Bitlocker Troubleshooting: Not able to stage Boot Image on Bitlocker Partition
Issue
Recently migrated SCCM 2007 to SCCM 2012.
The same Task sequence which was working perfectly fine on SCCM 2007 was failing to start the Task Sequence on SCCM 2012 with error code (0x80070070).
If you look for the error code, it is equivalent to:
“There is not enough disk space left on this machine for staging the content”
This problem we were facing for existing machines (which were already built previously), any new purchased systems were not causing issue.
Workaround
As a workaround, we could use Diskpart utility in following order to get the issue resolved:
- Press F8 to open Command Prompt
- Type Diskpart
- Type clean
- Type “Create partition Primary”
- Type “Format fs=ntfs quick”
- Type “Active”
- Type Exit
Now start the Task sequence again, it will continue without any error.
But this did not seem to be a permanent solution in the environment as many company uses ZTI approach, and this provision will actually requires somebody to intervene and do the cleaning stuff of disk to continue. Moreover what could be the root cause to resolve the issue for once and for all.
Root Cause Analysis
Our existing machines have two partitions, 1. Hidden partition of 300MB for Bitlocker partition 2. Remaining partition. Our second partition is Bitlocker Encrypted, hence through WinPe Boot Image you would be able to see only one partition (ie 300MB Bitlocker partition) as usable one. Boot Image cannot try to stage on encrypted partition. Our Boot image size was more than 400MB hence its quite logical that we will get error because 400MB of Boot Image is trying to stage(download from DP) to 300MB Bitlocker partition.
There are several points to be taken care into consideration to resolve the issue:
Prevent Boot Image from download/staging
Prevent Boot Image from download/staging because if WinPE is already loaded, TS is selected, there is no need to download the Boot Image again. The only reason why Boot Image is loading again is because of difference in:
Boot Image loaded through PXE vs Boot Image assigned to Task Sequence.
Its not always the same Boot image loading from PXE what is actually assigned to Task Sequence.
There should be only one Boot image available on PXE to prevent the issue, and that too we would prefer x86 boot image which can actually be used for deploying wim of x86 or x64 (Not application for deploying OS through source which actually requires same architecture of WinPE as what OS has).
FAQ
At this time, a questions may arise:
More than one boot image
What if there is more than one boot Image on PXE, which boot image will load, how to prevent it?
In PXE process, wdsnbp.com file is responsible to do architecture detection and to download the boot image based upon that.
But in practical scenario it is not true, the most recent advertised task sequence associated boot image will actually load. Hence to avoid all confusion, use one boot Image which is actually been targeted for the task sequence.
Larger Bitlocker partition
What if we use Bitlocker partition more than 300MB, such as 600 MB or maybe more?
This can actually resolve the issue for all future deployments, but what if you already have 10,000 machines in the environment, and on one or another time you have to build it. If your PXE issue is still not resolved (loading incorrect Boot Image from PXE), you will still face problem for all existing machines, but this approach will prevent the further issue in future for next build because now you have bigger Bitlocker partition than Boot Image.
Best approach
Then what is the best approach?
Maybe these different approaches confuse you mentioned in Q1 and Q2, if you are able to manage one and only one PXE boot image in environment which is been used by task Sequence, there would be no need to look for another solution.
What if
If there is actual requirement of having more than one boot image on PXE, how to control that?
This we will explain you in detail in another article.