Can't enable BitLocker on a Fresh Install of Windows 10 1809 (OS Build 17763.253) - Solved

I experienced this on a Surface Pro 3, in every other case where I’ve tried to encrypt a system drive with BitLocker I was able to do so without issues. I’m not sure if I ran into this because of the hardware or if it was just bad luck. Anyway, I went though the entire process of updating the TPM firmware only to continue to see the issue. I’ll walk you though the error, what I did to fix it, and updating the TPM firmware on a Surface Pro 3 (which might have been necessary, or maybe not.. I’ll never know).

The Issue

After installing Windows 10 from a USB key I went to enable BitLocker. To do this I right click on the C: drive and choose “Turn On BitLocker”. After a brief loading bar I see the message:

This PC doesn’t support entering a BitLocker recovery password during startup. Ask your administrator to configure Windows Recovery Environment so that you can use BitLocker.
— The Team That Writes Error Messages at Microsoft

The only option is to click cancel.

The Fix

I searched around the internet and finally came across the command to configure the Windows Recovery Environment. I didn’t note down which website I originally found this, but several forums recommended this. Open a command prompt as an administrator and type:

reagentc.exe /enable

After the command ran successfully, which was almost instantly, I was able to proceed to encrypt my system drive using BitLocker.

Now… that isn’t the whole story. You see, between experiencing the issue and running the reagentc.exe command I noticed that my TPM firmware was out of date which I thought was the source of my problems. Continue reading to see how I updated the TPM firmware.

Updating the TPM firmware on a Surface Pro 3

I’m not sure which iteration of Windows 10 included the “Security Processor” menu, in previous versions of Windows your only option for managing the TPM was using tpm.msc. Typing TPM into the start menu brings up the option to view the Security Processor, which must be the new lingo for TPM in Windows 10.


Clicking the Security Processor menu tells me two things

  • Device health attestation isn’t supported on this device.

  • A firmware update is needed for your security processor (TPM)


I clicked the “Clear TPM” button which removed the error message about health attestation, but the firmware update message persisted. A web search for “Surface Pro 3 TPM Update” brought me here - The site has good instructions for updating the TPM. You should heed the warning about backing up your system if you choose to go though with this, messing up your TPM is no joke, if your machine is currently encrypted using the TPM as a protector you could potentially lock your self out.

Per the instructions on the Microsoft page, I downloaded and installed the Surface Pro 3 TPM Update Tool. I never understood why Microsoft gives links to downloads, then makes you pick which thing you want to download, this was one of those situations, I picked “Microsoft_Surface_Pro_3_Tpm_Update_Tool_Setup.msi”


This installed something on my computer called the “Microsoft Surface Pro 3 TPM Update Tool”, which I found in the start menu. Microsoft recommends using a USB 3.0 drive with at least 0.5 GB of space, thankfully I had one laying around. This does format the USB drive and erases all data on the drive.


There were a few more screens in the update tool before it finally completed.


Here is a screen shot of tpm.msc prior to updating the TPM. Note the Manufacturer Version: 5.0.1089.2


Now for the annoying part, I had to boot into the UEFI, delete the secure boot keys, then disable secure boot. To boot into UEFI I had to power the surface off, then start it by holding Power + Volume Up.

Once there, I toggled Secure Boot to disabled and deleted all secure boot keys.

That screen sure is dusty.

That screen sure is dusty.

After doing that, I clicked Exit Setup; I was prompted to save the config, then the machine restarted into Windows. Now, the instructions say to power off the surface, and insert the USB key. This time to boot off the USB key I had to hold Power + Volume Down. When secure boot is disabled, the surface boots with a red screen. It reminds me of the old Doom SNES cartridge.


I don’t recall if the firmware update started automatically after booting off the USB key, or if I had to click enter, but the firmware update was quick.


At this point, the instructions say to boot into Windows and run tpm.msc to verify the TPM is in the “Ready for use.” status, mine was.

I checked my TPM version at this point and saw it was updated to the newer version 5.62.3126.2


I checked the Security Processor and saw that all of the errors were gone.


Finally, I had to boot back into UEFI (Power + Volume Up) to re-enable secure boot and re-install all of the factory default keys.

Even after all of that I wasn’t able to enable BitLocker until I ran the reagentc.exe /enable command.

What did I learn?

Sometimes you think you know how to fix something because it seems obvious to you, only to find out that you’re not as smart as you think you are.

