5 solutions to fix BitLocker failure during encryption
- Enable BitLocker without a compatible TPM
- Clear TPM (Trusted Platform Module)
- Clean disk and re-create the partition with DiskPart
- Change the Security Chip settings
- Change the settings of USB devices in BIOS
In this article, we are going to talk about several errors that may appear when trying to encrypt your drive using BitLocker. This tool protects your operating system from offline attacks.
Here are some of the most common BitLocker errors:
- This device can’t use a Trust Platform Module.
- Go to Solution 1 to fix it.
- Illegal operation attempted on a registry key that has been marked for deletion.
- Go to Solution 2 to fix it.
- BitLocker Drive Encryption cannot be used because critical BitLocker files are missing or corrupted. Use Windows Startup Repair to restore thee file to your computer (0x8031004A).
- Go to Solution 3 to fix it.
- The BitLocker encryption key could not be obtained from the Trusted Platform module (TPM) and enhanced PIN. Try using a PIN containing only numerals. C: was not encrypted.
- Go to Solution 4 to fix it.
- BitLocker could not be enabled. The data drive is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted.
- Go to Solution 5 to fix it.
Steps to fix BitLocker drive encryption issues
Solution 1: Enable BitLocker without a compatible TPM
- Open Run from Start button, write gpedit.msc and
- It will open the Local Group Policy Editor
- Click on Administrative Templates from Computer Configuration and then Windows Components.
- Select BitLocker Drive
- Encryption and then Operating System Drives.
- In that window, double-click on “Require additional authentication at startup”
- In the new window, select “Enabled” and “Allow BitLocker without a compatible TPM (requires a password or a startup key on an USB flash drive)”.
- Save the changes by pressing “Apply”.
- Now try to encrypt your drive by using BitLocker.
Solution 2: Clear TPM (Trusted Platform Module)
Before starting to clear TPM to factory defaults, please make sure that you backed up your computer. This method may result in data loss.
- Open Run from Start button, write tpm.msc and press enter.
- A new management console will open.
- Under the Action section on the right, press Click TPM.
- In the Clear TPM Security Hardware box, the simplest solution is to check “I don’t have the owner password” and click OK.
- You will be asked to reboot. It will indicate that you should press a key (usually F10) in order to clear the TPM. Press the requested key.
- Once the system reboots, you will have to restart. After it restarts, you will be prompted to press a key (usually F10) to enable TPM. Press that key.
- The TPM Setup wizard will start for you to enter a TPM owner password.
Solution 3: Clean disk and re-create the partition with DiskPart
Before we continue, keep in mind that this method will erase all the information stored on your disk. Do create a back up on a different drive just to make sure that you won’t lose all your files and folders.
- Launch Command Prompt as an administrator, type diskpart and hit Enter.
- Enter list disk to show a list of all drives
- Enter select disk # where # is the problematic drive. Hit Enter.
- Type clean > hit Enter.
- Wait until the drive is cleaned. Now, it’s time to create a new partition.
- Type create partition primary and hit Enter
- Type assign letter = #. Once again, # is the letter you want to use.
- Format your partition by typing format fs=ntfs quick. Hit Enter.
Solution 4: Change the Security Chip settings
According to reports, it seems this issue affect machines equipped with Intel PTT Security Chips using particular settings. For example, the BitLocker Drive Encryption used TPM and PIN, and the “Allow BitLocker without a compatible TPM” was turned off.
Also, these machines run the OS in BIOS, not UEFI.
We’ll list the general steps to follow below. Keep in mind that they may vary on your machine.
- Start your machine > open BIOS setup
- Go to the Security tab > select Security Chip settings.
- Select the Discrete TPM option
- Go to Clear Security Chip > save your changes.
- Restart your machine, log in and enter your PIN. Check if the issue persists.
Please note that if you want to return to the previous settings of the Security Chip, you need to replace the firmware’s boot capability with UEFI boot. Sometimes, you may also need to reinstall the OS.
Note: In case you cannot arrive at a fix of BitLocker, we strongly recommend you to switch to Folder Lock, which is a powerful encryption tool. It allows you to encrypt files, folders, and drives and has a wide range of security features.
You can find more information about it on our list of best encryption tools.
Solution 5: Change the settings of USB devices in BIOS
This error may appear when trying to encrypt the operating system drive using a USB startup key. The cause of it can be related to some settings in BIOS mode. Here’s a possible fix.
- Enter the BIOS setup utility.
- Go to Advanced, then Peripheral Configuration.
- Access USB Host Controller and USB Devices.
- The setting of the USB Devices should be All.
We hope that these solutions helped you to fix your Bitlocker encryption problems.
If you’ve got additional tips and suggestions, feel free to list them below.
Editor’s Note: This post was originally published in November 2018 and has been since revamped and updated for freshness, accuracy, and comprehensiveness.
RELATED POSTS TO CHECK OUT:
- How to fix a Bitlocker fatal error during startup
- Fix: Failed to unlock with this recovery key BitLocker error
- Here’s why Bitlocker is slower on Windows 10 than Windows 7