Thursday, September 3, 2020

What to do if BitLocker fails to encrypt drive


Madalina Dinita
by Madalina Dinita

Managing Editor

  • BitLocker sometimes fails to encrypt disk drives, displaying several error messages.
  • In this article, we're listing solutions that should help you overcome these errors and safely secure your data.
  • Save our Troubleshooting page for quick access in case you need it at a later date.
  • Looking for further inspiration on protecting your files? See our recommendations in the Data Protection Hub.
BitLocker failed to encrypt drive

BitLocker is a Windows built-in tool that you can activate on your OS to protect your hard drives or removable drives from offline attacks.

While this is a most welcome software offered by Microsoft for privacy purposes, the tool has its glitches.

For instance, users complained about protected drives that were unusable when migrating from an older OS version to a newer one.

Other common BitLocker reported error messages are :

  • This device can’t use a Trust Platform Module.
  • Illegal operation attempted on a registry key that has been marked for deletion.
  • BitLocker Drive Encryption cannot be used because critical BitLocker files are missing or corrupted. Use Windows Startup Repair to restore thee file to your computer (0x8031004A).
  • The BitLocker encryption key could not be obtained from the Trusted Platform module (TPM) and enhanced PIN. Try using a PIN containing only numerals. C: was not encrypted.
  • BitLocker could not be enabled. The data drive is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted.

For each of these errors, you’ll find a solution in this article. Hopefully, by the end of this material, you’ll be able to use BitLocker to the best of your needs.

How can I fix BitLocker drive encryption issues?

  1. Clean disk and re-create the partition
  2. Change the Security Chip settings
  3. Enable BitLocker without a compatible TPM
  4. Clear TPM (Trusted Platform Module)
  5. Change the settings of USB devices in BIOS

1. Clean disk and re-create the partition

clean disk and recreate the partition

Before we continue, keep in mind that this method will erase all the information stored on your disk.

It’s advisable to create a back up on a different drive just to make sure that you won’t lose all your files and folders.

For less hassle,  you could assign this task to a third-party dedicated tool that will surely do the right thing. On this note, we recommend AOMEI Partition Assistant.

AOMEI is a multifunctional assistant, that will manage, partition, and optimize your hard drive according to your needs.

If you have a backup, as mentioned, run AOMEI to split, move, resize and manage your partitions, without data loss, to make the most of your disk space.

In this case, you’ll want to use the Format Partition feature, to fresh-clean the disk, so that you can move the saved data back in the blank space.

AOMEI Partition Assistant

AOMEI Partition Assistant

Safe all-in-one partition assistant to clean partitions, or recover, resize, optimize, or move them, depending on your needs.

Alternatively, you can go with the manual partition cleaning process, following the steps below:

  1. Launch Command Prompt as an administrator, type diskpart and hit Enter.diskpart
  2. Enter list disk to show a list of all driveslist disk
  3. Enter select disk #  (where # is the problematic drive).  Hit Enter.
  4. Type clean and hit Enter.
  5. Wait until the drive is cleaned. Now, it’s time to create a new partition.
  6. Type create partition primary and hit Enter
  7. Type assign letter = #. (Once again, # is the letter you want to use.)
  8. Format your partition by typing format fs=ntfs quick. Hit Enter.

2. Change the Security Chip settings

change security chip settings in bios

According to reports, it seems this issue affects machines equipped with Intel PTT Security Chips using particular settings.

Namely, when the issue occurred, the BitLocker Drive Encryption used TPM and PIN, and the Allow BitLocker without a compatible TPM option was turned off. Also, the machines were running the OS in BIOS, not UEFI.

We’ll list the general steps to follow below. Keep in mind that they may vary on your machine.

  1. Start your machine and open BIOS setup.
  2. Go to the Security tab and select Security Chip settings.
  3. Select the Discrete TPM option.
  4. Go to Clear Security Chip and save your changes.
  5. Restart your machine, log in, and enter your PIN. Check if the issue persists.

If you want to reverse the action, you need to replace the firmware’s boot capability with UEFI boot. Sometimes, you may also need to reinstall the OS.

Note: In case you cannot arrive at a fix, we strongly recommend you to switch to Folder Lock, which is a powerful encryption tool.

Its wide range of security features include copying encrypted lockers to the USB drive, CDs, DVDs, and even email attachments, as well as the possibility to upload your encrypted files to a cloud server.

Folder Lock

Folder Lock

Lock files and folders, encrypt data, and sync encrypted files with this versatile tool.

3. Enable BitLocker without a compatible TPM

  1. Open Run from Start button, write gpedit.msc and hit OK.
  2. It will open the Local Group Policy Editor.
  3. Click on Administrative Templates from Computer Configuration and then on Windows Components.
  4. Select BitLocker Drive.
  5. Go to Encryption and then to Operating System Drives.bitlocker operating system drives
  6. Double-click on Require additional authentication at startup.bitlocker Require additional authentication startup
  7. In the new window, select Enabled and Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).bitlocker Require additional authentication startup
  8. Save the changes by hitting Apply.
  9. Now try to encrypt your drive by using BitLocker.

4. Clear TPM (Trusted Platform Module)

Before starting to clear TPM settings, please make sure that you backed up your computer, as mentioned in the first solution. This method may result in data loss.

  1. Open Run from Start button, write tpm.msc and press enter.load management console windows 10
  2. A new management console will open.
  3. Under the Action tab, on the right, press Clear TPM.TPM trusted Platform Module
  4. In the Clear TPM Security Hardware box, the simplest solution is to check I don’t have the owner password and click OK.
  5. You will be asked to reboot. It will indicate that you should press a key (usually F10) in order to clear the TPM.
  6. Once the system reboots, you will be prompted to press a key (usually F10) to enable TPM. Press that key.
  7. The TPM Setup wizard will start for you to enter a TPM owner password.enter TPM owner password

5. Change the settings of USB devices in BIOS

  1. Enter the BIOS setup utility.
  2. Go to Advanced, then Peripheral Configuration.
  3. Access USB Host Controller and USB Devices.
  4. The setting of the USB Devices should be All.USB Host controller BIOS

This solution applies when BitLocker fails to encrypt the operating system drive using a USB startup key. The cause of it can be related to some settings in BIOS mode.

We hope that these solutions helped you to fix your Bitlocker encryption problems.

If you’ve got additional tips and suggestions, feel free to list them in the comments section below.

Editor’s Note: This post was originally published in November 2018 and was revamped and updated in September 2020 for freshness, accuracy, and comprehensiveness.

Was this page helpful?

Thanks for letting us know! You can also help us by leaving a review on MyWOT or Trustpillot.

Get the most from your tech with our daily tips

Tell us why!


Thank you for viewing the article, if you find it interesting, you can support us by buying at the link:: https://officerambo.com/shop/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)