Using ENGL Imaging Toolkit 12.0.7, working on a new base image for Windows 11 24H2 I ran into a sysprep issue as shown below.

I double checked the Windows support matrix and the Windows ADK support matrix for Windows 10 and 11 for using the correct ingredients. I was using the latest ADK, which is supported, and Windows 11 24H2 which is supported too. Of course.

ENGL’s ztoolkit.log didn’t give me that much clues on what is going on.

[27-Dec-24 06:22:01] [Zimageprep] cmdline [C:\Windows\System32\Sysprep\sysprep.exe /oobe /generalize /quit /quiet /unattend:C:\Ztoolkit\sysprep\sysprep.xml]
[27-Dec-24 06:22:01] [Zimageprep] Running sysprep…
[27-Dec-24 06:22:02] [Zimageprep] returned [success]
[27-Dec-24 06:22:02] [Zimageprep] Checking Sysprep has completed successfully…
[27-Dec-24 06:22:02] [Zimageprep] Failed

But that’s probably due to the fact that sysprep, when run unattended, returns a return code of 1 only telling you a ‘fatal error’ occurred.

More details should be fetched from setupact.log. So I reviewed:

%WINDIR%\system32\sysprep\panther\setuperr.log and
%WINDIR%\System32\Sysprep\Panther\setupact.log.

And there you have it …

2024-12-27 06:22:02, Error SYSPRP BitLocker-Sysprep: BitLocker is on for the OS volume. Turn BitLocker off to run Sysprep. (0x80310039)
[gle=0x00000001]

2024-12-27 06:22:02, Error SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing ‘ValidateBitLockerState’ from C:\Windows\System32\BdeSysprep.dll; dwRet = 0x80310039[gle=0x00000001]

Then I searching for ‘Bitlocker’ and ‘Sysprep’ I found this Dell article: Workaround: BitLocker prevents Sysprep on VM in 24H2.
Bitlcocker is causing the sysprep issue here indeed. But hang on, I didn’t enable Bitlocker to begin with. I just ran an unattend install.

Running ‘manage-bde -status’ shows what’s happening here. Microsoft enables Bitlocker by default in 24H2:

Microsoft is enabling BitLocker device encryption by default on Windows 11
Windows 11 24H2 will enable BitLocker encryption for everyone: happens on both clean installs and reinstalls

Also when you run a clean (unattended) install!


Which means that you have to run ‘manage-bde -off C:’ first before you run Zimageprep. Which means that if you prepare youre base image using Deployment Wizard, you need to uncheck this check box in order to run ‘manage-bde’ before running Zimageprep:


Also make sure to use ‘manage-bde status’ to verify that the C: drive is Fully Decrypted before you run Zimageprep: