SCCM OSD for Windows 8.1 - TPM Owner Password not found

Similar Messages

• Is there a "SCCM Package For Windows 7 (64-bit)" for an X220?

  Hey all,
  i found the "SCCM package for Windows 7 (32-bit) and (64-bit)" for ThinkPad X230s here...
   http://support.lenovo.com/en_US/downloads/detail.p​age?DocID=DS034785
  ...but is there one for the X220s as well? I only see ones for M82, M92p M92, and X230
  any help would much appreciated. 

  That sounds great - actually based on our early research that is exactly the route we've decided to go.
  I don't see a document linked in your post, would you mind re-linking?
  Specifically, we'll want to include drivers for lots of x210, x220 and x230 varieties - and there are a lot of them that I don't have available for testing - they are many miles away.
  Appreciate the help!
  EDIT - I found the document linked in another thread and we've used it to pull in all the drivers we require for the 4 models in our environment.  thanks!
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mob​iles_pdf/dml_ur_ti_mdt_2.0.pdf

• Formatting the encrypted hard drive or intalling OS again with PXE boot can change TPM owner password file?

  Hello,
  1) I realized that when MBAM bitlocker encryption start both Recovery key and TPM owner password file are send to MBAM server. If we change the computername of the notebook, we can find out Recovery key from MBAM server with the KeyID as we can read it from
  computer screen, but we can not find out TPM owner password file with the existing new computername information from MBAM server, so we have to know old names of all computers but it is impossible. So we have to do decryption and clearing TPM than we
  can again encrypted it with its new name. is it right?
  2) We will going to deploy mbam encryption to our notebooks. But sometimes when a person quit the job his notebook can given to another person or new employee and based to our procedure when a notebook will given to another user it should installed
  OS again with PXE boot. I would to know will it be enough to installing with this method again with a diffrent computer name or should I firstly clear its TPM than install OS with PXE to keep TPM owner password file missing as item 1?
  I hope i can explain what i mean :)
  Regards,
  SibelM

  I would suggest you to first decrypt the laptop and then follow the process:-
  - Clear the TPM
  - Encrypt the type.
  - Check for the encryption behavior.
  Cause I have found on some model that if the OS drive is encrypted, PXE boot fail on that machine even though I also did a direct PXE on an encrypted machine with clearing the TPM.
  TPM ownership password is a hash file that gets generated with a set of algorithm. SO each time when you PXE boot, by clearing the TPM, the TPM hash password for the TPM will change. This has been done for security measures.  
  Gaurav Ranjan

• When I attempt to upgrade an app in iTunes for windows, I get an error:  "Could not purchase.  An unknown error occurred (11111).  There was an error in the iTunes Store.  Please try again later"

  When I attempt to upgrade an app in iTunes for windows, I get an error:  "Could not purchase.  An unknown error occurred (11111).  There was an error in the iTunes Store.  Please try again later"
  I am running the latest iTunes 10.7.0.21 for Windows 7.
  This error occurs if I try to either update the app or if I delete it and attempt to redownload.
  I have an iPhone and an iPad.  I am unable to update the apps or install the apps from within the App Store on iOS.
  I do not have an AOL ID, as is a common issue with this type of error.
  From what I can tell, my Apple ID account seems fine.  I logged in, changed some information, and ensured my credit card is valid and updated.
  I can download new apps just fine.  I am unable to update or install apps I have purchased in the past.

  After 30 minutes this morning, no resolution. Then another tech support call this afternoon, 15 minutes in, was escalated to a Tier 2 (Senior) advisor. He said something similar to the above ("this is one of the strangest things I've seen"). He was chatted with iTunes guys and took all my info into the case and was escalating it over to engineering. Said they would be in touch.
  So, no solution...yet.
  Just to clarify:
  iTunes on Windows7: trying to update an existing app, or re-download a prior app, gives the (11111) error. Downloading a new (free) app worked fine.
  App Store on iPhone5, iOS 6.0.1: click on UPDATE, switches to INSTALLING...for a second, then switches back to UPDATE. No error message (and nothing in Diagnostic data).
  App Store on iPad 3, iOS 6.0.1: same as iPhone 5.
  Definitely account related.
  I have cleared the store cache, signed out and back in, deleted the credit card data, and re-added, rebooting PC and iPhone...nothing works.
  Will post if I hear anything back from Apple.

