Server 2012 R2 & Bitlocker

cgadmin · 2015-05-13T07:56:34.000Z

I have a couple of new dell servers that I am setting up to be hyper-v hosts.

The servers are fairly secure (racked in a locked room in a locked building) but the server room is shared with other tenants & the content of some of the VMs is fairly sensitive (not commercially but from a DP standpoint). Not much we can do about our situation in this respect I’m afraid and no budget to take a substantially different approach.

Initially I was thinking that with TPM being how it is these days encrypting the disks (system & storage) with bitlocker would be super easy but I’ve run into some problems.

Sometimes when either of these servers reboots they get stuck at a UEFI looking “choose an option” screen (apologies as this is from memory):

Selecting “continue” results in a boot loop back to this screen.
Selecting “troubleshooting” and then “startup settings” results in booting to a dos-y looking bitlocker recovery screen.
I can then enter the bitlocker recovery key which leads back to a modern looking bitlocker recovery screen where I need to enter the same key again.
From here we get a modern looking “Repairing your PC” screen which eventually “fails” and moments after I get the Server 2012 login screen.

These servers aren’t in full production yet so I still have time to play with them but I’m wondering if I’m on the wrong track with bitlocker.

Have I misconfigured bitlocker, or the dell TPM options, or something relating to UEFI\secure boot?

Or is bitlockering the system disk on a server just a dumb idea?

What do you think?