Bitlocker asks for recovery key on every boot (or won't install with system check), auto-unlock not available

luke 0 Reputation points
2023-11-15T02:33:26.8733333+00:00

Hi, I have a relatively old ThinkPad X220 with Windows 10 Pro running on it. It has TPM 1.2.

I made a clean install a couple of days ago (from Windows Media Creation USB flash, UEFI boot) and enabled Bitlocker. It asked me for the recovery key every time I booted the system.

When I try to enable Bitlocker but check the System Check box, it reboots the laptop but shows me a message:

"The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted." .

I can now try to tell you all the things I tried. My approach was to always try to enable Bitlocker with the system check after the changes and see if it works, because I got tired of typing in the recovery key and de-/encrypting the drive over and over. So:

  • I tried it by deleting all protectors from command line before running the System Check
  • I tried by adding TPM as protector for the drive from command line
  • I tried deleting TPM from TPM management
  • I tried deleting TPM from Device Security by running the troubleshooter for the security chip
  • I cleared TPM from BIOS
  • tried to enable auto-unlock from command line but it gives me a similar, message in the command line (auto-unlock not available for the drive.)

Some more info and current settings:

  • I have 3 partitions(all healthy and looking normal):
    • 100 MB (EFI-System partition)
      • C: 465 GB NTFS
        • 583 MB Recovery partition
  • TPM 1.2
  • TPM is currently "ready for use" according to the management tool from Windows
  • when running "manage-bde -protectors -get c:" it says there are not protectors enabled
  • no Secure Boot.
  • UEFI Only boot setting
  • BIOS (8DET51WW 1.21) is pretty old, from 2011 but unfortunately there is no new BIOS update that works for Windows 10 (only Win 8)
  • TPM drivers/updates are also not available for Windows 10 unfortunately
  • USB UEFI BIOS Support is Enabled
  • Always on USB is Enabled
  • In passwords (BIOS setting) I have:
    • Hardware Password Manager - Disabled
      • Supervisor Password - Disabled
        • Lock UEFI BIOS Settings - Disabled
          • Password at unattended boot - Disabled
            • Password at restart - Disabled
              • Power-On Password - Disabled

I have almost no Security Chip settings in BIOS except for activating/deactivating it or reseting it.

I haven't touched group policies since I don't understand how they work and what they do, but they are all not configured (the bitlocker ones).

Really hope someone here can help me, feel free to let me repeat some of the things I tried, maybe some other combination of things is required. I have probably entered the recovery key a hundred times during the last couple of days and have read 100s of posts on this but to no avail.

Thank you

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,807 questions
{count} votes