Hi, I am trying to encrypt my OS drive in Windows Svr 2019, but I keep getting an error "Can't use TPM. Your Admin just enable "Allow Bitlocker without a compatible TPM

Shivaram Venkatesh 0 Reputation points
2023-02-06T07:58:27.8566667+00:00

HI,

  I am trying to encrypt my OS drive in my Windows 2019 VM, but I keep getting an error ""Can't use TPM. Your Admin has to enable "Allow Bitlocker without a compatible TPM option in the "Require additional authentication at startup". I have enabled "Require additional authentication at startup settings as described in many articles, but I do not want a startup password for the VM. I find if I disable this checkbox, Bitlocker shows the above error and forces me to setup a startup password. Can anyone instruct me on how I can setup Bitlocker on the VM without a startup password?

Thank you.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,900 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 44,516 Reputation points
    2023-02-06T14:58:12.8733333+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

    The error message you are encountering is indicating that the TPM (Trusted Platform Module) is not available or not compatible with BitLocker, and the policy to allow BitLocker without a compatible TPM is not enabled.

    To resolve this issue, follow these steps:

    Open the Local Group Policy Editor: Press the Windows key + R, type "gpedit.msc" and press Enter.

    Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

    Locate the "Require additional authentication at startup" policy and double-click it.

    Change the policy setting to "Enabled" and select "Allow BitLocker without a compatible TPM".

    Click OK and close the Group Policy Editor.

    Restart the computer and try to encrypt the OS drive again using BitLocker.

    Note: If you don't have access to the Local Group Policy Editor, you can use the Registry Editor instead. To do this, press the Windows key + R, type "regedit" and press Enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE and create a new DWORD value with the name "RequireTPM" and set its value to "0".

    This should resolve the error and allow you to encrypt your OS drive with BitLocker.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

  2. Limitless Technology 44,516 Reputation points
    2023-02-06T14:58:23.38+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

    The error message you are encountering is indicating that the TPM (Trusted Platform Module) is not available or not compatible with BitLocker, and the policy to allow BitLocker without a compatible TPM is not enabled.

    To resolve this issue, follow these steps:

    Open the Local Group Policy Editor: Press the Windows key + R, type "gpedit.msc" and press Enter.

    Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

    Locate the "Require additional authentication at startup" policy and double-click it.

    Change the policy setting to "Enabled" and select "Allow BitLocker without a compatible TPM".

    Click OK and close the Group Policy Editor.

    Restart the computer and try to encrypt the OS drive again using BitLocker.

    Note: If you don't have access to the Local Group Policy Editor, you can use the Registry Editor instead. To do this, press the Windows key + R, type "regedit" and press Enter. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE and create a new DWORD value with the name "RequireTPM" and set its value to "0".

    This should resolve the error and allow you to encrypt your OS drive with BitLocker.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.