I'm currently working in the IT department and deploying BitLocker (TPM + PIN) on all company laptops. To enhance user experience, we implemented BitLocker Network Unlock (BNU). My goal is to have the laptops connect over Ethernet without requesting a BitLocker PIN while requiring the PIN for remote use. I've successfully configured BNU to work within the same VLAN, but it fails in inter-VLAN scenarios, which simulate remote sites across France. We only use UniFi for DHCP, with no Windows DHCP servers present.In my lab setup, the server is on VLAN 12 and the test laptop is on VLAN 11. While communication works fine between these VLANs, BNU does not operate as expected in inter-VLAN scenarios, always asking for the PIN. Currently, I'm left puzzled because pinging the server and network communication both function properly after Windows boots up. I need to know if specific DHCP options are required or if an IP Helper/DHCP Relay is necessary which UniFi DHCP may not be handling correctly. I'm keen to learn if anyone has successfully implemented BNU across VLANs using just UniFi for DHCP.
3 Answers
It sounds like you'll need a proper BOOTP/DHCP relay configured to route requests to both your DHCP server and the WDS server. Without that, relying on UniFi alone won't meet the requirements for BitLocker Network Unlock across VLANs.
Have you tried using a network capture tool to monitor the traffic? Capture what packets are going in and out of the laptop to troubleshoot what's going wrong. It's a good way to see if there’s anything missing since PXE is generally working fine.
From what I gathered from the Microsoft documentation, IP helpers on your switches for VLAN 11 may solve the issue. If that's still not helping, definitely consider capturing traffic directly from the test laptop to see what’s not transferring as expected.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures