Community
cancel
Showing results for 
Search instead for 
Did you mean: 
MKhan17
Beginner
3,007 Views

Bitlocker issues with Intel NUC NUC7I5BNH

Hi,

I've got one of these machines which is hosting a database containing customer data. The machine is a headless box. Because it has data I need to encrypt the SSD. Which I've done, however I've got an issue where if the box is rebooted or loses power the PC will prompt for the Bitlocker key.

I did have the same issue on some Dell PCs I manage. The solution that time was to downgrade the TPM module to 1.2 from version 2.0.

I've checked the version of the TPM and its 2.0. I believe it's due to the fact that the OS should be installed as a Secure Boot. When the OS was installed on the NUC, secure boot was turned off, UEFI disabled. I haven't got the option to reinstall the OS.

Ideas?

Regards,

Mashood Khan

Tags (1)
0 Kudos
6 Replies
idata
Community Manager
646 Views

Hello mashk197X

 

 

I understand that you are having issues with Bitlocker and your Intel® NUC NUC7i5BNH.

 

Based on the brief description of you issue, we determined that the issue that you are experiencing is most likely caused by the OS, and not by the device itself.

 

We performed a research and found few forums online where other users state that they're having issues that are pretty similar to your issue:

 

https://social.technet.microsoft.com/Forums/ie/en-US/66b8fa61-5603-4e9b-a7de-e8226086e568/bitlocker-... https://social.technet.microsoft.com/Forums/ie/en-US/66b8fa61-5603-4e9b-a7de-e8226086e568/bitlocker-...

 

 

https://forums.lenovo.com/t5/Windows-8-1-8-7-Vista-and-XP/Bitlocker-requests-recovery-key-every-time... https://forums.lenovo.com/t5/Windows-8-1-8-7-Vista-and-XP/Bitlocker-requests-recovery-key-every-time...

 

 

On both of case scenarios the troubleshooting and resolution was related to the OS.

 

We strongly suggest you to contact Microsoft* regarding this situation and the let us know the outcome to determine if there is something else from our side that we can try.

 

Regarding Secure Boot (whether the OS needs to be installed as Secure Boot), it does not seem to be related to the actual issue that you are experiencing, but you can double-check on that with the actual OS manufacturer.

 

In addition we suggest you to disable and then enable again Bitlocker, so you can have a little bit more of troubleshooting background before contacting Microsoft*

 

 

I hope this helps,

 

 

Best Regards,

 

Diego S.

 

MKhan17
Beginner
646 Views

I've looked at the two issues and they're not the same. The Lenovo one is from 2009, which would have been before the release of Windows 10. And the other one involves Windows Vista and TPM version 1.2.

The issue is to do with the TPM version and the OS. I had the same issue with Dell machines, the TPM was initially on version 2.0 and when we encrypted the machines and restarted we would be prompted for Bitlocker recovery keys. Dell provided a downgrade to TPM 1.2 which rectified the problem. I was hoping there'd be something similar in this case.

idata
Community Manager
646 Views

Hello mashk197X,

 

Thank you for your response.

 

We will try to replicate the issue from our side to see if there is something else that we could try, find a workaround or a solution to your issue.

 

We will reach you back as soon as we have news or an outcome.

 

Best Regards,

 

Diego S.
MKhan17
Beginner
646 Views

Hi,

Any news on this?

idata
Community Manager
646 Views

Hello mashk197X,

 

Thank you for your response and your patience.

 

During these past weeks we have been working in order to replicate the Bitlocker* key issue that you reported to us.

 

Taking your thread and the brief description of your issue as a reference we set up a small environment with 4 different NUCs including the model that you own.

 

As TPM cannot be downgraded on the model of NUC that you own, we tested as well a unit that actually allows the downgrade, which is the Intel® NUC Kit NUC5i5MYHE.

 

We installed the OS in the 4 units considering 2 case scenarios:

 

-OS installation with secure boot and UEFI disabled

 

-OS installation with no Secure Boot, UEFI enabled

 

We regret to inform you that after weeks of testing we were no able to replicate the issue.

 

In regards of the secure boot feature and Bitlocker* working along, secure boot works as a firmware standard specification (UEFI) denying un-trusted or vulnerable operating systems from booting.

 

Microsoft Bitlocker* kicks in before secure boot, indicating that it is independent.

 

Based on Microsoft's* statement: Windows* uses Trusted Boot on any hardware platform: It requires neither UEFI nor a TPM" meaning that the change between those settings should not affect the key functionality.

 

For more details please refer to the following official Microsoft's* link:

 

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-counter... https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-counter...

 

At his point, besides disabling the encryption and enabling it again, we recommend you to contact the OS manufacturer, so they can try to replicate the issue from an OS level, as our hardware seems not to be interfering with the key functionality.

 

I hope this helps,

 

Best regards.

 

 

Diego S.

 

idata
Community Manager
646 Views

Hello mashk197X,

 

We just wanted to double check if you still need further assistance.

 

Please do not hesitate on contacting us back.

 

Best Regards,

 

Diego S.