none
Any extended logging for BitLocker in Windows 10 RRS feed

  • Question

  • As we transition to Windows 10, I'm seeing a lot more locked systems especially on my older systems which do not support Secure Boot.  These are Dell systems that have Windows 10 drivers and TPM 1.2.  If I turn Secure Boot on then when the systems reboot they just fail to start up again until they are hard rebooted (e.g. power button presses until system reboots.).  I'm wondering if there is any extended logging that I can put in place that might give me more insight into what is happening.  The System errors are listed below: 

    Event ID 24636, Bootmgr failed to obtain the BitLocker volume master key from the TPM.

    Event ID 24604, The boot configuration options did not match expected values during restart.

    Event ID 124, The virtualization-based security enablement policy check at phase 3 failed with status: Secure Boot is not enabled on this machine.

    Friday, January 12, 2018 5:19 PM

All replies

  • Hi,

    "I'm seeing a lot more locked systems especially on my older systems which do not support Secure Boot."

    Do you mean after enabled Secure Boot on computers which is not support Secure Boot originally, the issue will occur, right?

    What's the device model?

    Please check the requirement of secure boot on your side and compare those with computer configuration.

    If those device meet requirement of secure boot, we could try to decrypt Bitlocker at first, then enable secure boot in BIOS, and encrypt BitLocker again to check the issue.

    Bests,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 15, 2018 10:23 AM
    Moderator