BitLocker Drive Encryption: The data drive specified is not set to automatically unlock

Greg Gilles 6 Reputation points
2021-05-14T12:32:32.28+00:00

Good morning,

We are trying to configure BitLocker across our domain, and we are running into some issues. The issues only occur on about a quarter of our machines, the rest work as intended.

The error message we receive states this: "The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted."

This error message occurs only when we configure BitLocker with the "System Check." (Checking the box when it asks). We receive the error after a reboot. If we deploy it without System Check, it works, but it prompts the user every single reboot to input the recovery key.

Things we have tried:

Updating the BIOS

Looking for a "USB Host Controller" Settting in the BIOS - doesn't exist

BIOS settings for booting from USB - Already enabled

Double, triple, and quadruple checking Group Policy settings to make sure they are proper. They are - otherwise it wouldn't be working as intended on the other three quarters of our machines

So to summarize the issue:

The error message only occurs when we configure BitLocker on the local machine with System Check checkbox selected

If we configure it without the System Check, BitLocker works, and immediately encrypts the drive. However, it prompts the user every reboot to input the recovery key, which is just simply unacceptable and unrealistic

I feel like there is something we are missing here. Any suggestions would be greatly appreciated!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,692 questions
{count} vote

5 answers

Sort by: Most helpful
  1. Jenny Feng 14,111 Reputation points
    2021-05-17T02:23:40.127+00:00

    @Greg Gilles
    Hi,
    Have you tried reset the TPM protector?

    manage-bde -protectors -delete c: -t TPM
    manage-bde -protectors -add c: -tpm

    You should be able to clear the TPM and that will resolve it.
    Also, make sure no external drives are plugged it. Sometimes it sees those and will assume the boot order has changed.

    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

  2. Andrei Prijilevschi 5 Reputation points
    2023-10-20T14:37:49.5733333+00:00

    Hi ,

    I had the same issue.
    I was saving the recovery key to USB first. When I didn't select any options to save the recovery key it worked fine.

    Hope it works for you.

    1 person found this answer helpful.

  3. Kapil Arya 7,401 Reputation points MVP
    2021-05-15T11:04:30.203+00:00

    Hello,

    See if other suggestions provided here helps you:

    https://www.kapilarya.com/fix-the-data-drive-specified-is-not-set-to-automatically-unlock-for-bitlocker-windows-10

    Hope this helps!

    Note: Included link in this reply refers to blog post by a trusted Microsoft MVP.

    0 comments No comments

  4. Des 0 Reputation points
    2023-05-16T13:13:22.6066667+00:00

    I have the same issue with trying to enable BitLocker and the error is the same "BitLocker Drive Encryption: The data drive specified is not set to automatically unlock. C: was not encrypted".
    Resetting the TPM does not fix this.

    0 comments No comments

  5. GB-2672 0 Reputation points
    2023-12-08T20:12:35.1533333+00:00

    I had the same error message after restart "The data drive specified is not set to automatically unlock on the current computer and cannot be unlocked automatically. C: was not encrypted." on a Surface Pro 6 with a clean installed Windows 11 Pro and found the following:

    The error occured when I chose Save to a USB flash drive. Bitlocker activation failed.

    The error did NOT occur when I chose Save to a file. Bitlocker activation succeeded.

    I excluded other possible factors and was able to reproduce this behaviour.

    Additional information:

    This Surface Pro 6 is not part of an AD network.

    The latest Surface UEFI Firmware was installed: 239.779.768.0, Firmware Date 11/08/2023

    The latest TPM driver was installed.

    During clean install of Windows 11 Pro a local account was created (no Microsoft account).

    I configured BitLocker Group Policy, e.g. TPM+PIN. I checked my Group Policy settings to make sure they are proper. Apart from that, my experience with other BitLocker activations is that Windows shows error messages when turning BitLocker on, if Group Policy settings are wrong/conflicting.

    On the screen „How do you want to back up your recovery key?“ I tested the following options:

    Save to a USB flash drive: 48-digit recovery password (BitLocker Recovery Key…..txt) and 256-bit recovery key (hidden, protected operating system file ...BEK) are saved to the USB drive.

    Save to a file: only 48-digit recovery password is saved (I chose the USB drive).

    I always deleted these files from USB drive before next test.

    I always left „Run BitLocker system check“ on.

    2 screens before restart said to insert the USB drive with the recovery key, which I did.

    I excluded other possible factors, e.g.: Settings > Privacy & security > Device encryption saying: „Sign-in with your Microsoft account to finish encrypting the device“, Device encryption was turned on by default. I turned it off.

    Apart from that: The error message is wrong. On the Surface, C: is not a data drive but the operating system drive.

    0 comments No comments