Usually I write my Blog-Posts in German, this one is English as I try to report this to Microsoft too and to reach a broader community.
Environment
Skylake PC based on Fujitsu D3410-B1 Mainboard with most actual BIOS/UEFI-Firmware V5.0.0.11 R1.21.0 for D3410-B1x,
Windows 10 Education, 64bit, v1709 running in UEFI/SecureBoot with BitLocker with TPM 2.0 Protection. Update v1703 to v1709 via WindowsUpdate was done on 05. November 2017. Before installing the Fall Creators Update everything worked smooth and fine.
Problem
After Updating to Windows 10 v1709 I noticed that there is no Sound-Output working any more, Device-Manager doesn’t show up any Sound-Output-Device (neither my Intel(R) Display-Audio nor my Realtek High Definition Audio). In addition two System-Devices stopped working, Device-Manager shows up „Code 10“ for:
- High Definition Audio-Controller
- PCI\VEN_8086&DEV_A170&SUBSYS_121E1734
- Driver: Microsoft, v10.0.16299.15, Date: 28.09.2017
- Intel(R) Management Engine Interface
- PCI\VEN_8086&DEV_A13A&SUBSYS_121D1734
- Driver: Intel, v11.7.0.1040, Date 18.07.2017
No newer Drivers available in WindowsUpdate, on Fujitsu-Website or on Intel-Website. Devices failed to load with „Code 10“.
System works fine, but no sound available. And: System Startup-Time when doing a fresh restart of the system increased significantly (Machine seems to stuck for about 1-2 Minutes at the Boot-Screen still showing the Fujitsu-UEFI-Logo and the loading Windows-Progress „circle“), but when waiting with patience the Machine boots and then runs at normal speed.
Eventlog
System Eventlog Source MEIx64 shows several entries with:
„Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x90000245, FWSTS1: 0x89118306).“
as well as „The Intel(R) Management Engine Interface is being disabled.“
Solution (Workaround)
After a while I figured out that this problem is caused by the setting „Disable new DMA devices when this computer is locked“. This setting was introduced with v1703 and I enabled it some month ago to protect my BitLocker-Key from DMA-Attacks (see this Blog-Post).
When updating to Windows 10 v1709 this setting leads to my described problem.
Countermeasure (Workaround): GroupPolicy Editor (gpedit.msc)
Computer -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Disable new DMA devices when this computer is locked.
Set this to „Disabled“ => reboot the Machine => Problem is solved, both the Sound and the Intel ME Interface are working again.
Seems we have to wait for a Patch until this Setting can be reactivated again!
Send Error Report to Microsoft:
I reportet this through the Microsoft Feedback Hub, see: https://aka.ms/Gg2urj
Please UpVote for this Issue to get if fixed quicker.
Status-Update: Microsoft on 18th of January 2018 published KB4057300 as well as a Blog-Post confirming this problem, but says the Firmware- and/or Driver-Vendors have to Fix it.
Finally: Solution Win10 Cumulative Update KB4093105
On April 23rd Microsoft published Cumulative Update KB4093105 for Windows 10. This Update resolves this Issue, Bitlocker-DMA Protection can be turned on again after applying this Update. Changelog is provided here.
Thank you so much! I ran into this issue with my Lenovo T470 laptop when I enabled Bitlocker together with the „Disable new DMA devices when this computer is locked“ group policy. My computer got exactly the same symptoms, plus it started to crash just a few minutes after logging in.
With the help of your post I managed to solve the issue, but there is a a gotcha buried in the description text of the policy. It says: „This policy setting is only enforced when BitLocker or device encryption is enabled“. Thus, if you turn Bitlocker off BEFORE you disable the group policy, IT WILL REMAIN ENABLED just like the help text says. The only way to disable it is to do so while Bitlocker is still on.
Hi there, after doing what you have said at up, my Intel Management Engine Interface disappear from Device Manager totally.
Do you think it will occure any problem until we get update for it ?
Hi and thank you for sharing the info. In my case BitLocker has been always disaled, because I do not have compatible hardware to enable it, however I am having exact problem as per this thread with Intel(R) Management Engine Interface.
When I close laptop lid and open it, OS should return from sleep, but instead laptop restarts;
Every restart and OS boot takes ages, 1-2 minutes until I get to the desktop;
Intel(R) Management Engine Interface in Device manager is marked with explamation mark, regardles of driver version I use, 9.5.x, 11.x etc;
If laptop is not connected to power source, it would not boot up at all, but when booted, battery is full.
I am fighting this issue since late autumn 2017. Is there any update on this? I am really furstrated, not being abl to use my laptop nurmally.
Hi Saulius,
If it is a DMA-Policy related problem, just disable the Policy as described here or in the now published Microsoft Blog-Post.
Hi Gunnar,
What I have done so far:
Disabled DMA Policy as stated in the article;
Downgraded IMEI driver to 9.5.x as per many suggestions on the web;
Tried multiple IMEI driver versions but neither of them worked well;
Updated BIOS to letest version.
And still nothing helps, should I be worrying that hardware has failed?
Oh thank you so much too…. I activated that GPO several days ago and at the same time there have been Windows Updates published and I was searching for days.
I disabled that GPO setting and the problem with the unknown hd audio device went away.
We have been affected on all of our HP Elitedesk 800 G1, they have a onboard Realtek High Definition Audio device that won’t work with 1709 and that Bitlocker/DMA computer setting.