- BitLocker sometimes fails to encrypt disk drives, displaying several error messages.
- In this article, we're listing solutions that should help you overcome these errors and safely secure your data.
- Save our Troubleshooting page for quick access in case you need it at a later date.
- Looking for further inspiration on protecting your files? See our recommendations in the Data Protection Hub.
BitLocker is a Windows built-in tool that you can activate on your OS to protect your hard drives or removable drives from offline attacks.
While this is a most welcome software offered by Microsoft for privacy purposes, the tool has its glitches.
For instance, users complained about protected drives that were unusable when migrating from an older OS version to a newer one.
Other common BitLocker reported error messages are :
- This device can’t use a Trust Platform Module.
- Illegal operation attempted on a registry key that has been marked for deletion.
- BitLocker Drive Encryption cannot be used because critical BitLocker files are missing or corrupted. Use Windows Startup Repair to restore thee file to your computer (0x8031004A).
- The BitLocker encryption key could not be obtained from the Trusted Platform module (TPM) and enhanced PIN. Try using a PIN containing only numerals. C: was not encrypted.
- BitLocker could not be enabled. The data drive is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted.
For each of these errors, you’ll find a solution in this article. Hopefully, by the end of this material, you’ll be able to use BitLocker to the best of your needs.
How can I fix BitLocker drive encryption issues?
- Clean disk and re-create the partition
- Change the Security Chip settings
- Enable BitLocker without a compatible TPM
- Clear TPM (Trusted Platform Module)
- Change the settings of USB devices in BIOS
1. Clean disk and re-create the partition
Before we continue, keep in mind that this method will erase all the information stored on your disk.
It’s advisable to create a back up on a different drive just to make sure that you won’t lose all your files and folders.
For less hassle, you could assign this task to a third-party dedicated tool that will surely do the right thing. On this note, we recommend AOMEI Partition Assistant.
AOMEI is a multifunctional assistant, that will manage, partition, and optimize your hard drive according to your needs.
If you have a backup, as mentioned, run AOMEI to split, move, resize and manage your partitions, without data loss, to make the most of your disk space.
In this case, you’ll want to use the Format Partition feature, to fresh-clean the disk, so that you can move the saved data back in the blank space.
AOMEI Partition Assistant
Safe all-in-one partition assistant to clean partitions, or recover, resize, optimize, or move them, depending on your needs.
Alternatively, you can go with the manual partition cleaning process, following the steps below:
- Launch Command Prompt as an administrator, type diskpart and hit Enter.
- Enter list disk to show a list of all drives
- Enter select disk # (where # is the problematic drive). Hit Enter.
- Type clean and hit Enter.
- Wait until the drive is cleaned. Now, it’s time to create a new partition.
- Type create partition primary and hit Enter
- Type assign letter = #. (Once again, # is the letter you want to use.)
- Format your partition by typing format fs=ntfs quick. Hit Enter.
2. Change the Security Chip settings
According to reports, it seems this issue affects machines equipped with Intel PTT Security Chips using particular settings.
Namely, when the issue occurred, the BitLocker Drive Encryption used TPM and PIN, and the Allow BitLocker without a compatible TPM option was turned off. Also, the machines were running the OS in BIOS, not UEFI.
We’ll list the general steps to follow below. Keep in mind that they may vary on your machine.
- Start your machine and open BIOS setup.
- Go to the Security tab and select Security Chip settings.
- Select the Discrete TPM option.
- Go to Clear Security Chip and save your changes.
- Restart your machine, log in, and enter your PIN. Check if the issue persists.
If you want to reverse the action, you need to replace the firmware’s boot capability with UEFI boot. Sometimes, you may also need to reinstall the OS.
Note: In case you cannot arrive at a fix, we strongly recommend you to switch to Folder Lock, which is a powerful encryption tool.
Its wide range of security features include copying encrypted lockers to the USB drive, CDs, DVDs, and even email attachments, as well as the possibility to upload your encrypted files to a cloud server.
Lock files and folders, encrypt data, and sync encrypted files with this versatile tool.
3. Enable BitLocker without a compatible TPM
- Open Run from Start button, write gpedit.msc and hit OK.
- It will open the Local Group Policy Editor.
- Click on Administrative Templates from Computer Configuration and then on Windows Components.
- Select BitLocker Drive.
- Go to Encryption and then to Operating System Drives.
- Double-click on Require additional authentication at startup.
- In the new window, select Enabled and Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).
- Save the changes by hitting Apply.
- Now try to encrypt your drive by using BitLocker.
4. Clear TPM (Trusted Platform Module)
Before starting to clear TPM settings, please make sure that you backed up your computer, as mentioned in the first solution. This method may result in data loss.
- Open Run from Start button, write tpm.msc and press enter.
- A new management console will open.
- Under the Action tab, on the right, press Clear TPM.
- In the Clear TPM Security Hardware box, the simplest solution is to check I don’t have the owner password and click OK.
- You will be asked to reboot. It will indicate that you should press a key (usually F10) in order to clear the TPM.
- Once the system reboots, you will be prompted to press a key (usually F10) to enable TPM. Press that key.
- The TPM Setup wizard will start for you to enter a TPM owner password.
5. Change the settings of USB devices in BIOS
- Enter the BIOS setup utility.
- Go to Advanced, then Peripheral Configuration.
- Access USB Host Controller and USB Devices.
- The setting of the USB Devices should be All.
This solution applies when BitLocker fails to encrypt the operating system drive using a USB startup key. The cause of it can be related to some settings in BIOS mode.
We hope that these solutions helped you to fix your Bitlocker encryption problems.
If you’ve got additional tips and suggestions, feel free to list them in the comments section below.
Editor’s Note: This post was originally published in November 2018 and was revamped and updated in September 2020 for freshness, accuracy, and comprehensiveness.