Unsolved
This post is more than 5 years old
5 Posts
0
367353
"CCTK --tpmactivation=activate" sometimes fails to enable TPM
I am creating an SCCM Task Sequence to deploy Windows 7 with BitLocker encryption.
I have the command "CCTK.exe --tpmactivation=activate --valsetuppwd=password" in the Task Sequence, but I find that often, this does not work. After the command has executed, I issue a "reboot" task sequence step so that I can manually check in the BIOS to verify the TPM is active, and often I find that it is not. Other times it is sucessfully activated, even on the same computer.
I have made the Task Sequence execution pause after the above command has been issued, and opened a command prompt by pressing "F8" and if I issue the same command manually then reboot, TPM is activated.
I have also made the Task Sequence execution pause and opened a command prompt by pressing "F8" then copied the smsts.log file locally so I can examine the log file, and I find that it appears to state that TPM was activated, as can be seen in this log extract:
Executing command line: smsswd.exe /run: x:\CCTK\X86_64\CCTK.exe --tpmactivation=activate --valsetuppwd=password
=======================[ smsswd.exe ] =======================
PackageID = ''
BaseVar = '', ContinueOnError=''
SwdAction = '0001'
Command line for extension .exe is "%1" %*
Set command line: Run command line
Working dir 'not set'
Executing command line: Run command line
Process completed with exit code 0
tpmactivation=activate
Command line returned 0
Process completed with exit code 0
!--------------------------------------------------------------------------------------------!
Successfully complete the action (Activate TPM) with the exit win32 code 0
However, rebooting and going into the BIOS, i find that TPM is not activated.
Does anyone have any ideas why this is so unreliable?
I have the command "CCTK.exe --tpmactivation=activate --valsetuppwd=password" in the Task Sequence, but I find that often, this does not work. After the command has executed, I issue a "reboot" task sequence step so that I can manually check in the BIOS to verify the TPM is active, and often I find that it is not. Other times it is sucessfully activated, even on the same computer.
I have made the Task Sequence execution pause after the above command has been issued, and opened a command prompt by pressing "F8" and if I issue the same command manually then reboot, TPM is activated.
I have also made the Task Sequence execution pause and opened a command prompt by pressing "F8" then copied the smsts.log file locally so I can examine the log file, and I find that it appears to state that TPM was activated, as can be seen in this log extract:
Executing command line: smsswd.exe /run: x:\CCTK\X86_64\CCTK.exe --tpmactivation=activate --valsetuppwd=password
=======================[ smsswd.exe ] =======================
PackageID = ''
BaseVar = '', ContinueOnError=''
SwdAction = '0001'
Command line for extension .exe is "%1" %*
Set command line: Run command line
Working dir 'not set'
Executing command line: Run command line
Process completed with exit code 0
tpmactivation=activate
Command line returned 0
Process completed with exit code 0
!--------------------------------------------------------------------------------------------!
Successfully complete the action (Activate TPM) with the exit win32 code 0
However, rebooting and going into the BIOS, i find that TPM is not activated.
Does anyone have any ideas why this is so unreliable?
DELL-Warren B
1.1K Posts
0
September 9th, 2011 14:00
TRLSecurity
5 Posts
0
September 12th, 2011 09:00
The computer I was using as the test build machine is a D630 with BIOS A17. The CCTK version is 2.0.1.
DELL-Warren B
1.1K Posts
0
September 13th, 2011 10:00
TRLSecurity
5 Posts
0
October 3rd, 2011 03:00
I removed the task sequence step to reboot the computer, which I only added so that I was able to trap the restart and verify that TPM was activated within the BIOS. Once I removed the restart and simply allowed the task sequence to continue, I have not had any problems with the TPM failing to be enabled.
It does look like the act of initiating a reboot at that time did in fact "break" the TPM activation and was a timing issue, as you described.
Best Regards,
Steve
DELL-Warren B
1.1K Posts
0
October 3rd, 2011 09:00
Thomas Walters
2 Posts
0
June 14th, 2012 17:00
Hope someone is still monitoring this thread. I have the same problem with my test machine, a Lattitude E6500. If I run the SCE to activate, the log says the activation was successful, but when I run CCTK --tpmactivation after a reboot, the TPM is NOT activated. If I use the Windows 7 TPM console, I can activate the TPM successfully, but I can't automate that.
BIOS version on the test machine is A25. dated 4/13/2011.
Thanks,
Tom
DELL-Warren B
1.1K Posts
0
June 15th, 2012 07:00
Hi Thomas,
The support team will ask for you to try the latest BIOS (A27 from 5/5/12) before doing anything. Can you upgrade the BIOS and let me know if that affects your issue?
Warren
Dustin Hedges
96 Posts
0
June 15th, 2012 07:00
Forgot to post the code.... Here it is:
Thomas Walters
2 Posts
0
June 22nd, 2012 06:00
Hi Warren,
Upgraded BIOS to version A27. Same behaviorl. The SCE log says activation is successful, but the TPM is not activated. Next steps?
Thanks,
Tom
dramon
1 Message
0
July 13th, 2012 14:00
we are having a similiar issue using on e6410 bios version 11. We are issuing the cctl tpmactivation=activate, it returns. After doing a cctk --tpmactivation command it says deactivate. We have manually rebooted and stil showing deactivated.
This has occured on a few e6140, we are using the tpmactivcate command to prepare for a mbam/bitlocker deployment on a large number of machines.
Update: during testing i have found that if tpm was on already, the tpmactivation worked. If tpm had to be turned on, i had to reboot after turning on tpm, then the tpmactivation worked.
of course having cctk report it as activated when it was not is super annoying.
As others have mentioned tpm ownership needs to be off as well
Bill Campbell M
4 Posts
0
July 19th, 2012 12:00
SOLUTION: If you are experiencing this problem (change TPM activation state using CCTK command line, CCTK returns success, but activation state is NOT actually changed) it is most likely because CCTK cannot change the TPM activation state when the TPM is in an "owned" state. You must first clear the TPM ownership, then CCTK --tpmactivation=activate will work properly.
This is not documented anywhere, so far as I know. It's obviously a bug in CCTK. CCTK should not return success when it has failed, d'oh.
jp87
2 Posts
0
November 30th, 2012 05:00
Hi!
I have this exact problem, but only with the new Latitude E6230.
My package works perfect on several Latitude models but this week we got an new E6230 and it
looks a little bit different... For example, the Windows key is the icon for Windows 8.
I have tried the solution you mentioned but it doesnt work! All of the other options like
setting password or turning on the TPM works, but it still deactivated.
Does this have to do with a newer bios or something?
Arias24
1 Message
0
January 30th, 2013 10:00
I am having an issue with 'cctk Version 2.1.1 137 (Windows - Sep 24 2012). I have a Dell Optiplex 620, Bios Ver A07.
The "tpm" and "tpmactivation" commands are not appearing in the list of commands you get from the --help command. I do however see the tpm and tpm activation in the GUI portion where you extract .exe files etc.
Does anybody have an idea on what may be causing this issue?
Bill Campbell M
4 Posts
0
February 1st, 2013 06:00
According to Dell web site, BIOS is at least at A11: www.dell.com/.../driverdetails
I am not a Dell employee, I cannot explain why they would ship you a machine with an old BIOS revision installed.
jp87
2 Posts
0
February 1st, 2013 06:00
Well... The computers that doesn't work is brand new...So hopefully Dell doesn't ship out brand new computers with too old bios.
And like i said, it's only the newest model that this doesn't work with. All the other (older) models works great!
Regards