none
Bitlocker RRS feed

  • Question

  • we bought a few computers for our company that had windows 10 home on them so we bought windows 10 pro licenses and had to do a stand alone install on them. so we went tot he bios and changed it from uefi to legacy mode and then we installed windows 10 pro on them and then we started the bitlocker encryption but every time windows sends out an update it goes to recovery mode and we cannot figure out why this is happening in there anyway to just up the setting instead of having to redo the machine i have been searching the internet and have done all the steps that i can find and nothing seems to be working. or if we are doing something wrong please help us.
    Monday, December 5, 2016 2:25 PM

All replies

  • Hi dheckart,

    Did the issue occur with all the machines or just the specific one?

    There are several reasons resulting the Bitlocker into recovery mode. Please ensure the hard drive in the BIOS is configured as the first boot order. Ensure the BIOS fireware is up to date(All get Windows 10 compatible drivers).
    Here is a link for refernce of the similar issue and the resolution.
    Issues Resulting in Bitlocker Recovery Mode and Their Resolution
    https://blogs.technet.microsoft.com/askcore/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution/

    We may try to disable the Bitlocker then re-enable it.

    Best regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 6, 2016 6:24 AM
    Moderator
  • i have went through all those steps and nothing seems to work and no it is not all of them it has now been about three of them and now one has locked me out of the tpm and now i can't even re-encrypt the drive 
    Tuesday, December 6, 2016 1:13 PM
  • I am pretty sure the reason is the following:

    modern machines have TPM 2.0 chips. TPM 2.0 as opposed to TPM 1.2 only works correctly with UEFI based installations. Non-UEFI usage will lead to your problem, I have seen that myself, exactly that.

    Solutions:

    1 reinstall in UEFI mode

    2 delete the tpm protector, add a password protector, tune the TPM in the bios to run in 1.2 compatibility mode, re-add a tpm protector

    Wednesday, December 7, 2016 1:17 PM
  • okay how do i delete the tpm protector when i am locked out of the tpm i cannot reinstall using the UEFI since i am installing using a usb stick and you are correct that it does say that i have 2.0 thank you for the help i will look at this and see if i can fix this 
    Wednesday, December 7, 2016 2:45 PM
  • You are locked out? You mean, you cannot get in anymore using the recovery key?

    "i cannot reinstall using the UEFI since i am installing using a usb stick" - please explain: why can't you reinstall using UEFI? USB stick based setups can be used to install in UEFI mode.

    Wednesday, December 7, 2016 3:32 PM
  • no i am locked out of the tpm module and it will not let me take ownership of the module and i went and uninstalled the current drivers and went to the bios and it does not give me the option to run it any other version then what i already have  
    Wednesday, December 7, 2016 3:35 PM
  • Easy business. As local administrator, you can simply clear the TPM. This will make it reusable. Of course you will lose its keys, but that does not matter if you only used it for bitlocker and you have access to the drive right now. So remove the tpm protector, add some other protector like a password, clear the tpm, re-initialize the tpm, remove the password protector again and and add the tpm protector again.

    That works and is the only way.

    Thursday, December 8, 2016 4:43 PM