BitLocker issues and fixes

, Updated by Julian Knight Reading time ~ 2 min.
Kb Windows Support, BitLocker, Win10

BitLocker allows you to fully encrypt drives. It can be enabled so that it protects drives before boot. It also allows administrative recovery keys. However, sometimes it can go wrong.

Setup

Make sure you create a backup of your BitLocker key when setting up. Keep that absolutely safe. If you lose it, you will not be able to recover the drive if you have an issue or need to move the drive to a different PC.

Issues

Disk faults or other operating systems

Remember that, if your drive is encrypted & if you have a fault on it, it will probably not be possible to recover the data.

Also remember that, when working with multiple operating systems installed on the drive (e.g. not virtual OS’s), they must all support BitLocker.

“This PC doesn’t support entering a BitLocker recovery password during startup. Ask your administrator to configure Windows Recovery Environment so that you can use BitLocker”

This error messsage appears to have a number of reasons.

Tablets

One is that you are using a tablet and so may not have a keyboard available during pre-boot where you might need to enter the BitLocker key. To fix this, try:

  • run gpedit.msc
  • Under computer configuration click on “administrative templates”
  • Click on “windows components”
  • Click on “bitlocker drive encryption”
  • Click “operating system drives”
  • Make sure that “require additional authentication at startup” is enabled
  • On Microsoft surface devices, make sure that “enable use of bitlocker authentication requiring preboot keyboard input on slates” is enabled.

Reference: https://community.spiceworks.com/topic/1401228-bitlocker-not-allowing-encryption

Other

Try:

  • Start an elevated command line
  • Run DISKPART
  • Enter LIST VOLUME
  • Select the “recovery” volume with SELECT VOLUME <number>. Number is the recovery volume number
  • ASSIGN LETTER=Q (to assign the letter Q:\ to the recovery partition)
  • FORMAT fs=ntfs label="Recovery" quick override. You can use any name for the label.
  • EXIT to leave diskpart
  • Run Robocopy.exe C:\Windows\System32\Recovery\ Q:\Recovery\WindowsRE\ /copyall /dcopy:t
  • Run reagentc /setreimage /path Q:\Recovery\WindowsRE
  • Run reagentc /enable
  • Run reagentc /info to check whether the setup worked. If everything worked OK, “WinRe-Status” should be enabled.
  • You can now remove the Q: drive letter to prevent accidental access (which should result in an “access denied” message anyway). Go back into DISKPART, follow steps 1 through 3 again. Then enter REMOVE LETTER=Q.

You don’t need to reboot.



comments powered by Disqus