Wi-Fi Slow After Updating to Windows 10 Creators Update - Fixed

Update 2/20/2019

Some of you have commented that the driver can be downloaded directly from Realtek. It appears they have updated their site since I originally wrote this post. The link can be found here - (Thanks “TheGuy”). You do have to enter your email address to receive the download link. I no longer have this Wi-Fi adapter so I am unable to test the results of this driver. Good luck!

I woke up this morning and decided that it would be a good idea to update my primary computer to the Windows 10 Creators Update. I wasn't being offered the Creators Update via the "Check for Updates" interface, so I went ahead and did the manual process by running the Windows 10 Update Assistant. Even though this is the "manual" process its still mostly automatic, it runs though a download phase, an install phase, then after a couple reboots you're good to go.

After the final reboot I logged in. At first everything was looking good, it was only after I started an NVIDIA driver update that I noticed that the download was taking longer than usual... much longer. Like any reasonable person I went to to check things out. A measly 3.49 Mpbs download, I thought it was interesting that upload didn't seem to be affected.

I did another check on from a different computer in the house and was still getting around 80 Mpbs download speeds, this confirmed that the issue was isolated to my desktop that was just updated to the Creators Update.

Next steps? Google it of course. I have the ASUS USB-AC56 802.11ac Wireless USB Adapter so I figured it must be something to do with this specific Wi-Fi adapter. After clicking 3 or 4 different links I came across the fix in this Reddit post ( which subsequently links to the SNB Forum (, this was my first visit to the SNB Forum, which is a cool place to hang out if you're into that sort of thing. User timex18 on the SNB Forum had the fix, which is to update to a newer version of the Realtek driver.

When you do a fresh install of Windows 10 you get the driver version 1030.11.503.2016.

Screen shot of the adapter driver version prior to updating

Screen shot of the adapter driver version prior to updating

As timex18 referenced, you can download a newer version from Softpedia ( I would rather download the drivers from the source so I checked out but they don't host the driver for this adapter there... and it appears as if their website has not been updated since 1999. I never feel comfortable when downloading drivers from random websites, and although this link did get me the correct file you must be cautious to click on the correct links on Softpedia and not one of the copious advertisement links that try to bait you by using the word "Download". If you've navigated the site properly you should now have the file downloaded.

Screen shot of the driver download

Screen shot of the driver download

Extract the downloaded ZIP file by right clicking on it and hitting "Extract All..." then follow the prompts. You should now have the extracted source files, in my case I stored them in my Downloads folder.

Now open up Device Manager (Winkey + X then click on Device Manager). Expand Network Adapters, right click on ASUS USB-AC56 802.11ac Wireless USB Adapter and select Update Driver.

Click Browse my computer for driver software

Copy and paste in the path where you extracted the drivers. You're probably running the 64 bit version of Windows 10 so make sure to select the Win10X64 folder, if you're running the 32 bit version of Windows 10, select the Win10X86 folder. In my case the path is C:\Users\username\Downloads\realtek_wlan_1030.13.704.2016\realtek_wlan_1030.13.704.2016\realtek_wlan_1030.13.704.2016\Win10X64.

The process should only take a minute or two.

You'll be notified when the process is completed.

Finally, check the driver version to confirm that it was updated.

Screen shot of the adapter driver version after updating

Screen shot of the adapter driver version after updating

That's it. I went back to the browser to run another test on and the results were much better, I didn't have to restart the computer, I didn't even refresh the browser page.




Chromecast Ultra Stuck at Fetching Update 0% - Fixed

I received a Chromecast Ultra for Christmas this year. I was real excited to plug it in and watch some Netflix only to be thwarted by connectivity issues. A quick search reveals that I'm not the only one who has run into this. You plug it in, power it up, get the Goole Home app on your phone, connect it to your WiFi and then it tries to update, but gets stuck at 0%. During this update period you can't cast any content. Rebooting the thing doesn't fix it, it just goes right back into the update, where it continues to fail to connect.


Things I tried that didn't work.

