ProLiant Servers - Netservers
cancel
Showing results for 
Search instead for 
Did you mean: 

Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

 
Highlighted
mwiora
Occasional Contributor

Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Hi all,

this morning I've installed the Latest Windows Server 2016 Updates on my HP Microserver Gen8 (HP G8 360DL Performance same issue here) - which is protected by the Optional HP TPM Module 488069-B21.

From this installation on I had issues using the TPM Chip to unlock my Boot Disk.

I've documented some details here on Technet:

https://social.technet.microsoft.com/Forums/windowsserver/de-DE/3875257a-3d02-4bd3-b2a1-5421e21a7a24/issues-after-installation-of-todays-updates-kb4494440?forum=ws2016

Maybe you have something in your databases and could give me the right hint on what I am missing as of today to get it working again.

Cheers,

Matthias

0.pngTPM Startup Pin Prompt1.pngStarting Automatic Repair2.png0xc02100004.pngBitlocker Recovery Key Prompt7.pngTroubleshoot menu

4 REPLIES 4
Tommy_Boy611
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Ran into the same issues on a DL380 Gen 9 with TPM.  After entering the recovery key and getting back in the OS we uninstalled KB4494440 and rebooted.  The system booted back up without prompting for the recovery key and is completing the uninstall, sitting at 100%, as I write this.

ThomasTrain
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Same issue here:  HP Proliant DL380p Gen8 with TPM + Windows 2016 + Hyper-V

Only workaround for now is to either remove the patch or temporarily suspend bitlocker with the below command:  keep in mind that suspending bitlocker will disable the TPM controls so determine the best course of action for your enviornment.

Suspend-BitLocker -MountPoint "C:" -RebootCount 0

somanpkt
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

We installed latest HP firmware and Drivers as mentioned in the HP KB article, but still we get bitlocker key prompt during server restarts. Mitigation to uninstall KB4494440. 

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03933en_us

We may need some updates HP/Intel/Microsoft for permanent fix. Some additional link for your reference. 

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling

 

 

Tommy_Boy611
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Microsoft posted a new article about this issue. They're currently investigating...

Some devices running Windows Server with Hyper-V enabled may start into Bitlocker recovery with error 0xC0210000

https://support.microsoft.com/en-us/help/4505821/some-devices-running-windows-server-with-hyper-v-enabled-may-start-int