• I brought Quicktime 7 Pro for Windows 7 Pro and it did not electronically download or I can't find it anywhere on my computer.  Need help.

  I brought Quicktime 7 Pro for Windows 7 Pro and it did not electronically download or I can't find it anywhere on my computer.  Need help

  Apple - QuickTime - Download
  Download and install the free version and apply your key to unlock the Pro features.

• Every time i try to install itunes on my laptop for windows  i get the message''key not valid for use in specified state''  any clue? '

  every time i try to install itunes on my laptop for windows  i get the message''key not valid for use in specified state''  any clue?

  For "Key not valid for use in specified state" errors try moving the folder RSA from C:\Users\<User>\AppData\Roaming\Microsoft\Crypto\RSA to say C:\<User>\RSA (just in case there should be a need to restore it) then try installing again. This folder appears to act as a cache and should be rebuilt automatically as required.
  For general advice see Troubleshooting issues with iTunes for Windows updates.
  The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down the page in case one of them applies.
  Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
  tt2

• TPM password not found in MBAM database

  There are other threads I have read through and did some troubleshooting, but still I´m stuck with this, how to get TPM password in MBAM database. Another question is, do I really need it? Isn´t recovery key enough?
  My situation is this:
  1. Computers are encrypted during Task Sequence and MBAM client is installed.
  2. During first logon MBAM client promts for PIN and encryption is complete.
  3. Bitlocker recovery key is found in MBAM Admin Web page, but not TPM password.
  What I tried to do:
  - There is no Group Policy for controling TPM password.
  - I´m member of MBAM Admin group and Helpdesk groups.
  - If I clear and initialize TPM from its mgmt console, there will not be any activity from MBAM client, and TPM password still does not go to DB
  - I have checked from SQL mgmt studio, that TPM hash is NULL
  - I tried to use TPM-EK vbs script before and after encryption, there is no effect.
  So how to get TPM password to DP? Specially I´m intresting in scenario where Computer is already encrypted.