  • Rebooted the Chromecast
  • Reset the Chromecast to factory defaults
  • Gave the Chromecast a static IP (DHCP reservation on the router)
  • Put the Chromecast in the DMZ
  • Let it sit for 15 minutes at 0%

I was poking around the Chromecast support site and noticed that it specifically says that it supports 802.11ac on their specifications page. Huh, I wonder if that means that it doesn't support older WiFi technologies like 802.11b/g/n (spoiler, it does work on a 802.11g/n network). What this got me thinking was that the issue could be a router configuration setting. I was on a network with a Comcast router/modem combination so I opened up the configuration to take a peek. Logging into the router is easy, open up your web browser and type . The default username is "admin", default password is "password", if you haven't yet, you should take the time to set a different password to bump up your security posture just a little bit. The setting that allowed me to get the Chromecast Ultra past the updating phase was to configure the security Mode: to WPA2-PSK (AES), it was originally set to WPA2/WPA with TKIP/AES.

Comcast Router Configuration Settings

Comcast Router Configuration Settings

I rebooted the Chromecast once more after making this change and the thing updated right away! I was worried that I might have to reconnect all of the laptops, tablets, and phones connected to the WiFi network after changing the security mode, but it wasn't an issue, everything kept working.

I'm not 100% confident this setting was the silver bullet, it could have very well been that it needed to be rebooted 10 times, but give it a shot, let me know if it worked for you.

TL:DR - If your Chromecast is stuck at fetching Update 0% ry setting your WiFi security mode to WPA2 (as opposed to WPA/WPA2)



Microsoft Ignite Experience

I attended my first Microsoft Ignite this year. It was amazing! I believe there were something like 25,000 people there. The Georgia World Congress Center where the event was held is absolutely huge. Ignite took what seemed like the entire conference center, I definitely got my steps in as I commuted from session to session. Getting from building A to building C was at least a good quarter mile walk.

There were a ton of vendors on site giving away trinkets to whoever would give them a minute to listen to their spiel. Here are some of the things I gathered, I thought the solar powered LED lantern that Lenovo gave away was kind of neat.

Various odds & ends

Various odds & ends

Some vendors were giving out tshirts, I thought the SolarWinds design was the best, it's the one with the gorilla destroying the city.

The Delta Saints played an awesome show on Thursday night. This is second time I've seen them live and they definitely had the crowd hooked. It's always cool to see a band go from playing small venues to a larger event.

The Delta Saints

The Delta Saints

I'll try to get another post up soon about my thoughts of the event content. There were way too many sessions to attend in person. Thankfully Microsoft provides videos of most of the sessions that were presented at

OneDrive for Business Next Gen Sync Client ConfigMgr Detection Method

Recently the OneDrive for Business Next Generation Sync Client was released. This new client brings the OneDrive sync feature out of the Office suite and into a standalone product. I'm not sure if it supported by Microsoft, but you can have both the Office integrated OneDrive for Business client and this new Next Gen client running at the same time. One of the key features missing from the Next Gen client is that you can't sync a SharePoint library using it. You can read all about the features and nuances of the client in Microsoft's post.

The installation files can be downloaded from this site

Detecting the install

The installation for the new client is pretty straight forward so I'm not going to go into detail there, create a new Application, select a script type installer and run "OneDriveSetup.exe /silent" as your Installation Program. In my testing I was able to get the new client installed without any trouble (I tested on Windows 7 only, I'm not sure if my results are applicable to Windows 8, or Windows 10) using "OneDriveSetup.exe /silent" as my installation command line. You'll notice that this installation does not require administrator rights to run, nor does it show up in Add/Remove Programs. Instead the OneDrive application is installed to the user profile directory of which ever user ran the installation, it installs to %LOCALAPPDATA%\Microsoft\Onedrive\ , this also means that the installer will need to be run for each user who logs into the computer that wants to use this version of OneDrive. Given this information I thought I could use a file type detection method by using the path of %LOCALAPPDATA%\Microsoft\Onedrive\ and file name OneDrive.exe.

Seems simple enough, right? However this ends up with a failed install. Why? Because this detection rule runs in System context, regardless if you chose the "Install for User" or "Install for System" installation behavior. I was stuck on this for a while, after some searches I found that others have run into similar issues and discovered that if you run a script based detection method that it runs in the user's context if you choose install for user. I then configured a PowerShell script based detection method and used the command "Test-Path $env:LOCALAPPDATA\Microsoft\Onedrive\OneDrive.exe".

This cleared up the detection issue I was having and I was getting successfully installations when installing from the Application Catalog.

This by no means a comprehensive way to deploy the new OneDrive client, you might want to do some things like remove the old client, prompt your users to log into Office 365, or other things that would smooth the transition from the previous OneDrive client to the Next Gen client.