM]LOG]!><time=“16🔞55.000+000” date=“03-27-2024” component=“ZTIBde” context=“” type=“1” thread=“” file=“ZTIBde”>
Samael1 (Samael1) March 28, 2024, 8:41am 2
Have you tried this
In Command Prompt:
manage-bde -protectors -delete c:
manage-bde -protectors -add c: -TPMAndPIN
manage-bde -protectors -enable c:
Manage to resolve the issue, turns out I had enable bitlocker in the customsettings.ini file and in the task sequence.
This issue might be related with TpmOwned. If it is true enabling bitlocker will fail.
Try to clear TPM without rebooting computer then enable bitlcoker right away.
Good luck~