Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

TRLSecurity

5 Posts

367205

September 9th, 2011 08:00

"CCTK --tpmactivation=activate" sometimes fails to enable TPM

I am creating an SCCM Task Sequence to deploy Windows 7 with BitLocker encryption.

I have the command "CCTK.exe --tpmactivation=activate --valsetuppwd=password" in the Task Sequence, but I find that often, this does not work. After the command has executed, I issue a "reboot" task sequence step so that I can manually check in the BIOS to verify the TPM is active, and often I find that it is not. Other times it is sucessfully activated, even on the same computer.

I have made the Task Sequence execution pause after the above command has been issued, and opened a command prompt by pressing "F8" and if I issue the same command manually then reboot, TPM is activated.

I have also made the Task Sequence execution pause and opened a command prompt by pressing "F8" then copied the smsts.log file locally so I can examine the log file, and I find that it appears to state that TPM was activated, as can be seen in this log extract:

Executing command line: smsswd.exe /run: x:\CCTK\X86_64\CCTK.exe --tpmactivation=activate --valsetuppwd=password
=======================[ smsswd.exe ] =======================
PackageID = ''
BaseVar = '', ContinueOnError=''
SwdAction = '0001'
Command line for extension .exe is "%1" %*
Set command line: Run command line
Working dir 'not set'
Executing command line: Run command line
Process completed with exit code 0
tpmactivation=activate
Command line returned 0
Process completed with exit code 0
!--------------------------------------------------------------------------------------------!
Successfully complete the action (Activate TPM) with the exit win32 code 0

However, rebooting and going into the BIOS, i find that TPM is not activated.

Does anyone have any ideas why this is so unreliable?

DELL-Warren B

1.1K Posts

September 9th, 2011 14:00

Which systems and BIOS versions are you using. This issue was addressed on some systems with a BIOS update.

TRLSecurity

5 Posts

September 12th, 2011 09:00

"Which systems and BIOS versions are you using. This issue was addressed on some systems with a BIOS update."
Hi Warren,

The computer I was using as the test build machine is a D630 with BIOS A17. The CCTK version is 2.0.1.

DELL-Warren B

1.1K Posts

September 13th, 2011 10:00

This sounds like a timing issue. Can you run another process before rebooting to see if it will stabilize your output. It appears from the logs that the TPM activation is attemped successfully, but somehow it's getting broken by the task sequence.

TRLSecurity

5 Posts

October 3rd, 2011 03:00

Hi Warren,

I removed the task sequence step to reboot the computer, which I only added so that I was able to trap the restart and verify that TPM was activated within the BIOS. Once I removed the restart and simply allowed the task sequence to continue, I have not had any problems with the TPM failing to be enabled.

It does look like the act of initiating a reboot at that time did in fact "break" the TPM activation and was a timing issue, as you described.

Best Regards,
Steve

DELL-Warren B

1.1K Posts

October 3rd, 2011 09:00

Thanks for the follow-up! Glad to hear it is working for you.

Thomas Walters

2 Posts

June 14th, 2012 17:00

Hope someone is still monitoring this thread.  I have the same problem with my test machine, a Lattitude E6500.  If I run the SCE to activate, the log says the activation was successful, but when I run CCTK --tpmactivation after a reboot, the TPM is NOT activated.  If I use the Windows 7 TPM console, I can activate the TPM successfully, but I can't automate that.

BIOS version on the test machine is A25. dated 4/13/2011.

Thanks,

Tom

DELL-Warren B

1.1K Posts

June 15th, 2012 07:00

Hi Thomas,

The support team will ask for you to try the latest BIOS (A27 from 5/5/12) before doing anything.  Can you upgrade the BIOS and let me know if that affects your issue?

Warren

Dustin Hedges

96 Posts

June 15th, 2012 07:00

Forgot to post the code.... Here it is:

###########################################################################
#
# NAME: Enable-TPM.PS1
#
# AUTHOR:  Dustin Hedges
#
# COMMENT: Attempts to activate the TPM chip using manage-bde.exe.
#
# VERSION HISTORY:
# 1.0 4/4/2012 - Initial release
#
###########################################################################

$cmd = "$env:WinDir\System32\manage-bde.exe -TPM -TurnOn"
Invoke-Expression $cmd | Out-Null
switch ($LASTEXITCODE) {
 
	-1 {
 
	Write-Host TPM Already Activated
	Exit 0
	}
	-2147217406 {
 
	Write-Host "ERROR: A compatible Trusted Platform Module (TPM) was not detected."
	Exit 1
	}
	default {
 
	Write-Host "Last Exit Code $LASTEXITCODE"
	Exit $LASTEXITCODE
	}
}

Thomas Walters

2 Posts

June 22nd, 2012 06:00

Hi Warren,

Upgraded BIOS to version A27.  Same behaviorl.  The SCE log says activation is successful, but the TPM is not activated.  Next steps?

Thanks,

Tom

dramon

1 Message

July 13th, 2012 14:00

we are having a similiar issue using on e6410 bios version 11. We are issuing the cctl tpmactivation=activate,   it returns.  After doing a cctk --tpmactivation command it says deactivate. We have manually rebooted and stil showing deactivated.

This has occured on a few e6140,  we are using the tpmactivcate command to prepare for a mbam/bitlocker deployment on a large number of machines.

 

Update: during testing i have found that if tpm was on already, the tpmactivation worked.  If tpm had to be turned on, i had to reboot after turning on tpm, then the tpmactivation worked. 

of course having cctk report it as activated when it was not is super annoying.

As others have mentioned tpm ownership needs to be off as well

Bill Campbell M

4 Posts

July 19th, 2012 12:00

SOLUTION: If you are experiencing this problem (change TPM activation state using CCTK command line, CCTK returns success, but activation state is NOT actually changed) it is most likely because CCTK cannot change the TPM activation state when the TPM is in an "owned" state.  You must first clear the TPM ownership, then CCTK --tpmactivation=activate will work properly.

This is not documented anywhere, so far as I know.  It's obviously a bug in CCTK.  CCTK should not return success when it has failed, d'oh.

jp87

2 Posts

November 30th, 2012 05:00

Hi!

I have this exact problem, but only with the new Latitude E6230.
My package works perfect on several Latitude models but this week we got an new E6230 and it
looks a little bit different... For example, the Windows key is the icon for Windows 8. 

I have tried the solution you mentioned but it doesnt work! All of the other options like
setting password or turning on the TPM works, but it still deactivated. 

Does this have to do with a newer bios or something? 

Arias24

1 Message

January 30th, 2013 10:00

I am having an issue with 'cctk Version 2.1.1 137 (Windows - Sep 24 2012). I have a Dell Optiplex 620, Bios Ver A07.

The "tpm" and "tpmactivation" commands are not appearing in the list of commands you get from the --help command. I do however see the tpm and tpm activation in the GUI portion where you extract .exe files etc.

Does anybody have an idea on what may be causing this issue?

Bill Campbell M

4 Posts

February 1st, 2013 06:00

According to Dell web site, BIOS is at least at A11: www.dell.com/.../driverdetails

I am not a Dell employee, I cannot explain why they would ship you a machine with an old BIOS revision installed.

jp87

2 Posts

February 1st, 2013 06:00

Well... The computers that doesn't work is brand new...So hopefully Dell doesn't  ship out brand new computers with too old bios.

And like i said, it's only the newest model that this doesn't work with. All the other (older) models works great!

Regards

View More

View All

No Events found!

Top