Share via

How to resume bitlocker with status "Protection Off (1 reboots left)"

Jeff Lamb 36 Reputation points
2021-07-13T15:35:51.627+00:00

This happens to many hundreds of our enterprise devices every month, after a cumulative update is installed on Windows. Bitlocker becomes suspended for multiple reboots. Ultimately, I'd like to solve the root of the problem by eliminating the suspension over several reboots. Unfortunately, it looks like it's coming from the roll-up package itself, which is apparently outside my control. For now, I need to manually resume BitLocker without forcing a reboot. Here's the situation. Notice that the protection status indicates that BitLocker is suspended, and it will resume after one more reboot - this just after booting up from the CU install.. 

PS C:\WINDOWS\system32> manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [43V65H2]
[OS Volume]
Size: 442.05 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off (1 reboots left)
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
Numerical Password
TPM

During boot-up, we can detect this condition and execute some PowerShell, or run "manage-bde". However, we get these errors when trying to do either one:

PowerShell: 

PS C:\WINDOWS\system32> Resume-BitLocker -MountPoint "C:"
Resume-BitLocker : Data of this type is not supported. (Exception from HRESULT: 0x8007065E)
At line:1 char:1
+ Resume-BitLocker -MountPoint "C:"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Resume-BitLocker
Manage-bde:
PS C:\WINDOWS\system32> manage-bde -protectors -enable c:
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
ERROR: An error occurred (code 0x8007065e):
Data of this type is not supported.

Is there any way to resume BitLocker manually, when it is in the state of "Protection Off (1 reboots left)"?

Windows 20H2 (OS Build 19042.1083)

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jenny Feng 14,246 Reputation points
    2021-07-14T03:18:03.507+00:00

    @Jeff Lamb
    Hi,

    The third party security program will sometimes change the Windows security settings, to make sure the process move on properly, it have to change the BitLocker's status.
    Normally cumulative updates will not suspend BitLocker.
    You can try to disable the automatically scan of the third party to see if there is any change.

    Also, you could refer to the following methods to resume BitLocker Protection:
    https://www.tenforums.com/tutorials/38508-suspend-resume-bitlocker-protection-drive-windows-10-a.html#option4
    Note: This is a third-party link and we do not have any guarantees on this website. And Microsoft does not make any guarantees about the content.
    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.