  MBAM has to own the TPM to store the password. During a task sequence, follow the steps below. The steps assume pre-provisioning, but the concept is the same even if you don't use it.  If the machine is already encrypted and you want MBAM to store the
  password, you will have to clear the TPM and reboot. Note that this requires physical presence - someone will have to hit F1 in the preboot screen. See below for info on how to clear it via PowerShell.  The reason you want the TPM OwnerAuth password is
  that if a user types their PIN too many times in preboot, the TPM may put the machine into BitLocker Recovery and lock itself for some period of time (depends on manufacturer).  To unlock it faster after you have supplied the BitLocker Recovery Password
  and are in the OS, you have to go to tpm.msc and choose Reset TPM Lockout, supplying the TPM Owner Auth password.  If MBAM stores it, you can get this info from the Helpdesk portal.
  To configure MBAM to own the TPM and store OwnerAuth passwords
  On the client computer, open an elevated Windows PowerShell command prompt.
  Type the following Windows PowerShell commands:
  Command
  Description
  $tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm
  Gets an instance of the TPM WMI class.
  $tpm.DisableAutoProvisioning()
  Disables TPM auto-provisioning.
  $tpm. SetPhysicalPresenceRequest(22)
  Clears the TPM.
  Restart the computer, and then confirm that you want to clear the TPM.
  For the task sequence to get MBAM to own it out of the box, do the following:
  Capture and      sysprep a WIM as you normally would.
  Mount the      captured WIM using
  dism /mount-wim /wimfile:C:\WimImages\Win7.wim
  /index:1 /mountdir:C:\AIKMount
  Load the WIM      registry -
  reg load
  HKLM\WimRegistry
  c:\AIKMount\windows\system32\config\system
  Open regedit      and browse to hklm\WimRegistry\system\controlset001\services\TPM\WMI and      add the two reg keys that
  Jim mentioned
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tpm\WMI: NoAutoProvision [REG_DWORD]
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tpm\WMI: NoDisableOwnerClear [REG_DWORD]
  Close regedit
  Unload the WIM      registry -
  reg unload HKLM\WimRegistry
  Commit changes      to the WIM and unmount -
  dism /unmount-wim /mountdir:C:\AIKMount
       /commit
  Went to MDT      2012 Update 1 and my deployment share.
  Edited the      ZTIBDE.wsf script in MDT to tell it not to take ownership of the TPM. 
  In that script, replace the TPMValidate      function with what I have below (I just commented out the SetTPMOwner      lines)
  Function TpmValidate ()
  Dim iRetVal, sCmd, sTpmOwnerPassword
  iRetVal = Success
  '// Set oTpm to valid instance
  iRetVal = GetTpmInstance()
  TestAndFail iRetVal, 6734, "Get TPM Instance"
  '// Set global booleans for TPM state. Error bubble handled by subs
  iRetVal    = GetTpmEnabled()
  TestAndFail iRetVal, 6735, "Check to see if TPM is enabled"
  iRetVal = GetTpmActivated()
  TestAndFail iRetVal, 6736, "Check to see if TPM is activated"
  iRetVal = GetTpmOwner()
  TestAndFail iRetVal, 6737, "Check to see if TPM is owned"
  iRetVal = GetTpmOwnershipAllowed()
  TestAndFail iRetVal, 6738, "Check to see if TPM Ownership is allowed"
  iRetVal = GetEndorsementKeyPairPresent()
  oLogging.CreateEntry "TpmEnabled: " & bTpmEnabled, LogTypeInfo
  oLogging.CreateEntry "TpmActivated: " & bTpmActivated, LogTypeInfo
  oLogging.CreateEntry "TpmOwned: " & bTpmOwned, LogTypeInfo
  oLogging.CreateEntry "TpmOwnershipAllowed: " & bTpmOwnershipAllowed, LogTypeInfo
  oLogging.CreateEntry "EndorsementKeyPairPresent: " & bEndorsementKeyPairPresent, LogTypeInfo
  '// Single instance check to allow future corrective action branching.
  TestAndFail bTPMEnabled, 6739, "Check to see if TPM is enabled"
  TestAndFail bTPMActivated, 6740, "Check to see if TPM is activated"
  TestAndFail bTpmOwned or bTpmOwnershipAllowed , 6741, "Check to see if TPM is owned and ownership is allowed"
  If bTpmOwned <> True AND bTpmOwnershipAllowed = True Then
  If oEnvironment.Item("TpmOwnerPassword") <> "" Then
  oLogging.CreateEntry "TPM Ownership being intiated.", LogTypeInfo
  'iRetVal = SetTpmOwner(oEnvironment.Item("TpmOwnerPassword"))
  TestAndFail iRetVal, 6741, "TPM Owner Password set"
  ElseIf oEnvironment.Item("AdminPassword") <> "" Then
  oLogging.CreateEntry "TPM Ownership being intiated with AdminP@ssword (not TPMOwnerP@ssword).", LogTypeInfo
  'iRetVal = SetTpmOwner(oEnvironment.Item("AdminPassword"))
  TestAndFail iRetVal, 6742, "TPM Owner P@ssword set to AdminP@ssword"
  Else
  oLogging.CreateEntry "TPM Ownership being intiated with Default p@ssword (not TPMOwnerP@ssword).", LogTypeInfo
  'iRetVal = SetTpmOwner("M0nksH00d!4T3al")
  TestAndFail iRetVal, 6743, "Set TPM Owner P@ssword to value"
  End If
  End If
  TpmValidate = Success
  End Function
  Grab the      StartMBAMEncryption.wsf script from
  here
  and edit out those same lines as above.
  Added the      following files to an MDT application.      
  Set the app to run cscript.exe startmbamencryption.wsf      /MBAMServiceEndPoint:http://<yourmbamserver>/MBAMRecoveryAndHardwareService/CoreService.svc
  Added the MBAM      agent installer as an application
  Added the MBAM      agent to the task sequence
  Added the Start      MBAM Encryption app to the task sequence
  Set      OSDBitLockerMode=TPM and IsBDE=True in customsettings.ini
  Made sure this was a bare metal machine where the TPM was clear (for testing, you can clear it from the BIOS, just make sure it is activated).
  Ran the TS on      the box.
  Result:
  BitLocker was pre-provisioned and activated, and MBAM took ownership of the TPM which escrowed the OwnerAuth info to MBAM.

