This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 34%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGG%3C/text%3E%3C/svg%3E)
Good morning,
We are trying to configure BitLocker across our domain, and we are running into some issues. The issues only occur on about a quarter of our machines, the rest work as intended.
The error message we receive states this: "The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted."
This error message occurs only when we configure BitLocker with the "System Check." (Checking the box when it asks). We receive the error after a reboot. If we deploy it without System Check, it works, but it prompts the user every single reboot to input the recovery key.
Things we have tried:
Updating the BIOS
Looking for a "USB Host Controller" Settting in the BIOS - doesn't exist
BIOS settings for booting from USB - Already enabled
Double, triple, and quadruple checking Group Policy settings to make sure they are proper. They are - otherwise it wouldn't be working as intended on the other three quarters of our machines
So to summarize the issue:
The error message only occurs when we configure BitLocker on the local machine with System Check checkbox selected
If we configure it without the System Check, BitLocker works, and immediately encrypts the drive. However, it prompts the user every reboot to input the recovery key, which is just simply unacceptable and unrealistic
I feel like there is something we are missing here. Any suggestions would be greatly appreciated!
@Greg Gilles
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
@Greg Gilles
Hi,
We have not get information from you for several days.
If the reply is useful for you, please accept as answer. It will be helpful to other members who have same questions.
If you have any other confuse, please reply to us directly.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 14.000000000000002%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi Greg, I have the exact same problem on my private PC and it's driving me crazy.
Can you tell me if you managed to fix it and if so, how you did it?
Thank you
@Greg Gilles
Hi,
Have you tried reset the TPM protector?
manage-bde -protectors -delete c: -t TPM
manage-bde -protectors -add c: -tpm
You should be able to clear the TPM and that will resolve it.
Also, make sure no external drives are plugged it. Sometimes it sees those and will assume the boot order has changed.
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello,
Thank you for your reply! It looks like we might be getting somewhere. However, I am seeing a new error message stating that the TPM encryption key could not be obtained. It has been attached to this comment. 
Here are the results of the Get-TPM cmdlet:
TpmPresent : True
TpmReady : True
ManufacturerId : 1398033696
ManufacturerIdTxt : STM
ManufacturerVersion : 73.8.17568.5511
ManufacturerVersionFull20 : 73.8.17568.5511
ManagedAuthLevel : Delegated
OwnerAuth :
OwnerClearDisabled : False
AutoProvisioning : Enabled
LockedOut : False
LockoutHealTime : 10 minutes
LockoutCount : 0
LockoutMax : 31
SelfTest : {}
I also tried resetting the TPM via the BIOS and the result was the same.
@Greg Gilles
Hi,
You may try the following steps:
Update to TPM 2.0, use UEFI boot, and reinstall the OS to get BitLocker and the TPM chip to work together.
Also, you have to update the BIOS before starting this process, the version of BIOS present on the computer at the time it was shipped was not compatible with the executable that flashes the BIOS specific to TPM.
For your reference:
https://www.dell.com/support/kbdoc/en-us/000143481/resolving-a-problem-enabling-bitlocker-on-a-latitude-exx70-pc-with-windows-10-installed
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Hi ,
I had the same issue.
I was saving the recovery key to USB first. When I didn't select any options to save the recovery key it worked fine.
Hope it works for you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
For WHATEVER reason.... this solved my problem. Thank you thank you thank you thank you. It doesn't make any sense why this is the answer but it is. If anyone is reading this in the future, please try this first.
Hello,
See if other suggestions provided here helps you:
Hope this helps!
Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
I have the same issue with trying to enable BitLocker and the error is the same "BitLocker Drive Encryption: The data drive specified is not set to automatically unlock. C: was not encrypted".
Resetting the TPM does not fix this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 31%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG2%3C/text%3E%3C/svg%3E)
I had the same error message after restart "The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted." on a Surface Pro 6 with a clean installed Windows 11 Pro and found the following:
The error occured when I chose Save to a USB flash drive. Bitlocker activation failed.
The error did NOT occur when I chose Save to a file. Bitlocker activation succeeded.
I excluded other possible factors and was able to reproduce this behaviour.
Additional information:
This Surface Pro 6 is not part of an AD network.
The latest Surface UEFI Firmware was installed: 239.779.768.0, Firmware Date 11/08/2023
The latest TPM driver was installed.
During clean install of Windows 11 Pro a local account was created (no Microsoft account).
I configured BitLocker Group Policy, e.g. TPM+PIN. I checked my Group Policy settings to make sure they are proper. Apart from that, my experience with other BitLocker activations is that Windows shows error messages when turning BitLocker on, if Group Policy settings are wrong/conflicting.
On the screen „How do you want to back up your recovery key?“ I tested the following options:
Save to a USB flash drive: 48-digit recovery password (BitLocker Recovery Key…..txt) and 256-bit recovery key (hidden, protected operating system file ...BEK) are saved to the USB drive.
Save to a file: only 48-digit recovery password is saved (I chose the USB drive).
I always deleted these files from USB drive before next test.
I always left „Run BitLocker system check“ on.
2 screens before restart said to insert the USB drive with the recovery key, which I did.
I excluded other possible factors, e.g.: Settings > Privacy & security > Device encryption saying: „Sign-in with your Microsoft account to finish encrypting the device“, Device encryption was turned on by default. I turned it off.
Apart from that: The error message is wrong. On the Surface, C: is not a data drive but the operating system drive.