Issue with YubiKey Certificate Not Recognized in Windows 11 23H2 for BitLocker

Question

Hello,

I'm experiencing an issue after upgrading to Windows 11 version 23H2. I successfully used a YubiKey with a certificate to enable BitLocker on a USB drive in Windows 11 22H2. However, when I try to perform the same task in Windows 11 23H2, I receive an error stating that no suitable certificate is found on the smart card.

I've already checked the Event Viewer, but there are no errors or warnings related to BitLocker or Smart Card. I also reviewed Group Policy and Registry settings but couldn't find anything obviously wrong. Is there a change in the 23H2 version that could be causing this issue? Any guidance on how to resolve this would be greatly appreciated.

Answer 1

Hello

It sounds like you're encountering a frustrating issue with your YubiKey and BitLocker after upgrading to Windows 11 version 23H2. Based on the information available, there are a few potential areas to investigate:

Certificate Compatibility: There might be changes in the certificate handling or compatibility in Windows 11 23H2. Ensure that the certificate on your YubiKey is still valid and recognized by the system. You can verify the expiration date of a certificate through the Smart Card Manager app under the "View Certificates" option.

Security Key Setup: Make sure that your YubiKey is set up correctly for use with Windows 11 23H2. You might need to reconfigure the security key settings. Follow the instructions provided in the "Security Key Instructions for Microsoft.com Accounts" document to set up certificates for authentication on your security key.

Group Policy and Registry Settings: Double-check the Group Policy and Registry settings related to BitLocker and Smart Card. There might be new settings or changes in the 23H2 version that need to be adjusted. The "Security Key Device Setup" document provides detailed steps on managing these settings.

Event Viewer Logs: Even though you mentioned that there are no errors or warnings related to BitLocker or Smart Card in the Event Viewer, it might be helpful to look for any related logs under different categories or time frames. Sometimes, relevant information can be found in unexpected places.

Answer 2

Hello

Do you have any other questions?

What is the current progress of the issue?

Thanks

Answer 3

Thank you for the response and suggestions. I have carefully reviewed and followed the steps you mentioned:

Certificate Compatibility: The certificate on my YubiKey is valid, and I confirmed this through the Smart Card Manager app.

Security Key Setup: I reconfigured my YubiKey following the instructions from the "Security Key Instructions for Microsoft.com Accounts" document, but the issue persists.

Group Policy and Registry Settings: I have double-checked both Group Policy and Registry settings related to BitLocker and Smart Card, but I couldn't identify any new settings or changes that would impact this.

Event Viewer Logs: I went through various categories and time frames in Event Viewer but still found no logs indicating errors or warnings related to this issue.

Unfortunately, despite these efforts, I continue to receive the same error indicating that no suitable certificate is found on the smart card. Are there any other changes in Windows 11 version 23H2 or additional troubleshooting steps that you could recommend?

Answer 4

You have to enable SelfSignedCertificates as follows:

• open regedit
• create Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
• new -> DWORD (32-bit) Value -> SelfSignedCertificates -> 1

Answer 5

You have to enable SelfSignedCertificates as follows:

• open regedit
• create Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
• new -> DWORD (32-bit) Value -> SelfSignedCertificates -> 1