• Each time I start up my computer and have my iPhone plugged in, I get a message window that eads "New Wave" file not found in your files....How do I get this file I am missing?

  Each time I start up my computer and have my iPhone plugged in, I get a message window that eads "New Wave" file not found in your files....How do I get this file I am missing?

  Hey Podieboy,
  Thanks for the question. It sounds like you are receiving a message about missing files when you start iTunes. The following resource may provide more information:
  iTunes: Finding lost media and downloads - Apple Support
  http://support.apple.com/en-us/TS1408
  If the file/song is not important, you can simply delete it from your library to avoid this error message in the future:
  iTunes 12 for Windows: Delete songs, playlists, or other items
  http://support.apple.com/kb/PH20391
  Thanks,
  Matt M.

• Cannot make a cache safe URL for "1025/styles/Themable/corev4.css", file not found. Please verify that the file exists under the layouts directory.

  HI
  i restored a sharepoint web 80 application in our test domain
  and after when i browse the new web application 
  it says 
  Cannot make a cache safe URL for "1025/styles/Themable/corev4.css", file not found. Please verify that the file exists under the layouts directory. 
  adil

  Hi  adil,
  According to your description, my understanding is that you encountered the error “Cannot make a cache safe URL for "1025/styles/Themable/corev4.css", file not found. Please verify that the file
  exists under the layouts directory.” .
  The issue happens in
  We have customized master page
  In the master page, we use path the script/style file like this: <SharePoint:CssRegistration name="<% $SPUrl:~SiteCollection/Style Library/coe/mainCOE.css%>"
  runat="server"/>
  While using the dynamic path in a multiple languages enabled site, language Id(1033 etc) will be added to the path automatically. That cause the file to be not found.
  To solve the issue, please download  the Arabic language pack http://www.microsoft.com/en-us/download/details.aspx?id=3411 ,
  install it on  your SharePoint and refresh your browser.
  Reference:
  http://sharepoint-community.net/profiles/blogs/cannot-make-a-cache-safe-url-for-1036-sytles-themable-corev4-css
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• An error occurred while reconnecting P: to \\JSERVER\Data Microsoft Windows Network: The network path was not found. This connection has not been restored.

  Almost every day when I open my computer I get this message:
  An error occurred while reconnecting P: to \  \  JSERVER\data Microsoft Windows Network: The network path was not found. This connection has not been restored.
  We then have to go through the process of resetting everything from start to finish just so I can connect to the server. There is no reason that we can find that causes this other than maybe windows updating every night. Any suggestions as to how to
  fix this? 

  it sounds like you have a network drive you are trying to map even though you are not logged in maybe in a script or task instead of backing up to :P backup to the share, make sure you have security set properly to run the task when not logged on.
  I assume you are running a backup of some sort as this is the backup forum..

• ITunes! Getting Error 7 Windows error 126 Also AVFoundationCF was not found.

  Having trouble downloading iTunes! Getting Error 7 Windows error 126 Also AVFoundationCF was not found. Everything was OK until I update to new version of iTunes. I have uninstalled the entire apple app's restart, disc clean and still not able to install iTunes.

  Same or almost: iTunes was not installed correctly. Please reinstall iTunes. (I dit it!) Error 7 (Windows error 2)

• Get window titled "AppleSyncNotifier.exe-entry point not found"

  Get window titled "AppleSyncNotifier.exe-entry point not found"  In the window it said "The procedure entry point sqlite3_wal_checkpoint could not be found in the dynamic link library SQLite3.dll." Cannot install any iTunes upgrades because of this. Tried deleting and reinstalling iTunes but the deletion could not be accomplished because of this problem. How do I fix this?  Thank you.
  Nelson

  I still cannot update my iTunes.  But I'll have to figure how to fix that.
  What error message are you getting when you try to update your iTunes, neloyo?

