Nick, Are these being imaged as Win7?
SecureBoot is completely incompatible with Windows 7. That alone could be tripping the recovery key request. I've been finding it doesn't take much to trip the key request. I had a Dell XPS that was in Legacy BIOs mode and TPM 2.0, but Dell listed that combo as being unsupported and it was tripping the recovery key at every reboot. Once I switched to UEFI + TPM 2.0 it ran smooth. It's been a long day (I've been here since 5am) so forgive me if I'm just being dense and missing the obvious. Thanks Mike From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of nick aquino Sent: Friday, July 28, 2017 2:05 PM To: mssms@lists.myitforum.com Subject: [mssms] Recovery Key required after SecureBoot Hi all, Building out a Windows 10 1703 in-place upgrade task sequence for HP Models running Windows 7. I've run into a few issues with these, one of them being that when I turn on SecureBoot, bitlocker recovery key is required after I re-enable bitlocker. Here are my steps: 1. Disable bitlocker 2. Upgrade Operating system * This reboots on its own 3. Added another restart to fix an issue with the TS Progress bar * (conditional steps to disable bitlocker if, for some reason, it's enabled again) 4. Restart into WinPE 5. Convert from MBR to GPT 6. Configure BIOS with UEFI and Secure Boot 7. Restart into Default OS 8. Enable bitlocker 9. Restart again into Main OS After Step 9 restarts, we're presented with the bitlocker recovery screen. We enter the recovery key, boot up, disable bitlocker, restart, enable bitlocker and it's fine. If I perform all of the same steps but without enabling SecureBoot, we do not have an issue. As soon as I enable secure boot (even if bitlocker is disabled before I restart into the firmware), once bitlocker enables, the recovery key is required upon the next restart. Caveat: This only happens on the models that have legacy boot and secure boot separated into two settings in the BIOS. The models that have it all in one step (i.e. "Legacy boot disabled and SecureBoot enabled"), those do not have the issue at all. I hope this write-up makes sense and someone has a workaround. -Nick- ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
