Hi all,

I'm currently facing issues regarding the activation of the TPM in my Scripted install.
I'm using a WinPE 10 Bootimage (with the following packages: WinPE-WMI, WinPE-NetFx, WinPE-PowerShell, WinPE-HTA, WinPE-DismCmdlets, WinPE-Scripting)

After enabling the TPM (using the CCTK), I'm trying to active it using the Dell Command and Configure tooling with this command: "cctk.exe --tpmactivation=activate".
This is returning the following error: "To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated.".

I stumbled accross this blog which holds a powershellscript to determine if the TPM is owned/activated, but it didn't work for me.
I ran the cmdlets manually and it gives me the error "Get-wmiobject: Provider load failure"
Myp8Wb.jpeg

Other powershell cmdlets seem to work, so I don't have an idea what might be wrong. Enabling the TPM doesn't provide an issue.
The default Microsoft driver is also loaded and CCTK is used in WinPE to activate the TPM.
Using wbemtest, I see that the class is present on the computer, but it only holds <null> values.
e8qRfC.jpeg

Purpose TPM: I'm trying to active the TPM to protect the keys of Credential Guard.

Does anyone have an idea how I could resolve this?

Thanks in advance!

Regards
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
I'm still struggling with the enablement, but figured out what was the problem with the powershell command. I haven't added the WinPE-SecureStartup.cab package to the WinPE image.
Answered 01/11/2016 by: Silencer001
Orange Senior Belt

Please log in to comment
0
Hi I have the same issue...did you manage to solve the issue and activate the TPM chip as well during the TS phase ?
Answered 09/12/2016 by: pollewops
Senior Yellow Belt

  • No not really to be honest.. To have a smooth integration with these components, implementing MS ConfigMgr would be a solution :)
Please log in to comment
0
What do you mean with "implementing MS ConfigMgr would be a solution" ?

I use configmgr and still have the issue.

I am now trying to use cctk within Winpe phase which now seems to work.
Important is that a setup password is available before you configure TPM (enable and activate) !
Answered 09/12/2016 by: pollewops
Senior Yellow Belt

  • I haven't tested this in a ConfigMgr setup, but the blogpost (see first post) succesfully uses ConfigMgr. It's been a long time for me since I was working on this, but I thought that a reboot was required for the TPM between activating en enabling. Dell KACE doens't have the standard step like ConfigMgr to reboot the computer and start the TS.. Setting a setup password or converting disk to UEFI and secure boot is no issue with Dell KACE in combination with the CCTK. I've got this working.. It's just the reboot part that isn't available by default in Dell KACE..
Please log in to comment
0
Hi,

I tried configuring using the blog post but that does not work with me either :-(
The problem is when an owner is already available. Then re-enabling and re-activating seems not to work.

Will investigate further.
Answered 09/14/2016 by: pollewops
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity