none
Bitlocker enabled drive, recovery key needed during boot, PCS did not match, event id 24635, source bitlocker-driver

    Question

  • Hi

    After rebooting one of our test machines, bitlocker wanted the recovery key.

    There were no hardware modifications on that machine.

    Error message in event log:

    Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match

    Event id 24635, source bitlocker-driver

     Each time the machine starts, the recovery key is needed.

    Any idea how to solve that issue and why it happens?

    update:

    Second partition was created manually on that machine. So that's clear that bitlocker reacts...

    But now: how can I confirm those changes so that the recovery key is not needed each time we boot?

    Tuesday, July 27, 2010 11:43 AM

Answers

All replies

  • Hi,

     

    I would like to confirm if BitLocker accepts the recovery key?

     

    Please update the BIOS to improve the stability for TPM first.

     

    I also would like to suggest you disable and enable BitLocker again to reset the settings.

     

    For more information, please refer to the following link:

     

    http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx

     

    Regards,

     

    Arthur Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, July 28, 2010 5:26 AM
    Moderator
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

     

    Regards,

     

    Arthur Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, August 2, 2010 1:51 AM
    Moderator
  • Hi,

     

    It has been a while since my previous suggestions was posted and I'm writing to find out if you have had an opportunity to test my suggestions yet. If you need my further assistance, please do not hesitate to let me know, and I will be happy to help.

     

    I look forward to your reply.

     

    Regards,

     

    Arthur Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, August 4, 2010 1:26 AM
    Moderator
  • Hi

    sorry for the late reply. Fixed by your solution, thanks a lot for your help!

    Thursday, August 5, 2010 7:01 AM
  • While I'm sure this works, I can't believe this is the only way to fix this issue. There are no BIOS updates available for my Lenovo T520 currently... I've made no systems changes since enabling Bitlocker 3 days ago. It just started prompting me for recovery key after every reboot. So I'm hesitant to even re-enable it again after decrypting the drive. Microsoft really needs to step up with a better solution than just decrypting and encrypting the drive which takes a couple hours for me. Total waste of time.

    Wednesday, July 13, 2011 1:16 PM
  • Hi, it's not necessary to decrypt and to (re)encrypt the drive. It's much faster to suspend Bitlocker and than to delete the TPM in the tpm console "tpm.msc" and to initialize the chip again.

    Nevertheless I have the same problem here: "Bootmgr failed to obtain the BitLocker volume master key from the recovery password. EventID 24639" on a Dell Latitude E6320. BIOS is up to date with A15. OS is Windows 7 Enterprise 64bit.

    And: "Bootmgr failed to obtain the BitLocker volume master key from the TPM + PIN EvenID 24643"

    Monday, February 4, 2013 9:11 AM
  • Having same issue with Dell E7240.  I suspect (but am not certain) that the broadband card in the laptop.  By default, the Dell Broadband card searches for firmware updates automatically and installs them.  Any firmware update will trigger bitlocker.

    Wednesday, April 30, 2014 5:52 PM
  • HP Compaq DC6300 SFF running Windows 7 Enterprise x86

    I am experiencing the exact scenario here. I would like to point out that in my case there were no modifications to the partitions, no Language packs installed and I have suspended Bitlocker, enabled after rebooting with all devices attached then enabled and rebooted again with the same result. Same error in the logs PCRs don't match and everything. I can't find an explanation of what exactly that means! Can you possibly point me in the right direction so I can understand that portion of Bitlocker?

    Wednesday, February 10, 2016 3:03 PM
  • Did anyone find a solution ? We have the similar issue on X270 with Windows 7 TPM 1.2
    Tuesday, July 25, 2017 3:02 PM