none
BitLocker could not be enabled. Verify that TPM is enabled... RRS feed

  • Question

  • Hi,

    i wrote a powershell script that I push via Azure Intune. It worked one a few machines until it stumbled on this error:

    Manage-bde -status shows:

    The command the script tries to execute obviously fails too:

    TPM.msc shows ready and available. This is new machine, no third party software or encryption were installed. 

    Any ideas where could be the problem?

    Thursday, July 12, 2018 2:56 PM

All replies

  • Hi,

    I find that your TPM is 2.0 version. TPM 2.0 seems require UEFI to be enabled, along with secure boot for TPM to fully function.

    You could check the link below to get some information.

    https://softwarearchitect.blog/2017/12/30/the-bitlocker-encryption-key-cannot-be-obtained-from-the-trusted-platform-module-tpm-unable-to-do-a-clean-install-on-hp-spectre-x360-2017-with-uefi-enabled/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope it will be helpful to you


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 13, 2018 3:16 AM
    Moderator
  • Carl, that is wrong.

    Although using a TPM 2.0 requires UEFI based installations (but not secure boot), you could even activate bitlocker on MBR (non-UEFI) installations using his command. It would require the recovery key on each revboot (the TPM would not work), but that is not the problem here.

    Alex, this seems to be a weird error. Please open an elevted command prompt and simply run

    manage-bde -on c: -used -s 

    and quote the error message if any.

    Friday, July 13, 2018 7:05 AM
  • Ronald,

    [OS Volume]
    Key Protectors Added:

    ERROR: An error occurred (code 0x8007065e):
    Data of this type is not supported.

    NOTE: If the -on switch has failed to add key protectors or start encryption, you may need to call 'manage-bde -off' before attempting -on again.

    Friday, July 13, 2018 11:38 AM
  • "Data of this type is not supported." - that error is no where to be googled in connection to bitlocker. Never came across it. You could try and clear the TPM for a test.
    Friday, July 13, 2018 11:53 AM