• SCCM query for Windows 8 machines without software installed

  Would anyone be able to point me in the direction of an SCCM query for a collection that would list all Windows 8 machines without certain software installed?
  Thanks

  I have this query to for systems without software installed:
  select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,
  SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.
  ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System  
  inner join SMS_G_System_COMPUTER_SYSTEM on  
  SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId 
  where SMS_G_System_COMPUTER_SYSTEM.Name not in  
  (select SMS_G_System_COMPUTER_SYSTEM.Name from  SMS_R_System  
  inner join SMS_G_System_COMPUTER_SYSTEM on  
  SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId
  inner join SMS_G_System_ADD_REMOVE_PROGRAMS on  
  SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID =  
  SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS. 
  DisplayName like "%SOFTWARE%")
  The query works, but I would like to modify it so the query only includes certain versions of Windows. Any suggestions would be appreciated
  Thanks 

• Solution for Windows Store app "projectname.exe" does not contain a static 'Main' method suitable for an entry point . Error.

  Hi,
  I'm developed a blog reader for windows 8 store app. It was perfectly worked before. But suddenly it started to miss behave and I got an
  error. No other errors were there other than that.
  Error 
  Program c:\Users\.........\Desktop\Blog_Reader\Blog_Reader\obj\Release\intermediatexaml\Blog_Reader.exe' does not contain a static 'Main'
  method suitable for an entry point. 
  C:\Users\..........\Desktop\Blog_Reader\Blog_Reader\CSC    Blog_Reader
  But I found the solution while I fixing it.
  Solution for that is like below.
  Go to your App.Xaml and Right-Click thenGo to Properties
  Check whether the Build Action is
  ApplicationDefinition
  If not change it to ApplicationDefinition.
  Clean the code (solution) and Deploy
  Now the error is fiexed.

  Hi Robana, 
  Good sharing on the Technet. 
  This will definitely benefit other who may encounter the same issue as yours.
  Thanks for your sharing again. 
  Kate Li
  TechNet Community Support

• Bonjour for windows gives this error - You do not have sufficient access...

  I installed Bonjour for windows on a PC running XP. When I run the Bonjour app from windows I can see the printer I wish to connect to. It is shared off of my G3 server. When I try to connect I get the following error,
  "You do not have sufficient access to your computer to connect to the selected printer"
  I have done some research through Apple's info database and found,
  http://docs.info.apple.com/article.html?artnum=302408
  I followed the instructions and still I get the same error. I have rebooted the PC deleted all the printers under the printer window. But no luck. I found a similar request by another apple forum user. His issue was the same but he was using 'Parallels' emulator. But no solution was provided.
  Any suggestions?

  Well this is what I've done to date to try to resolve this issue.
  I uninstalled Bonjour for Windows from my PC. I checked Apples support pages dealing with Bonjour for Windows (BfW). As suggested I deleted all printers in my printer window, (to delete all possible print Queues). I updated my Windows to the latest patch for XP. I reinstalled BfW, with the XP Firewall turned on. It is suggested that BfW will make the necessary changes to the XP firewall to allow traffic going through port 5353. I have tried more than one printer off of my G3 and I double checked my external router port restrictions, and I turned off the firewall on my G3, shared mt printers in OS X, and even turned on windows file sharing. I even updated my G3 to 10.4.8
  I pinged my G3 from my XP machine it's there. Also I can see the G3 with it's printers when I browse the network from the XP box. Also I'm on the same local subnet 192.168.2.x
  The only thing I have not done yet is see if it is possible to ping a bonjour host (my G3) from a bonjour client (XP box). That would at least verifiy the 5353ports.
  Anyone have a bonjour utility to do that? Probably have to run in a Windows enviroment. Or can a ping packet be directed to use a particular port?