A Windows 8-based client computer does not use the BitLocker Network Unlock feature

Applies to: Windows 8 EnterpriseWindows 8 Pro

Symptoms


On a Windows 8-based client computer, you are prompted to enter the BitLocker PIN to start Windows. This occurs even though the computer is connected through an Ethernet cable to the physical corporate LAN and the BitLocker Network Unlock feature is enabled and implemented.

Cause


A Windows 8-based or Windows Server 2012-based client computer sometimes may not receive or use the Network Unlock Protector feature, depending on whether the client receives unrelated BOOTP replies from a DHCP server or WDS server.

Any message that is received by a DHCP server that includes a DHCP message option type 51 is assumed to have been sent by a DHCP client. Messages that do not have the DHCP Message Type option are assumed to have been sent by a BOOTP client.
  • The DHCP DISCOVER\REQUEST that is sent by the BitLocker Network Unlock client in its first two requests has the Message Type option. This means that the requests are DHCP protocol based.
  • The DHCP request (that is, the third request) that is sent by client does not have the Message Type option. This means that the request is BOOTP protocol based.
A DHCP server that supports BOOTP clients must interact with BOOTP clients according to the BOOTP protocol. The server must create a BOOTP BOOTREPLY message instead of a DHCP DHCPOFFER message. (That is, the server must not include the DHCP message option type and must not exceed the size limit for BOOTREPLY messages.)

The server marks a binding for a BOOTP client as BOUND after the server sends the BOOTP BOOTREPLY message. A non-DHCP client will not send a DHCPREQUEST message, nor will that client expect a DHCPACK message.

DHCP servers may send any DHCP options to a BOOTP client as allowed by the DHCP options and BOOTP vendor extensions.

This means that as long as a DHCP server supports BOOTP clients, the DHCP server will reply to BOOTP requests.

If a DHCP server that is not configured to support BOOTP clients receives a BOOTREQUEST message from a BOOTP client, that server silently discards the BOOTREQUEST message.

Resolution


To resolve this issue, turn off the BOOTP option on the DHCP server, log on to the DHCP server, and then change the DHCP option from DHCP and BOOTP to DHCP.