|
| Guests can view and read messages in the community forums, but you must register and log in to Deployment Forum before you can post messages. Click Register at the top of this page. Before posting messages, please read the forum guidelines at the bottom of this page. | |
| | Author | Messages | |
zeppoliner
Posts:12
 | | 10/13/2008 3:55 AM |
| Hi, I'm having issues customizing the 'Format and Partition Disk' task sequence. My final goal is to enable bitlocker on our clients. But first I wanted to run some tests on creating a 2GB bitlocker partition and to install Vista Ultimate on the remaining disk space. So here's what I did: Format and Partition Disk
Volumes:
1) BDEDisk (Primary) | 2GB | boot partition | NTFS | Variable: blank
2) OSDisk (Primary) | 100% of remaining space | NTFS | Variable: OSDisk Note: In another forum I read that I have to call the OS-partition "OSDisk", otherwise Vista won't be installed correctly. During the installation process both partitions seemed to be set up just fine. But when I came to the point where the actual installation kicks off I got an error message saying my partition was too small and the installation stopped. So I'm guessing MDT was trying to install Vista on the 2GB partition. I then customized the unattend.xml: [script removed] [script removed] [script removed] [script removed] [script removed] PartitionID>1PartitionID> /ModifyPartition> [script removed] PartitionID>2PartitionID> /ModifyPartition> /ModifyPartitions> WillWipeDisk>trueWillWipeDisk> /Disk> WillShowUI>OnErrorWillShowUI> /DiskConfiguration> Doing so both partitions were created (2 & 25GB) and I kind of successfully (?) installed Vista. But no drivers were installed (graphic, NIC, ...). Thus the client couldn't connect to the server anymore, could not join domain, etc. and eventually the actual deployment failed. So here's my question. How can I set up the standard task sequence (without messing around with the unattend file) to create both partitions and to install Vista on the 2nd partition? Also, before I tried to split the disk I deployed Vista with only 1 partition (OSDisk) and I successfully injected drivers, updates and applications. But now with the unattend.xml changed as above, it won't install neither one of them anymore. What am I missing? Thanks
Pascal | | | |
| C Barrett
Posts:19
| | 10/13/2008 4:33 PM |
| Hello Pascal,
I'd probably revert back to your previous unattend.xml file to begin with as you don't need to sort out the disk partitioning here.
Also you dont need to worry about partitioning the disk in the task sequence you just need to concentrate on telling MDT what you want to do with bitlocker - i.e. drive letter assignment, recovery info etc - this can be done in CustomSettings.ini (this is what I have done anyway)
What you definitely need are the Bitlocker drive preparation tools, and they need to be present on your deployment server for use by the build process - see Johan's post on this site (which is below the first post/question):
http://www.techtalkz.com/windows-deployment/196201-non-zero-return-code-ztibde-file-bdehdcfg-exe-could-not-fou.html
If you have Ultimate you should be able to get hold of the files quite easily - if not visit this link:
http://support.microsoft.com/kb/930063
And I think you have to give Microsoft a call
Hope this is of some help
Carl
| | | |
| zeppoliner
Posts:12
| | 10/14/2008 9:18 AM |
| Hi Carl,
thank you for your quick response. As per Johan's post I added the bitlocker drive preparation tools to the ..\tools\x86 directory and it kinda works but I'm still getting an error message.
After the 'attempt to enable bitlocker' phase the client reboots and it seems the install wizard is about to configure further bitlocker-steps when it suddenly ends up in this message:
----
During the deployment process 2 erros and 1 warning were reported:
Failed to initiate drive encryption with the following exit code: 8031002C
ZTI ERROR - Non-zero-return code by ZTIBde, rc=1
Non-zero return code executing command "C:\MININT\Tools\X86
\TsmBootstrap.exe" /env:SAContinue, rc=2147467259
----
I activated the TPM before starting the deployment and all necessary GPOs are configured.
Do you have an idea what I'm missing?
