Vista - BitLocker, TPM, and Gateway

Hi,

Can anyone provide a suggestion to get BitLocker enabled with TPM support on
a Gateway computer? I have Vista RC1 installed on a Gateway M280. The M280
has a Broadcom TPM 1.2 chip that is installed properly according to Device
Manager.

However, the TPM managment console, BitLocker Control Panel applet, and the
"manage-bde.wsf" script will not recongize the chip. All other devices are
working properly.

Again, any help or suggestions would be appreciated.

Regards,

APA

What is the message the UI is reporting?
Thanks!
-
Jamie Hunter [MS]

"APA" <APA@discussions.microsoft.com> wrote in message
news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> Hi,
>
> Can anyone provide a suggestion to get BitLocker enabled with TPM support
> on
> a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> M280
> has a Broadcom TPM 1.2 chip that is installed properly according to Device
> Manager.
>
> However, the TPM managment console, BitLocker Control Panel applet, and
> the
> "manage-bde.wsf" script will not recongize the chip. All other devices
> are
> working properly.
>
> Again, any help or suggestions would be appreciated.
>
> Regards,
>
> APA

Jamie,

Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
in Device Manager under "Security Devices" as a Broadcom TPM. The properties
specify it as 1.2 using MS drivers.

Thanks,

APA

"Jamie Hunter [MS]" wrote:

> What is the message the UI is reporting?
> Thanks!
> -
> Jamie Hunter [MS]
>
> "APA" <APA@discussions.microsoft.com> wrote in message
> news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> > Hi,
> >
> > Can anyone provide a suggestion to get BitLocker enabled with TPM support
> > on
> > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> > M280
> > has a Broadcom TPM 1.2 chip that is installed properly according to Device
> > Manager.
> >
> > However, the TPM managment console, BitLocker Control Panel applet, and
> > the
> > "manage-bde.wsf" script will not recongize the chip. All other devices
> > are
> > working properly.
> >
> > Again, any help or suggestions would be appreciated.
> >
> > Regards,
> >
> > APA
>

Hi,

Did you try to install the original Broadcom TPM drivers rather than MS
drivers ? It may help it recognize !

abckid.

"APA" wrote:

> Jamie,
>
> Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
> configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
> in Device Manager under "Security Devices" as a Broadcom TPM. The properties
> specify it as 1.2 using MS drivers.
>
> Thanks,
>
> APA
>
> "Jamie Hunter [MS]" wrote:
>
> > What is the message the UI is reporting?
> > Thanks!
> > -
> > Jamie Hunter [MS]
> >
> > "APA" <APA@discussions.microsoft.com> wrote in message
> > news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> > > Hi,
> > >
> > > Can anyone provide a suggestion to get BitLocker enabled with TPM support
> > > on
> > > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> > > M280
> > > has a Broadcom TPM 1.2 chip that is installed properly according to Device
> > > Manager.
> > >
> > > However, the TPM managment console, BitLocker Control Panel applet, and
> > > the
> > > "manage-bde.wsf" script will not recongize the chip. All other devices
> > > are
> > > working properly.
> > >
> > > Again, any help or suggestions would be appreciated.
> > >
> > > Regards,
> > >
> > > APA
> >

Is the bitlocker window giving the message that you need TPM - i'm not using
Vista as i write this, but i think it is in yellow across the top of the
window.

Also is there a link to actually enable bitlocker?

I know that, by default, bitlocker is disabled for USB devices. I don't have
TPM on my machine so i have to use a USB drive key. I'm not even saying this
will work in your case but, if there is no link to enable bitlocker on the
bitlocker window page visit my website http://xphelpandsupport.mvps.org
Click the Vista Faq button and then click on question 4, 'enable bitlocker
encryption' It may just be that it is also disabled by default for TPM, i
don't actually know, but see if enabling it from group policy (as advised in
question 4 on my site) rectifies the problem.

--
John Barnett MVP
Associate Expert
http://xphelpandsupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..


