Hi all,
we are using a SCCM 2007 R3 infrastructure with multiple Secondary Sites. Active Directory is prepared for storing Bitlocker.
Our Task Sequence works like a charm since 2 years ago. There wasn't ever a Problem with Bitlocker Recovery Password Backup to AD.
Now we started to implement Read Only Domain Controllers (RODC) on several remote sites. As far as I know those RODC work as expected, but I didn't had a look on those.
So when a Client is staged on a remote Location with a RODC on site, the step "Enable Bitlocker" Fails, because the Recovery key can not be stored in the AD. The following error Message appers in the Eventlog:
Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services.
Errorcode: 0x8007052e
------------------------------
Just four second before this error message is written to eventlog, the following warnging is also written to eventlog:
BIOS/TCG Memory Overwrite Control: Error changing value.
-------------------------------
After staging, when Windows is normally started and a User is logged on, enabling Bitlocker works without any Errors or warnings (from eventlog):
BitLocker Drive Encryption recovery information was backed up successfully to Active Directory Domain Services.
-----------------------------
In smsts.log, I could not find any Information, but I will post it if requested.
The same Computer could get installed without any Errors in our Main Office or in a Remote Location where a normal DC is available. Again as I said, manually acitvate Bitlocker after OSD works, and the Key is also written to the AD.
We searched a lot in the Internet, but didn't found any others with a similar configuration or Problem. Any tips would be highly appreciated.