none
Bitlocker does not accept my PIN. It says it's incorrect but it is not. Although it does accept my recovery password. RRS feed

  • Question

  • Good day ladies and gentlemen.

    I'm having a weird issue with bitlocker on a HP laptop running Windows 10 1809.

    I can manually add protectors. I added both the TPMandPIN and RecoveryPassword protectors

    Afterwards I enable and start the encryption process. It reaches 100% (XTS-AES-128).

    Now when I reboot the laptop it'll ask for the PIN. I enter the PIN and it will continuously say it's incorrect. I'm 100% sure this is the right pin. I ask for the recovery enviroment and enter the recovery password (48-bit) I created earlier. This will boot into Windows and it'll show that the drive is fully encrypted.

    Am I missing a certain setting?

    Info:

    Fresh Windows 10 1809 installation.

    BIOS is up to date

    TPM Firmware is up to date

    TPM has been cleared before by Windows OS and via BIOS

    Changing the PIN in Bitlocker does not do anything. although it does recognize the previous PIN.

    Doing it all over again does not solve the problem

    Thank you!


    Wednesday, November 13, 2019 1:17 PM

All replies

  • Can you add a descriptive text to clarify this bit: "Changing the PIN in Bitlocker does not do anything"

    So you choose to change the PIN, type the old PIN, the new PIN and confirm the new PIN, hit enter and...? How would you know that it "does not do anything" if you cannot even confirm the PIN to be working?

    Let me know if you use an enhanced PIN or the default (numerical) PIN. Enhanced PINs can lead to keyboard layout problems.

    Wednesday, November 13, 2019 1:51 PM
  • Thank you for your answer.

    So if I open the "Bitlocker Drive Encryption" screen and  I type in the old pin wrong it'll give me an error saying this is the wrong pin. I can play with this and see that Windows/Bitlocker does in fact recognize that what the correct "old" pin and new pin is. After rebooting and having to enter the PIN (Before the OS boots) it'll just say it is incorrect. I can pres ESC and enter my recovery key to boot to Windows.

    Somehow my PIN just does not get accepted. I have tried it with an external keyboard and seeing what I type by pressing Insert.

    I do not use the enchanced PIN. Also, I've tried entering my PIN using the F-keys.



    Wednesday, November 13, 2019 2:16 PM
  • Ok, surely, there's no logic to this.

    Since I administer bitlocker on 100 devices, I can assure you that setting and changing the PIN is reliable (never failed here in 10 years or so).

    I have no idea what kind of malfunction this is, so I would first clear the TPM chip and re-apply the TPM+PIN protector, afterwards (suspend bitlocker before you clear the TPM, then delete the TPM protector after a reboot and re-add it immediately).

    Wednesday, November 13, 2019 3:00 PM
  • Thank you again for the response!

    I've done those steps and to no avail. I still have the same issue. I've never seen this issue before either.

    Wednesday, November 13, 2019 3:37 PM
  • Could it be, that you are using a TPM 2.0 but you are not using a GPT partitioned disk?

    TPM 2.0 requires GPT, else the recovery key will be asked for, forever.

    Wednesday, November 13, 2019 4:10 PM
  • The TPM is 1.2 and has the latest firmware. Thank you for your response!
    Wednesday, November 13, 2019 4:21 PM
  • No idea. I would resort to a test installation on another hard drive (or another partition) and see how it behaves there. If you are not in the mood to change hard drives but you feel able to setup multibooting, see my instructions here: https://www.experts-exchange.com/articles/33649/Bitlocker-and-multi-booting.html
    Thursday, November 14, 2019 8:20 AM
  • I've fixed the issue! Steps taken Cleared TPM and disabled bitlocker Removed battery and CMOS battery and put them back in. Nuked the SSD. Complete format. Manually partitioning the drive for reinstall. Enabled bitlocker and encrypted my OS partition with only free space method. Reinstalled Windows. Log into Windows after installation and manually added TPMandPIN and RecoveryPassword Rebooted device. Reboot. PIN gets accepted!
    Thursday, November 14, 2019 4:58 PM
  • Fine!
    Thursday, November 14, 2019 7:51 PM
  • Hi,

    Thank you for your feedback. 

    Please mark useful reply in this thread to help other customers to search for result more quickly.

    Bests, 


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 15, 2019 9:47 AM
    Moderator