If someone is interested, I found a direct download location of the bitlocker drive preparation tool: http://www.microsoft.com/downloads/details.aspx?FamilyId=320B9AA9-47E8-44F9-B8D0-4D7D6A75ADD0&displaylang=en
Thanks,
Pascal
| | | |
| C Barrett
Posts:19
| | 10/14/2008 2:51 PM |
| That direct link to the drive prep tool is a great find 
It sounds like you have configured bitlocker in the same way I have & I do notice intermittant failures on certain hardware platforms
--HP--
Seem to fail as the TPM driver is corrupt (device manager will look fine), to get around this or rather proove this was an issue I used to quickly access device manager, uninstall the TPM device & delete the driver. This was after the HDD was prepped and the system rebooted... I then rebooted the system before litetouch.vbs had a chance to start. When the machine came back up it would complete the encryption. (NB: The TPM driver would be re-installed on reboot)
To fix this I have to install the TPM driver as an application in the task sequence - it's an MSI file so nice and simple.
Also if the process has failed once I would recommend using diskpart (when in WinPE) to delete the BDE volume/partiion that was created, my HP systems have a problem if a BDE parition already exists
--Dell--
Seem to have an issue with the drive prepping occasionally. I used to delete the partition using Diskpart but Bitlocker would still fail - I forgot to use diskpart when testing and the bitlocker process completed successfully...so from this time on if bitlocker failed I would just delete the minint directory etc and start again - no failures so far.
...so it seems that it's a bit hit and miss and finding your hardware specific problem might be difficult - if you're using Dell or HP you might be able to apply the workarounds I have stumbled on...
To be honest Bitlocker does seem to be little bit quirky to say the least - good luck though! | | | |
| zeppoliner
Posts:12
| | 10/15/2008 2:24 AM |
| Carl,
I really appreciate your workarounds. Indeed, I'm using a HP dc7800. This TPM-driver you installed, is that what HP calls 'Drive Encryption for HP ProtectTools'? Its release notes say Drive Encryption for HP PT should not be used together with Vista's Bitlocker :/
I could find a separate TPM driver for XP Pro but nothing for Vista.
Pascal | | | |
| C Barrett
Posts:19
| | 10/15/2008 3:28 AM |
| | Hello Pascal, We have the 7800 here too but havent been encrypting the disks - are policy at the moment is for laptops/mobile workstations.... ...However I checked out the driver for the 6910p laptop and the setup.ini file describes the driver as "Embedded Security for HP ProtectTools Driver" so I believe you have the correct item. Hope everything starts to work for you soon!
| | | |
| zeppoliner
Posts:12
| | 10/21/2008 9:20 AM |
| Hello Carl, I managed to successfully deploy Vista and to enable BitLocker. Evidently it helped using an installation DVD w/ SP1 Now my deployment runs smooth and easy.
Thanks for your help.
Pascal | | | |
|
| | You are not authorized to post a reply. |
|
| |
ActiveForums 3.7 | |
|  | These forums are a user-supported community for IT professionals to exchange deployment tips, solutions, and techniques. For the benefit of all Deployment Forum members, please observe the following guidelines when posting to these forums: - We reserve the right to remove any message. Our moderators will remove all messages that are not respectful or productive. Profanity, racism, prejudice, and flaming are not tolerated.
- Do not advertise products or services. Our moderators will remove all advertisements or service announcements. Product and service recommendations from active Deployment Forum members are encouraged, however.
- Make sure your question isn't already answered. Before posting questions, search the forums. After ensuring that your questions are unique, post them to the most appropriate forum. This will help reduce noise in the forums.
- Help make the most of each thread. Do not post unrelated messages to a thread. Also, if you've resolved a question outside of these forums, please share the solution with other members by posting it back to the thread.
- Do not share confidential information. Confidential information includes product keys and addresses. Our moderators will edit any message containing confidential information, so double-check messages and their attachments before posting them.
- Post messages using only the English language. For the benefit of all Deployment Forum members, please post your messages using the English language.
We hope that you enjoy using this community. Please submit your comments and feedback on the Comments and Feedback page or post them to the Comments, Feedback forum. |
| |
| |
|