Hi Michael,
The problem appears to be a different boot order occurring based
on how the platform is turned on. If the boot order is different, the system boot measurements will be different and
BitLocker will force the user to provide the recovery key when using a
BitLocker key protector which includes the TPM.
Based on my research and experiences, the problem can be solved setting the Wake On LAN option to
“Follow Boot Order” in BIOS.
Note: The BIOS options may be different on various platform, refer to your motherboard manual or vendor for more information.
For example, the BIOS options under System Configuration\Built In Device Options\Wake
On LAN are:
· Disabled
· Boot to Network
· Follow Boot Order
If the option “Boot to Network” is selected, when the platform is awoken from the
LAN, it will boot to the network, potentially fail and then boot to the hard drive by following the normal boot order. This results in a different measurement
on a conventional BIOS system then following the normal boot order alone. The different measurement results in the message from
BitLocker that the system boot information has changed and BitLocker forces the customer to enter the
recovery key (or reboot).
Configuring the setting to “Follow Boot Order” will cause the same boot sequence
BitLocker used when it was turned on. This will cause
BitLocker to boot normally.
Note: If the “Follow Boot Order” option is not an available option of Wake On LAN in your BIOS, you may need contact the vendor to update the latest BIOS.
Reference:
What causes BitLocker to start into recovery mode when attempting to start the operating system drive?
http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_examplesosrec
Best regards,
Tony Ma
