Windows users know BitLocker as a fantastic encryption system with sporadic refusals to cooperate. If you’re having problems with BitLocker on Windows 10, you understand what we mean. Don’t despair. Most BitLocker issues are pretty common and can be easily fixed.
Today, we’ll try to diagnose what you’re up against and provide effective solutions accordingly. We’ll discuss BitLocker errors, TPM issues, recovery keys, etc.
In this article
What is BitLocker
If you care about keeping your data private, you probably know about BitLocker, but if this is the first time you’re hearing about it, here’s a brief introduction.
BitLocker is an all-around encryption system made for Windows OS. It’s designed to protect your entire hard drive, not only individual files. In any case, BitLocker will require a password or a smart card to unlock the protected drive. Very often, the original password gets lost. When this happens, the only way to decrypt the Windows drive is with a BitLocker recovery key issued at the time of setup.
A hard drive encrypted with BitLocker’s Advanced Encryption Standard (AES) algorithm – which acts as a powerful lock – cannot be accessed without these credentials.
BitLocker is often used in the business environment, where data security is critical. But even though it’s very secure, BitLocker is not immune to bugs. You may experience issues enabling BitLocker, finding the recovery key, or even keeping your disk encrypted.
How to Troubleshoot BitLocker Issues on Windows 10
Something’s wrong with your BitLocker, but you’re not sure what? Windows 10 users complain about many different BitLocker issues, ranging from a forgotten or lost password to encryption failure. However, to fix your BitLocker problem, we must diagnose it first.
Recognize and Identify the Problem
Windows OS keeps a backlog of BitLocker-related events that you can find in the Event Viewer app > Windows Logs > Application. BitLocker event logs are easy to find but not easy to read. They must be exported to text files first, which requires some coding.
Luckily, error messages are less complicated. They are coded (meaning each error has its code), but you can easily translate them and research their causes and solutions.
Here’s a list of common BitLocker error messages and what they mean:
- Error 0x8031003A: Wrong/unsupported key protector ID
- Error 0x80310068: Your PIN is too short
- Error 0x803100CC: PIN is alphanumeric
- Error 0x8028400F: TPM cannot be found
- Error: You can’t store BitLocker recovery info in Active Directory
Gather All Details About the Problem
To diagnose the problem correctly, you’ll need as much relevant information as you can find, and not only about BitLocker. You also need to know what version of Windows OS your computer is currently running and the exact type of your BitLocker-encrypted hard drive.
Here’s how to find important information about your hard drive:
- Press Windows Key and R.
- Type MSINFO32 and press Enter.
- Go to Components > Storage > Drives (standard info) or Disks (detailed info).
Make Sure There’s an Enabled TPM
BitLocker cannot work unless TPM is enabled. TPM is short for Trusted Platform Module, a hardware component responsible for encryption keys in your Windows computer.
Some computers don’t have a TPM chip at all. Here’s how to check that:
- Open Start and search for Device Manager.
- Open the app and look under Security Devices. If there’s nothing there, then you can be sure your computer doesn’t have a TPM chip.
All newer devices have a TPM chip installed, which is sometimes disabled by default. There’s an easy way to check whether or not your TPM chip is enabled:
- Open Start and search for tpm.msc.
- Open the Trusted Platform Module app and check under Status. If there’s a TPM chip on your device and it’s enabled, it will say The TPM is ready for use.
Check for Any Pending Updates
When you don’t update your computer for a while, it gets prone to bugs and malfunctions. So before using the motherboard to fix BitLocker, you should check for updates first. If there are updates available, that will save you a lot of time and trouble.
- Go to Start > Settings.
- Under Windows Update, select Check for Updates.
Common BitLocker Issues and Solutions on Windows 10
After examining error messages, checking for TPM, and updating your PC, you should have a general idea about what you need to do next to fix BitLocker. If the issue is still there after you’ve run all updates, that’s an indicator you have a more specific BitLocker issue.
Let’s get down to business. Based on our readers’ BitLocker symptoms, you’re likely experiencing one of the following issues. Here’s how to fix common BitLocker problems:
You Are Failing to Enable BitLocker
If you’re failing to enable BitLocker on your device, that’s either because your computer doesn’t have a built-in TPM chip or the TPM chip has been disabled. If you’ve skipped straight to the solution section of this article, we’ve explained how to check your TPM status above.
Is your TPM off? You’ll have to use UEFI for this. Here’s how:
- Open Start > Settings > Update & Security.
- Select Recovery and click on Restart Now under Advanced Startup.
- Choose Troubleshoot.
- Click on Advanced options.
- Go to UEFI Firmware Settings.
- Next, click the Restart button.
