Surface Laptop 4 and Pro 8, with network unlock + dock1 = 30 reboot delay (freeze)
We have had a fleet of Surface LP2 and Pro 6 for years configured with SEMM , Network Unlock - TPM and PIN protection. The network unlock has worked well. When we introduced Laptop 4 and Pro 8, we realized they started freezing after a restart in our MECM Task sequence, at the step where we install the Microsoft driver packs. The "freeze" only occurs on a warm restart. Not a power off / on. The Surface stays on the MS UEFI logo. If left in this state, it turns out the Surface will prompt for a PIN but very slowly, it takes between 15 to 20 minutes for the Surface to slowly draw the screen, Its feels like the CPU is operating at 1 cycle per second. This sequence of images was taken over a 15 to 20 min period. Picture of the device here : https://imgur.com/f9NKJgQh.png when the device finally gets to the pin prompt, it will start normally if the pin is entered. For the average users the device is frozen, no one expects a restart and pin prompt to take 15 to 20 minutes. The same LP4 and Pro 8's work without any issue when connected to a dock 2. We have an order for hundreds of dock 2 that has been back order for a few months.
BitLocker Network Unlock Question
I set up network unlock for two servers in our network as a test for a future deployment of BitLocker. Both HP's. One is a DL 360 Gen9 server with aftermarket TPM, the other is a DL360 Gen11 with onboard/HP TPM. Configured first NIC on both boxes for DHCP. Just to test things, I unplugged NIC1 but kept NIC2 plugged in on the Gen11 server and rebooted. It prompted for a PIN on boot up (expected behavior). Did the same test on the Gen9 server and it boots straight into the OS (unexpected behavior). As a further test, I kept NIC1 unplugged and then unplugged NIC2, rebooted and got prompted for a PIN (as expected since box was completely off network). Does anyone have any ideas why this is happening? Could it have something to do with the aftermarket TPM? From what I've read network unlock requires the first NIC to be DHCP so it can communicate with the WDS server and allow network unlock to work. Could it be something with the NIC's on the Gen9 server? I'm at a loss to explain this behavior. Hoping someone may have some insight. TIA