TPM 2.0 and Windows 2012R2

Good morning.  It has been some time since I last posted.  I had an interesting case though I figured I would share.  I had a customer that was attempting to enable BitLocker on his C: drive.  When running the wizard it would immediately fail with the message “An internal error was detected.”

Bitlocker Internal error

I had to do a bit of research as that error is a little vague.  I was able to get the error code associated with this error when running manage-bde command.  With the error 0x80290107 I was able to find a forum post that indicated the root issue.  BitLocker in Windows Server 2012 R2 does not support the SHA256 encryption algorithm.  After changing the bios setting to SHA1, BitLocker worked without issue.

So if you have Windows Server 2012 R2 with TPM 2.0 and you get the above error enabling BitLocker on the C:, verify that the TPM is set to use SHA1 encryption.

I hope you found this post informative.  If you have anything to add or just want to comment, please do so below.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s