Attempting to enable Bitlocker without TPM (Windows 10). Still will not enable RRS feed

  • Question

  • Hi,

    Firstly I apologise if this has been asked before, or if this is a rather simple question. I had a search through the forum and could not find this specific question, so either it has not been asked or I am being rather naive.

    I'm using a Surface Pro 3, and recently it started asking me for the Bitlocker key. I searched online and found that I could suspend this, but I could not seem to enable it because I do not have the TPM (I have since read this is a common problem).

    I further read online that one can turn it on without the TPM, by changing the group policies. I have attempted to do this, and verified multiple times that the correct box is ticked: 'Allow Bitlocker without a compatible TPM'. However, upon reboot, I am still not asked for a key, and I cannot enable Bitlocker either.

    Can someone point me in the right direction as to where I may be going wrong?

    Thanks in advance!

    Friday, June 23, 2017 7:51 PM

All replies

  • Can you clarify please your second paragraph 'recently it started asking me for the Bitlocker key' and third paragraph 'I am still not asked for a key' seem to contradict.

    BitLocker does need to enable to work, so have you opened Manage BitLocker (Control Panel Item) from start (search start bitlocker). Then Turn BitLocker on?

    Friday, June 23, 2017 9:59 PM
  • Hi Mr Happy,

    I believe I had a problem with a boot up recently, which could be why it started asking me for the Bitlocker key. Either way, it got stuck in a loop whereby everytime I booted up, I was asked to enter the key.

    Subsequently, I read online that you could solve this issue by suspending and then re-enabling Bitlocker, and then rebooting. This would mean that I would not be asked anymore.

    However, when I came to do this, I could not re-enable it, as it says it cannot find the TPM. 

    Therefore, I tried the workaround, where you can change the group policies. However, as mentioned in my previous post, Bitlocker is still not turned on, despite ensuring that the correct boxes are ticked.

    I hope this is more clear - thanks in advance for your help!

    Saturday, June 24, 2017 9:01 AM
  • Ok thanks. To check the policy is being applied from command prompt enter 'rsop' (resultant set of policies) and expand that to check it shows the settings.
    Saturday, June 24, 2017 1:12 PM
  • HoyleAid,

    To my knowledge all Surface Pro 3 contain a TPM 2.0 chip. If I understand your problem correct, you had Bitlocker with TPM enabled on your Surface Pro 3. After a "boot problem" your Windows 10 (?) is asking for the Bitlocker recovery key, because it can not retrieve the Bitlocker key any more from the TPM.

    Recently, I had such a scenario twice on an older notebook with Windows 10 1703, probably caused by (strange) Microsoft Windows updates. As a result Windows may no longer see the TPM correctly and asks at boot for the Bitlocker recovery key.

    You could check the status of the TPM as it Windows will see in the device manager. There should be a "Security Device" called Trusted Platform Module. If you double click on the TPM, you should get the device state without any mentioned issue. In addition, you should find TPM errors in your event log telling what maybe wrong.

    The solution in my two cases were as follows:

    1. Boot with Bitlocker recovery key

    2. Suspend Bitlocker for the Windows partition

    3. Reboot and check in UEFI/BIOS whether the TPM function is enabled (in one case TPM had been disabled, in the other case I had to clear the TPM)

    4. Boot again with Bitlocker recovery key

    5. Enable Bitlocker again for the Windows partition.

    6. Re-start Windows and the problem should be solved.

    Wish you luck.

    Monday, June 26, 2017 1:26 PM