Thursday, April 21, 2016

Failed to create BitLocker recovery password on Surface Pro 4

When deploying tablets like Microsoft Surface or Lenovo Helix with Bitlocker encryption, I get the following error message:
Failed to create recovery password. Ensure that Active Directory is properly configured for use with BitLocker.

This with ConfigMgr Current Branch (1511). After deployment you will an yellow exclamation mark at the operating system drive.

Trick is, when deploying tablets you need to add another step in the task sequence. This step (Run command line) must be added before the 'Enable BitLocker' step. It can be done various ways, but Powershell is recommended here:
Powershell.exe -command "New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft -Name FVE; Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name OSEnablePrebootInputProtectorsOnSlates -Value 1 -Type DWord -Force"

After that you will see that BitLocker encryption is working, and the yellow exclamation mark will be gone! The recovery key is written in AD now. Just happy with this easy solution :-)


1 comment:

  1. Thanks for that great info....I have been looking for a solution to this for 2 weeks now!