"APA" <APA@discussions.microsoft.com> wrote in message
news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> Hi,
>
> Can anyone provide a suggestion to get BitLocker enabled with TPM support
> on
> a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> M280
> has a Broadcom TPM 1.2 chip that is installed properly according to Device
> Manager.
>
> However, the TPM managment console, BitLocker Control Panel applet, and
> the
> "manage-bde.wsf" script will not recongize the chip. All other devices
> are
> working properly.
>
> Again, any help or suggestions would be appreciated.
>
> Regards,
>
> APA

I'll talk to my co-workers on Monday, see if anyone has an idea what may be
going on. Can you also try the "manage-bde" command-line and see if the
reported error is the same? Thanks!
-
Jamie Hunter [MS]

"APA" <APA@discussions.microsoft.com> wrote in message
news:0884FB42-0563-4F94-A185-A321966BB99C@microsoft.com...
> Jamie,
>
> Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
> configure. As I stated ealier, my computer has TPM 1.2 chip and it is
> listed
> in Device Manager under "Security Devices" as a Broadcom TPM. The
> properties
> specify it as 1.2 using MS drivers.
>
> Thanks,
>
> APA
>
> "Jamie Hunter [MS]" wrote:
>
>> What is the message the UI is reporting?
>> Thanks!
>> -
>> Jamie Hunter [MS]
>>
>> "APA" <APA@discussions.microsoft.com> wrote in message
>> news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
>> > Hi,
>> >
>> > Can anyone provide a suggestion to get BitLocker enabled with TPM
>> > support
>> > on
>> > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
>> > M280
>> > has a Broadcom TPM 1.2 chip that is installed properly according to
>> > Device
>> > Manager.
>> >
>> > However, the TPM managment console, BitLocker Control Panel applet, and
>> > the
>> > "manage-bde.wsf" script will not recongize the chip. All other devices
>> > are
>> > working properly.
>> >
>> > Again, any help or suggestions would be appreciated.
>> >
>> > Regards,
>> >
>> > APA
>>

I did try the Broadcom drivers for XP. I can't find any Vista drivers. At
any rate, the XP drivers did not work.

Thanks for the reply.

"abckid" wrote:

> Hi,
>
> Did you try to install the original Broadcom TPM drivers rather than MS
> drivers ? It may help it recognize !
>
> abckid.
>
> "APA" wrote:
>
> > Jamie,
> >
> > Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
> > configure. As I stated ealier, my computer has TPM 1.2 chip and it is listed
> > in Device Manager under "Security Devices" as a Broadcom TPM. The properties
> > specify it as 1.2 using MS drivers.
> >
> > Thanks,
> >
> > APA
> >
> > "Jamie Hunter [MS]" wrote:
> >
> > > What is the message the UI is reporting?
> > > Thanks!
> > > -
> > > Jamie Hunter [MS]
> > >
> > > "APA" <APA@discussions.microsoft.com> wrote in message
> > > news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> > > > Hi,
> > > >
> > > > Can anyone provide a suggestion to get BitLocker enabled with TPM support
> > > > on
> > > > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> > > > M280
> > > > has a Broadcom TPM 1.2 chip that is installed properly according to Device
> > > > Manager.
> > > >
> > > > However, the TPM managment console, BitLocker Control Panel applet, and
> > > > the
> > > > "manage-bde.wsf" script will not recongize the chip. All other devices
> > > > are
> > > > working properly.
> > > >
> > > > Again, any help or suggestions would be appreciated.
> > > >
> > > > Regards,
> > > >
> > > > APA
> > >

Jamie,

Here's the output from 'manage-bde'

C:\Windows\System32>cscript manage-bde.wsf -tpm
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

C:\Windows\System32>

Thanks,

APA

"Jamie Hunter [MS]" wrote:

> I'll talk to my co-workers on Monday, see if anyone has an idea what may be
> going on. Can you also try the "manage-bde" command-line and see if the
> reported error is the same? Thanks!
> -
> Jamie Hunter [MS]
>
> "APA" <APA@discussions.microsoft.com> wrote in message
> news:0884FB42-0563-4F94-A185-A321966BB99C@microsoft.com...
> > Jamie,
> >
> > Thanks for the reply. TPM.MSC reports that I need a TPM 1.2 chip to
> > configure. As I stated ealier, my computer has TPM 1.2 chip and it is
> > listed
> > in Device Manager under "Security Devices" as a Broadcom TPM. The
> > properties
> > specify it as 1.2 using MS drivers.
> >
> > Thanks,
> >
> > APA
> >
> > "Jamie Hunter [MS]" wrote:
> >
> >> What is the message the UI is reporting?
> >> Thanks!
> >> -
> >> Jamie Hunter [MS]
> >>
> >> "APA" <APA@discussions.microsoft.com> wrote in message
> >> news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> >> > Hi,
> >> >
> >> > Can anyone provide a suggestion to get BitLocker enabled with TPM
> >> > support
> >> > on
> >> > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> >> > M280
> >> > has a Broadcom TPM 1.2 chip that is installed properly according to
> >> > Device
> >> > Manager.
> >> >
> >> > However, the TPM managment console, BitLocker Control Panel applet, and
> >> > the
> >> > "manage-bde.wsf" script will not recongize the chip. All other devices
> >> > are
> >> > working properly.
> >> >
> >> > Again, any help or suggestions would be appreciated.
> >> >
> >> > Regards,
> >> >
> >> > APA
> >>
>

