Bit Locker recovery key not uploading to AD Server 2008 R2 Clients: Win7 Enterprise

[RaviSharma]

Hi,

 

I have deployed Win7 Enterprise x64 using MDT 2010(On Server 2008 R2). The OS gets deployed successfully. I want to encrypt the drives using BitLocker which i have configured in the Task Sequence. After installing the OS, drives get BitLocker encrypted. However, the recovery keys are not uploading on the AD. The keys are there on the Client system in the encrypted drive. How do i get them on the AD for easy recovery at a later stage?

 

I have run the Add-TPMSelfWriteACE.vbs as specified here: http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx. Also i have enabled the Group Policies to upload the TPM and BitLocker keys on AD.

 

Can anyone through some light on this? Am i missing something? Can you tell all the configurations that i need to do on the Domain Controller? Please let me know incase you need more details of my problem.

 

--- Ravi

[jamitupya]

have you specified the location in your GPO where the Bitlocker Keys are backed up too? silly i know, but we experienced this same thing recently and had a typo in the GPO. fixed that and seemed to work again.