Category Archives: BitLocker

How can I replace an expired IIS certificate in a PKI enabled ConfigMgr environment

Introduction I was busy putting together another BitLocker Management OSD related blog post in one of my PKI enabled ConfigMgr labs (#11) when I noticed that PXE boot no longer worked. The virtual machine would attempt to PXE boot for … Continue reading

Posted in 2002, BitLocker, expired IIS cert, PKI, smspxe.log | 1 Comment

Full disk encryption (in ConfigMgr 1910) – a closer look using real hardware

Introduction In an earlier post I showed you how you can enable Full Disk Encryption via a task sequence in Microsoft Endpoint Manager Configuration Manager version 1910. The screenshots in that blog post were taken from virtual machines, and I … Continue reading

Posted in 1910, BitLocker, Full Disk Encryption | 6 Comments

Enabling Full Disk Encryption in Microsoft Endpoint Configuration Manager 1910 in a task sequence

Introduction Microsoft Endpoint Configuration Manager 1910 came with BitLocker management capabilities (MBAM features), and this fits together nicely with task sequence steps regarding BitLocker. The option to enable Full Disk Encryption actually started with Configuration Manager 1806 but MBAM integration … Continue reading

Posted in 1910, BitLocker, Full Disk Encryption | 12 Comments

How to fix: “Unable to find suitable Recovery Service MP. Marking policy non-compliant”

Introduction Microsoft introduced on-premises BitLocker management using System Center Configuration Manager in SCCM Technical Preview version 1905. When enabling these MBAM capabilities in SCCM, you may notice the following error in the BitlockerManagement_GroupPolicyHandler.log. Unable to find suitable Recovery Service MP. … Continue reading

Posted in 1905, BitLocker, MBAM | 12 Comments

Why does the Bitlocker recovery key not end up in the MBAM 2.5 SP1 database when using XTS encryption

Introduction If you are using my Windows 10 UEFI FrontEnd HTA to encrypt UEFI devices when installing Windows 10, and if you are using the MBAM 2.5 SP1 hotfix 2 to enable support for XTS-AES encryption, then you might have … Continue reading

Posted in BitLocker, MBAM 2.5 SP1, UEFI | 1 Comment

Why does the Windows 10 1607 reinstall in PXE scenario fail sometimes for BitLockered UEFI enabled computers ?

Introduction Reinstalling computers via PXE boot (in WinPE) is still a valid OSD scenario, however that method brings challenges not least when UEFI capable hardware is in place and when that hardware is also encrypted with Bitlocker. The above HTA … Continue reading

Posted in 1606, 1607, BitLocker, Windows 10 | Leave a comment

How can I retrieve my BitLocker Recovery key ?

Here’s a very quick post, if you are not using MBAM and don’t have access to your Active Directory and want to recover your BitLocker key for whatever reason you can quickly do as follows within Windows:- Open an Administrative … Continue reading

Posted in BitLocker | 55 Comments