Enabling BitLocker

[DeJeon Jones]

Hey guys so i'm having a bit of troubles getting BitLocker to enable on first login. I'm currently using this script which I found here on Smart Deploy "manage-bde.exe -on C : -RecoveryPassword -SkipHardwareTest" 

We have setup the group policy, and I have made sure that TPM is enabled in the machines BIOS, but it doesn't seem to want to enable BitLocker. 

When I take that script and try to run it manually to see if its running into any issues, and i do get something back, I have attached an image. 

So i'm wondering if there is something wrong with the cmd line. I'm wondering if there is different script I should use to get it to start the encryption and store the key to AD.

Thanks for the help guys!

[SmartDeploySupport]

Looks like you're using Windows 10 1607?  Perhaps the command is different in that old version?...

manage-bde /on /?

Is the option -RecoveryPassword or -Password ?  In newer versions of Windows 10, it's -RecoveryPassword

[DeJeon Jones]

2 minutes ago, SmartDeploySupport said:

Looks like you're using Windows 10 1607?  Perhaps the command is different in that old version?...

manage-bde /on /?

Is the option -RecoveryPassword or -Password ?  In newer versions of Windows 10, it's -RecoveryPassword

Correct we are using Enterprise 1607. When I run that command it does give both -RecoveryPassword and -Password in the list

[SmartDeploySupport]

Oh, probably TPM related... it's asking for a StartupKey or Password because it can't use the TPM.  Can you verify the TPM is functional in tpm.msc?

[DeJeon Jones]

3 minutes ago, SmartDeploySupport said:

Oh, probably TPM related... it's asking for a StartupKey or Password because it can't use the TPM.  Can you verify the TPM is functional in tpm.msc?

Hmm, It stats that a compatible TPM cannot be found. I have verified that TPM 1.2 is Enabled in the bios, but it still does not see the TPM.

[jonaswest_bnv]

I think thats GPO related, you have to enable the use of TPM without additional PIN.