Share via

BitLocker could not be enabled - TPM Issue

Anonymous
2024-10-25T17:59:17+00:00

Hello,

I am currently trying to activate BitLocker on my Windows 11 machine. On setup I checked the box "Run Bitlocker system check" which does a restart. After the restart I get this error:

TPM in general seems to work, as Windows Hello works and Windows Security also says that the TPM is fine.

What I already tried:

  • Clear TPM in Windows
  • Deactivate and activate TPM again in UEFI settings

The Bitlocker-Driver system logs in Event Viewer report the following after the failed attempt to activate BitLocker:

  • Bootmgr failed to obtain the BitLocker volume master key from the TPM because the PCRs did not match.
  • Bootmgr failed to obtain the BitLocker volume master key from the TPM.
  • A key was not available from required sources during restart.

Get-TPM in PowerShell reports the following:

RestartPending is set to True, which is maybe a problem?

Thanks for any help!

*** Moved from Windows / Windows 11 / Security and privacy ***

Windows for business Windows Client for IT Pros Devices and deployment Recovery key

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-10-28T07:34:21+00:00

    Hello  Facing8356,

    Thank you for posting in Microsoft Community forum.

    It sounds like you've already tried several troubleshooting steps, but the issue persists. Given the error messages and the fact that TPM seems to be working correctly, here are a few additional steps you can try:

    1. Update TPM Drivers:

    Ensure that the TPM drivers are up to date. You can check the manufacturer's website for any available updates.

    1. Check BIOS/UEFI Settings:

    Double-check the BIOS/UEFI settings to ensure that the TPM is enabled and properly configured. Sometimes, a small change in settings can make a big difference.

    1. Reset TPM:

    Try resetting the TPM in the BIOS/UEFI settings. This will clear all TPM data, so you'll need to reconfigure it afterward.

    1. Check for Firmware Updates:

     Ensure that your BIOS/UEFI firmware is up to date. Sometimes, updating the firmware can resolve TPM-related issues.

    1. Use PowerShell to Reset TPM:

     You can use PowerShell to reset the TPM. Open an elevated PowerShell window and run the following commands:

    $Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm"

    $Tpm.SetPhysicalPresenceRequest(22)

    Restart your computer and follow any prompts to clear the TPM.

    1. Check BitLocker Group Policy Settings:

     Ensure that the BitLocker Group Policy settings are correctly configured. You can open the Local Group Policy Editor (gpedit.msc) and navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Make sure the settings are correct.

    If you still can't find the recovery key, you might need to reset the device, which will erase all data. I hope one of these steps helps you retrieve the key! Let me know if you need further assistance.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Haijian Shan

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest