Scenario: You have a Windows Server 2012 or Windows 8 computer with TPM and you store your Bitlocker recovery and TPM owner information in Active Directory.
When trying to configure the TPM hardware by using tpm.msc you get this error:
Turn on the TPM security hardware
This computer may require you to change the state of the Trusted Platform Module (TPM) manually. To perform this action, try turning on the TPM through the BIOS or performing a firmware update. Consult the computer manufacture’s documentation for instructions.
There is no such object on the server.
Error code: 0x80072030
This error is a bit misleading as it asserts that there is something wrong with your hardware. But never mind. There is no such object on the server and error code 0x80072030 are Active Directory related. This simply means the wizard could not find an object in AD.
The way Windows Server 2012 and Windows 8 store their TPM owner information changed from previous versions. With Active Directory schema version 48 some TPM objects have been introduced (like msTPM-InformationObject) that store this information in the future. You can have look at these changes, just open the support\adprep\sch48.ldf file from your Windows Server 2012 DVD.
If you want to use AD to store your TPM information the same way you did with Windows Server 2008 R2 or Windows 7 you’ll need to update your schema first to version 56 (Windows Server 2012). This will bring all the necessary changes to your environment. If you cannot update your schema you’ll just have one possibility left: Move your computer object to another ou where the group policy object containing your TMP/Bitlocker settings is not applied. Configure TPM “offline” and store the information in a secure place – you won’t have the owner information in AD for this computer. Then move the object back to its previous ou.
Recent Comments