How big can this delay be probably depends on usual network-related configuration. This post applies to Windows 10, 7, 8, Server 2008, and Server 2012. Only after this happens BootRequest packet is send to WDS server which replies with BootReply. If you work in IT, youre probably familiar with Microsoft Windows users constantly. You can get more information or disable the cookies from our Cookie Policy. This website uses third party cookies for its comment system and statistical purposes.
Why? Before Windows can successfully start and unlock drive with certificate, boot manager has to get valid IP DHCP address (or not if timeout happens). How to encrypt your drives with BitLocker Drive Encryption on Windows Server 2012 R2. – This change to BitLocker OS drive unlock process will add few seconds to boot process. – Network unlock by itself doesn’t do PXE boot – unlock happens before that with special DHCP packet (provided, that LAN boot is not first BOOT option – which it shouldn’t be). Second link is really useful for understanding how the whole thing works – it even has few screenshots of network trace (good reference for troubleshooting). Windows 8 and Windows Server 2012 include a new BitLocker protector. Not sure if it is fully supported from MS side but I didn’t do any “funny” customization to get it working – based on this I would guess it should be supported. Network Unlock helps you manage BitLocker-enabled desktops and servers in a domain. change to certificate template used for network unlock: Certification Authority and Certificate recipient fields are Windows Server 2012 R2 and Windows 8.1 respectivelyĪfter some initial testing I’ve successfuly deployed this configuration at one of our customer’s sites.SCCM distribution point: dedicated server for network unlock and client deployment.Clients: Windows 8.1 and up on isolated VLAN.– Bitlocker: Network Unlock (PFE Blog post) – BitLocker: How to enable Network Unlock I’ve read and followed MS documentation available at: