Scripting Question

Dell CCTK (Command and Configure) - Enable and activate TPM (for Credential Guard)

01/11/2016 8326 views
Hi all,

I'm currently facing issues regarding the activation of the TPM in my Scripted install.
I'm using a WinPE 10 Bootimage (with the following packages: WinPE-WMI, WinPE-NetFx, WinPE-PowerShell, WinPE-HTA, WinPE-DismCmdlets, WinPE-Scripting)

After enabling the TPM (using the CCTK), I'm trying to active it using the Dell Command and Configure tooling with this command: "cctk.exe --tpmactivation=activate".
This is returning the following error: "To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated.".

I stumbled accross this blog which holds a powershellscript to determine if the TPM is owned/activated, but it didn't work for me.
I ran the cmdlets manually and it gives me the error "Get-wmiobject: Provider load failure"

Other powershell cmdlets seem to work, so I don't have an idea what might be wrong. Enabling the TPM doesn't provide an issue.
The default Microsoft driver is also loaded and CCTK is used in WinPE to activate the TPM.
Using wbemtest, I see that the class is present on the computer, but it only holds <null> values.

Purpose TPM: I'm trying to active the TPM to protect the keys of Credential Guard.

Does anyone have an idea how I could resolve this?

Thanks in advance!

0 Comments   [ + ] Show comments


All Answers

I'm still struggling with the enablement, but figured out what was the problem with the powershell command. I haven't added the WinPE-SecureStartup.cab package to the WinPE image.
Answered 01/11/2016 by: Silencer001
Orange Senior Belt

Hi I have the same issue...did you manage to solve the issue and activate the TPM chip as well during the TS phase ?
Answered 09/12/2016 by: pollewops
Senior Yellow Belt

  • No not really to be honest.. To have a smooth integration with these components, implementing MS ConfigMgr would be a solution :)
What do you mean with "implementing MS ConfigMgr would be a solution" ?

I use configmgr and still have the issue.

I am now trying to use cctk within Winpe phase which now seems to work.
Important is that a setup password is available before you configure TPM (enable and activate) !
Answered 09/12/2016 by: pollewops
Senior Yellow Belt

  • I haven't tested this in a ConfigMgr setup, but the blogpost (see first post) succesfully uses ConfigMgr. It's been a long time for me since I was working on this, but I thought that a reboot was required for the TPM between activating en enabling. Dell KACE doens't have the standard step like ConfigMgr to reboot the computer and start the TS.. Setting a setup password or converting disk to UEFI and secure boot is no issue with Dell KACE in combination with the CCTK. I've got this working.. It's just the reboot part that isn't available by default in Dell KACE..

I tried configuring using the blog post but that does not work with me either :-(
The problem is when an owner is already available. Then re-enabling and re-activating seems not to work.

Will investigate further.
Answered 09/14/2016 by: pollewops
Senior Yellow Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