Another BitLocker Problem

The Story

I’ll keep this one short as I have a lot of things to do and this was an interesting find.

So I had to deploy some new laptops, did my usual trick with multiple systems, grab the latest version of Windows,run spiceworks decrapifier, install all updates, install Office, install all updates, install a couple third party software, clean.

Then cleanup the default profile. there have been issues with the “CopyProfile” option that MS supports with an XML file during sysprep, not only have there been known issues but this is total rubbish when it used to be a button. I reallllllllly hate this move by MS, there are times you want to configure the default profile and not sysprep (family computer anyone?)

Well ok enough of that MS rant (there are many) if you need help configuring the default profile check out this guys blog “scribbleghost” who sources the same one I originally followed by “Jose Espitia” which I think has a cleaner look and feel. IMHO

This was so far the cleanest, smoothest deployment I’ve done so far, and I haven’t hit a single snag, I also haven’t had to deal with Forenstics “DefProf” leaving lingering services with the above blog posts. Or other anomies by their profile migration tool.

Instead I suggest admins look into Ehlers “User State Migration Tool GUI” he basically took MS’s new user migration “tool” *cough* cmd line based app *cough* which normally would have someone digging through endless cmd parameters and syntax requirements (I only like doing this if I have to script, outside of that give me a damn GUI MS) Well no worries this guy did it. (it’s worth the cost, buy it).

OK now that allllll that is out of the way, what the heck was the issue man?!?!

So I go to BitLocker one of the deployed systems and BAM! Error in my face in particular Error code: 0x8004259A

so go to google, and my first attempts were not successful as it seems no bit locker reference to this error code has been shown. After some more searching I it this MS support page with some more English understandable definition of the code:



The volume selected for shrink might be corrupted. Use a file system repair utility to fix the corruption problem and then try to shrink the volume again.

Alright well this is something…

The Solution

On my particular laptop that I first tested on (and I only was on my first other test deployment after mine) in which I forgot to enable BitLocker, as other systems leave the office more than Mine ever does. I was able to reproduce the error.

Yet on my laptop CHKDSK always returned clean, what gives, yet shrinking the volume and re-extending it resolved the issue for me…

Until I went to do the same on the first deployed laptop only to find it was telling me I was unable to shrink due to corruption (sure this one picks up on something; remember I shrink the data partitions before making my base image to make DDing it onto other system much faster).

So this time a CHKDSK /f, and a rebooted made chkdsk clean the disk, and without shrinking or expanding was able to run BitLocker!

Another win for today!

BitLocker Can’t find the file

This was an interesting one, created a new Windows image to deploy recently. Then after deployment went to enable bitlocker and was prompted with the error “The system cannot not find the file specified”. Since this was new to new, what other than to do a web search to see if anyone else had experienced this, and sure enough, yup.

Short answer: rename REAgent.xml file (in C:\Windows\System32\Recovery) to REAgent.xml.old (or dlete it but I haven’t tested that).

and it worked, apparently….

“Sooooo, what we have found is that when we captured the image, since we had already opened the Bitlocker console (even though we hadn’t actually Bitlocked the unit), the REAgent.xml file (in C:\Windows\System32\Recovery) had been populated with the specific GUIDs for both WinreBCD and WinreLocation path.” – Borch25

I like borch, can’t wait for more.