This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 46%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
This is Windows 11 Pro
I have a Lenovo laptop. After purchasing the machine I immediately removed Bitlocker. Completely installed all new software and the sysprepped the drive. Once the drive was sysprepped an image was created to be used to install on similar laptops.
The image was copied to a new machine and then completely setup for a user. The machine was renamed and joined to a domain and all the software for the new user was installed. Once all that was completed and we were ready to hand the PC to the user, we remembered that we had forgotten to install Bitlocker.
We made sure the laptop was in the correct OU in AD and proceeded to turn on BitLocker. While turning on Bitlocker I was presented with 3 options, 1 was to use a PIN, 2 was to use a USB, and 3 was to print to a file. I chose print to file and selected a network share and confirmed the key was there. I did select the New encryption mode which was the default.
After the process had completed I was prompted to restart the laptop which I did and that was it. When it restarted I get a BSOD:
Recovery
Your PC/Device needs to be repaired....
File \WINDOWS\system32\winload.efi
Error code: 0xc000000f
You'll need to use recovery tools....
Enter to Try Again (does nothing)
F1 to enter Recovery Environment (produces errors)
F8 to enter Startup Settings (does nothing)
ESC for UEFI Firmware Settings (this works)
The bitlocker key did find it's way into AD.
I've tried creating bootable media but nothing sees the internal drive.
I tried various recovery options but still nothing sees the internal drive.
I even tried to reinstall Windows but it suggests no hard drive. What?
Using Clonezilla I can see the partition is there and shows that bitlocker is enabled.
Is there any way to fix this? I have to deploy 35 of these and they are all supposed to have bitlocker enabled. Well, it's enabled and so secure that it is unusable.
Any help would be appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 95%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Thomas,I am having this exact issue on a Lenovo laptop. Did you ever reach a solution? I feel like I have tried everything.
To add a little more flavor, in my case, I can disable Bitlocker the first time around by using manage-bed in the recovery environment cli.
But if I turn Bitlocker back on again in the OS, it will fail to boot or ask for the key again but then the recovery environment is broken and I can no longer load the cli even if I boot from install media.
Booting into the recovery environment, as soon as I click “Advanced options” to get to the cli, the laptop shuts down.
Booting from install media media, I can actually get through the “advanced options” menu, but as soon as I click on “command prompt” I get a generic error and the cli doesn’t launch.
At that point, I have to re-install the OS and I have been through this process several times trying various bios setting each time with no change.
Not sure what you mean by coincidence. What is the coincidence?
Anyway, the problem here is that I need to get bitlocker working on these devices. I just restored my image to another laptop and this time, went through the initial OBE and immediate setup bitlocker. Figured, let's try this again but before we put all the work in. And again, same exact errors as before. Now what?
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
1 deleted commentComments have been turned off. Learn more
I didn't find the exact cause but I did find a work around to achieve similar results as to what I was trying in the first place.
Here are the steps to reproduce and the work around:
My original process was, that lead to the problem:
No matter how I sliced that, it would fail the same way. Reset TPM, reset secure boot, set BIOS defaults, nothing really mattered.
Process that worked:
I was too tired of screwing with it to further test if it was the Sysprep, starting in the Entra account from OOBE, or a combination that was causing it. Whatever the case, weird bug.
Hopefully this saves someone some headaches.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 60%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
sysprep tends to wipe the bcd values. Windows Boot Manager is lenient and works even entries in bcd for device and osdevice are loosely mapped, the system can figure it out but when Bitlocker is enabled, it must have a precise partition bindings, if anything differs like wrong device or osdevice entry, altered BCD, mismatch in volume identifiers, partition layout shift etc. fails to boot.
If you are in Automatic Repair go to Command Prompt and type these commands then after that boot normally:
bcdedit /set {default} device partition=C:
bcdedit /set {default} osdevice partition=C:
You can create a script to run after your answerfile.xml of sysprep.
@echo off
bcdedit /set {default} device partition=C:
bcdedit /set {default} osdevice partition=C:
sysprep tends to wipe the bcd values. Windows Boot Manager is lenient and works even entries in bcd for device and osdevice are loosely mapped, the system can figure it out but when Bitlocker is enabled, it must have a precise partition bindings, if anything differs like wrong device or osdevice entry, altered BCD, mismatch in volume identifiers, partition layout shift etc. fails to boot.
If you are in Automatic Repair go to Command Prompt and type these commands then after that boot normally:
bcdedit /set {default} device partition=C:
bcdedit /set {default} osdevice partition=C:
You can create a script to run after your answerfile.xml of sysprep.
@echo off
bcdedit /set {default} device partition=C:
bcdedit /set {default} osdevice partition=C:
