ProLiant Servers - Netservers
1748076 Members
5196 Online
108758 Solutions
New Discussion юеВ

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

 
SOLVED
Go to solution
mwiora
Occasional Contributor

Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Hi all,

this morning I've installed the Latest Windows Server 2016 Updates on my HP Microserver Gen8 (HP G8 360DL Performance same issue here) - which is protected by the Optional HP TPM Module 488069-B21.

From this installation on I had issues using the TPM Chip to unlock my Boot Disk.

I've documented some details here on Technet:

https://social.technet.microsoft.com/Forums/windowsserver/de-DE/3875257a-3d02-4bd3-b2a1-5421e21a7a24/issues-after-installation-of-todays-updates-kb4494440?forum=ws2016

Maybe you have something in your databases and could give me the right hint on what I am missing as of today to get it working again.

Cheers,

Matthias

TPM Startup Pin PromptTPM Startup Pin PromptStarting Automatic RepairStarting Automatic Repair0xc02100000xc0210000Bitlocker Recovery Key PromptBitlocker Recovery Key PromptTroubleshoot menuTroubleshoot menu

6 REPLIES 6
Tommy_Boy611
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Ran into the same issues on a DL380 Gen 9 with TPM.  After entering the recovery key and getting back in the OS we uninstalled KB4494440 and rebooted.  The system booted back up without prompting for the recovery key and is completing the uninstall, sitting at 100%, as I write this.

ThomasTrain
Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Same issue here:  HP Proliant DL380p Gen8 with TPM + Windows 2016 + Hyper-V

Only workaround for now is to either remove the patch or temporarily suspend bitlocker with the below command:  keep in mind that suspending bitlocker will disable the TPM controls so determine the best course of action for your enviornment.

Suspend-BitLocker -MountPoint "C:" -RebootCount 0

somanpkt
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

We installed latest HP firmware and Drivers as mentioned in the HP KB article, but still we get bitlocker key prompt during server restarts. Mitigation to uninstall KB4494440. 

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03933en_us

We may need some updates HP/Intel/Microsoft for permanent fix. Some additional link for your reference. 

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling

 

 

Tommy_Boy611
Occasional Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Microsoft posted a new article about this issue. They're currently investigating...

Some devices running Windows Server with Hyper-V enabled may start into Bitlocker recovery with error 0xC0210000

https://support.microsoft.com/en-us/help/4505821/some-devices-running-windows-server-with-hyper-v-enabled-may-start-int

mwiora
Occasional Contributor
Solution

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Microsoft just released KB457460 which finally fixes that issue...
This is also noticed in KB https://support.microsoft.com/en-us/help/4505821/some-devices-running-windows-10-with-hyper-v-enabled-may-start-into-bi

ThomasTrain
Visitor

Re: Issues with 488069-B21 (Optional HP TPM Module) and Update KB4494440

Confirmed fixed here.