John,

I enabled all of the settings except the one to backup keys to AD. I don't
want to go that far yet. With the other settings enabled, there is no
mention of the TPM in the BitLocker Control Panel applet. There is a yellow
box with text saying my drive configuration isn't correct for BitLocker use.
I don't have a second partition yet.

I'm encouraged by the changes made in GPedit.msc. I will reinstall Vista to
properly configure the partitions and try it again. Thanks for the help,
John.


"John Barnett MVP" wrote:

> Is the bitlocker window giving the message that you need TPM - i'm not using
> Vista as i write this, but i think it is in yellow across the top of the
> window.
>
> Also is there a link to actually enable bitlocker?
>
> I know that, by default, bitlocker is disabled for USB devices. I don't have
> TPM on my machine so i have to use a USB drive key. I'm not even saying this
> will work in your case but, if there is no link to enable bitlocker on the
> bitlocker window page visit my website http://xphelpandsupport.mvps.org
> Click the Vista Faq button and then click on question 4, 'enable bitlocker
> encryption' It may just be that it is also disabled by default for TPM, i
> don't actually know, but see if enabling it from group policy (as advised in
> question 4 on my site) rectifies the problem.
>
> --
> John Barnett MVP
> Associate Expert
> http://xphelpandsupport.mvps.org
>
> The information in this mail/post is supplied "as is". No warranty of any
> kind, either expressed or implied, is made in relation to the accuracy,
> reliability or content of this mail/post. The Author shall not be liable for
> any direct, indirect, incidental or consequential damages arising out of the
> use of, or inability to use, information or opinions expressed in this
> mail/post..
>
>
> "APA" <APA@discussions.microsoft.com> wrote in message
> news679DF3E-7232-40C4-AEDC-6C07F7BA9C9A@microsoft.com...
> > Hi,
> >
> > Can anyone provide a suggestion to get BitLocker enabled with TPM support
> > on
> > a Gateway computer? I have Vista RC1 installed on a Gateway M280. The
> > M280
> > has a Broadcom TPM 1.2 chip that is installed properly according to Device
> > Manager.
> >
> > However, the TPM managment console, BitLocker Control Panel applet, and
> > the
> > "manage-bde.wsf" script will not recongize the chip. All other devices
> > are
> > working properly.
> >
> > Again, any help or suggestions would be appreciated.
> >
> > Regards,
> >
> > APA
>
>
>

"Jamie Hunter [MS]" wrote:

> I'll talk to my co-workers on Monday, see if anyone has an idea what may be
> going on. Can you also try the "manage-bde" command-line and see if the
> reported error is the same? Thanks!
> -

Jamie,

What did the co-workers have to say?

I seem to have a very similar problem. My platform is a DELL Lattitude X1
with a Broadcom TPM v1.2 chip. I've partitioned the harddrive, installed
Vista RC1 as per the "Windows BitLocker Drive Encryption Step-by-Step Guide�
from September 2006.

Device Manager tells me that I have (under Security Devices) a �Bradcom
Trusted Platform Module (A1), v1.2� that is working properly. Yet when I go
to the BitLocker Control Panel, I get told "A TPM was not found" (in the
yellow box). If I try "manage-bde.wsf -tpm -TurnOn" I get

ERROR: A compatible Trusted Platform Module (TPM) was not detected.

In the BIOS I have two items related to TPM: TPM Security (I've set it to
ON) and TPM Activation. If I try to enable the latter I am told I have to
load host drivers first, but this seems to be where I am stuck.

I thinking maybe I have to roll back to XP and use teh DELL/Bradcom supplied
utilities and drivers to get teh thing initialized, but was hping ther was a
more straghtforward way. Right now I feel I'm in a Catch-22.

Regards

- Kim