Sit back and relax. This post will be lengthy. I have been racking my brain on this for over a week, and I desperately need a hero. Let me start with the scenario. We use a combination of MDT\WDS to deploy our images (we also have an SCCM environment that is not integrated with MDT). We are in the middle of using MDT's refresh capability to replace our Windows 7 bitlockered OS' with Windows 10. The refresh process goes like this:
- Litetouch.vbs is executed from within a running Windows 7 OS that has Bitlocker enabled.
- Task sequence is executed, and performs the following key steps: (a) backs up user profiles via USMT, (b) disables BDE protectors, (c) applies Windows PE, (d) reboots to MDT to continue the task sequence
- Once the PC has booted into the MDT environment, the task sequence continues on like this (key elements only): (a) applies the WIM, (b) converts the bios to UEFI via Dell CCTK, (c) converts the MBR to GPT via the Microsoft MBR2GPT utility, (d) reboots to load Windows 10 for the first time.
This last reboot is where the issue lies. As soon as the task sequence hits that 'Restart' task, it blue screens with an 'fvevol.sys' error, and a 'DRIVER IRQL NOT LESS OR EQUAL' error, and it just sits there until the power is cycled. Now once you cycle the power, the task sequence continues without error, but we kick these off remotely. So our only option right now is to either have the end user cycle the power, or be physically present at the workstation.
Now...with the previous iteration of WinPE, we were still getting this blue, but it would at least reboot automatically, and continue on with the task sequence. I have scoured the internet, and cannot find anything related to this. I find it hard to believe that no one is encountering this, as it happens on EVERY machine of ours (not a random thing). Here is what I have tried so far:
- Removed the built-in 'Disable BDE protectors' task in MDT, and replaced it with a script of my own (no change).
- Mounted the 'LiteTouchPE_x64.wim' and edited the registry entry "AutoReboot" value from 0 to 1. This change causes the PC to shutdown after the bluescreen instead of rebooting.
- Mounted the 'LiteTouchPE_x64.wim' and edited the registry so that it does not load fvevol.sys (a bitlocker driver). This causes the PC to boot straight to the MDT menu (task sequence does not continue), as it can no longer read the scripts from the drive due to encryption. I thought this was rather strange since the bde protectors get disabled before it reboots to WinPE. This tells me that WinPE is possibly re-enabling bitlocker.
The only thing I have not tried is fully decrypting the drive. I suspect this would work, but I shouldn't have to do this. Also, this issue does not occur if we boot straight to MDT using a 'New Computer' deployment type scenario.
I would greatly appreciate any feedback on this! Thanks to all in advance!