- Select the Trusted Platform Module and press Enter.
- Choose the Enabled option. Press Enter.
- Exit the UEFI settings and restart the computer.
Your computer doesn’t have a TPM chip at all? It’s still possible to enable BitLocker without the Trusted Platform Module, but you’ll need a quality USB flash drive – and plug it in whenever you’re booting your PC. You’ll also need to change BitLocker settings:
- Insert a USB flash drive into your PC.
- Run Start and search for BitLocker. Open the BitLocker Drive Encryption app.
- Click on Turn on BitLocker on the Operating System Volume.
- Go to the Set BitLocker Startup Preferences page and select Require Startup USB Key at Every Startup.
- Select the inserted USB flash drive and click Save.
- Choose Save the password on a USB drive and click Next.
- Ensure the Run BitLocker System Check option is checked before you click Continue.
- Click on Restart Now to reconfigure BitLocker.
You might need to enable BitLocker’s advanced startup options in the Group Policy Object Editor before this. Go to Start and search for gpedit.msc > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.
In the BitLocker Drive Encryption settings, go to Control Panel Setup: Enable Advanced Startup Options and select Enabled. Click Apply > OK to confirm the change.
Your BitLocker Recovery Key Is Lost
If you’ve enabled BitLocker on your PC yourself, you’ve received a recovery key as the alternative way to access the encrypted drive if your password gets lost. You might have forgotten where it is. During the setup, Windows offers the following options for saving a BitLocker key:
Unless your BitLocker was configured by somebody else, your recovery key is safely stored in one of these locations. You just need to remember which option you’ve selected.
But there is a condition where you may misplace or delete your BitLocker recovery key, what can you do to fix the BitLocker recovery issue? Here is a way: using a tool like Wondershare Recoverit. It’s a professional data recovery software that can also retrieve data from BitLocker-encrypted devices, but only if you have a password or key.
In this situation, you can use Wondershare Recoverit to deep-search your backup drive and find your long-lost recovery key. It’s a straightforward process with guaranteed success:
- Download Recoverit from the official website and install it on your PC.
- Launch the tool and select the drive you want to scan for the recovery key.
- Watch the progress in real-time and pause or stop it when you see the key.
- Preview the TXT file with your recovery key to ensure everything is there.
- Click on Recover to get it back. Choose a safe place to store it and click Save.
If Recoverit hasn’t been able to find the TXT file with the recovery key on your backup drive or USB storage device, that means it was never there in the first place. Look for the key in your Microsoft Account or the physical archive where you keep your important documents. This guide can jog your memory.
BitLocker Has Stopped Working
BitLocker gets temporarily suspended when disconnecting the encrypted hard drive from the PC. That happens when you use BitLocker to encrypt an SSD or another external drive. Luckily, it is an easy fix. You just need to ensure the drive is properly connected to the PC.
Two potential problems to double-check are the cable and the power supply.
Total BitLocker Encryption Failure
If you’re seeing the BitLocker cannot encrypt a drive message, that could be for several reasons. We call this a total BitLocker encryption failure because it completely shuns the user without any hint of what’s actually going on. It’s frustrating because you can’t identify the issue.
We know from experience that this usually happens when you try to upgrade your PC to a newer version of Windows OS, which requires you to configure a few settings.
For example, TPM and Security Chip settings are known to get in BitLocker’s way. If this is the case, you need to reconfigure BitLocker to work without a compatible TPM and using a USB drive. We’ve explained this earlier when we were discussing issues with enabling BitLocker.
However, missing or improperly configured TPM is not the only cause of total BitLocker encryption failure. When changing the chip settings doesn’t work, you have one other option left – to clear the partition and recreate it again. That usually solves the total encryption failure.
The easiest way to erase a drive partition on Windows 10 is from Disk Manager:
- Open Start and search for Disk Manager.
- Select the drive with the partition you want to delete.
- Right-click the partition you want to delete and select the Delete Volume option.
- Click Yes to confirm your choice.
Don’t forget! Erasing a drive partition will erase all data stored there. Before you do this, you need to back up your files. In case the deed is done and there’s no way back, you should be able to recover deleted data using Wondershare Recoverit, following the steps explained above.
All in all, BitLocker is a fine system that won’t fail you easily. BitLocker issues on Windows 10 are rarely recurring, so you should be safe. When problems pop up, always make sure there’s an enabled TPM and check for any pending updates. You should also look for your recovery key, in case you’ve lost it. In the event of total encryption failure, you might have to erase your drive partition - in which case you’ll need Recoverit to recover lost data.
If these solutions don’t help you fix the problem, we recommend contacting the Microsoft support team for professional diagnosis and further instructions.