none
Bitlocker fails to auto-unlock fixed drive RRS feed

  • Question

  • Hi All,

    I am using Bitlocker on a laptop (Win 10 Enterprise) with two M.2 solid state drives using ACHI configuration (The fixed drive also has hardware encryption available0.  However, there is no TPM module on board, so the Group Policy has been changed to allow password only access to unlock the drives.

    The OS drive is encrypted and works well.  However, although auto-unlock is enabled, the second drive will not unlock at boot/login.  The causes issues for many services, such as OneDrive for Business that disconnects from the cloud and requires a full download of all files because the local drive cannot be accessed.

    I have tried to use the manage-bde to clear all keys and hope for a reset, but to no avail. 

    Any suggestions would be welcome.

    Friday, November 20, 2015 3:39 PM

All replies

  • Are you logging to the same user account every time?
    Monday, November 23, 2015 11:33 PM
  • Hi Inking,

    What is your current situation?

    After clear the key, have we configured the auto-unlock again?

    Besides, we may consider take use of powershell command to deal with this:

    Enable-BitLockerAutoUnlock

    https://technet.microsoft.com/en-us/%5Clibrary/jj649838(v=wps.630).aspx

    If any further help needed, please feel free t opost back.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, November 25, 2015 3:13 AM
    Moderator
  • Hi Michael,

    Yes, after the clear keys, I've re-enabled the autounlock feature again, both through the "Manage Bitlocker" window, manage-bde command line, and now I've tried the powershell method.  Afterwards, it says that autounlock is enabled, but upon reboot, it remains locked.  However, using the powershell, the response of get-bitlockervolume before I manually unlock is

    VolumeType Mount CapacityGB VolumeStatus  Encryption   KeyProtector  AutoUnlock Protection
                        Point                                        Percentage                             Enabled    Status
    ----------      ----- ---------- ------------           ----------     ------------                  ---------- ----------
    Data            E:          0.00                                             {Password, RecoveryPas... True       Unknown

    It knows that the autounlock should be enabled, but it doesn't do anything about it.

    Of note, I have no D: drive, as I've chosen E: for historical reasons.  Could that be the issue?

    Thanks for the response, and if you think of anything else, please let me know.

    Also....for Afrezy...yes, I'm logging in as the same account every time.  There is just the one account on the machine.



    Wednesday, November 25, 2015 6:55 PM
  • Hi Inking,

    I am replying here to let you know currently I haven't found any helpful information on this topic.

    So if it is available, please consider submit feedback through Windows Feedback Tool.

    I will collect this from my side.

    Edited,

    Besides, I just tested again, and the fixed drive unlocked the second time I rebooted.

    First time I choose auto-unlock, and enable the bitlocker by enable the policy, this time the auto anlock not work;

    After the system drive are encrypted, unlock the fixed drive and then enable auto-unlock, then the next time it works.

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Wednesday, December 16, 2015 8:07 AM
    Moderator