Windows 10: BitLocker could not be enabled - TPM Issue

Hello,I am currently trying to activate BitLocker on my Windows 11 machine. On setup I checked the box "Run Bitlocker system check" which does a restart. After the restart I get this error: TPM in general seems to work, as Windows Hello works and Windows Security also says that the TPM is fine.What I already tried:Clear TPM in WindowsDeactivate and activate TPM again in UEFI settingsThe Bitlocker-Driver system logs in Event Viewer report the following after the failed attempt to activate BitLocker:Bootmgr failed to obtain the BitLocker volume master key&

:)

 

Having an issue with a customer trying to enable Bitlocker with MECM on a device with a TPM disabled

Having an issue with a customer trying to enable Bitlocker with Microsoft Endpoint Configurartion Manager on a device with a TPM disabled, they are limited due to these are Chinese devices, with a TPM, but due to some legal restriction, they have to have the TPM disabled, and still need to enable bitlocker, and attempting to use the bitlocker management setting to allow bitlocker without a compatible TPM. This seems to only work for devices that truly have no TPM, but does not seem to work for a device with the TPM disabled. Can you confirm if is this expected behavior or not. Thanks!

 

TPM error on Windows Server 2019 when enabling Bitlocker

Hi,

I have set the local group policy on Windows Server 2019 to allow Additional Authentication at startup with also allowing TPM chip to be used (I left every at defaults) and enabled the policy. I am still getting the same error "Can't use TPM. You admin must set the "Allow Bitlocker without a compatible TPM option in the Require additional authentication at startup" policy for OS volumes.

Can any one suggest if there is a different method to enable Bitlocker for Servers compared to Windows 10/11?

 

Bitlocker without TPM

Hi there,

I'm trying to use Bitlocker without TPM

My version is Windows 10 Home, and I try to follow -

To turn on BitLocker Drive Encryption on a computer without a compatible TPM

1. Click Start, type gpedit.mscin the Start Search box, and then press ENTER.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. In the Local Group Policy Editor console tree, click Local Computer Policy, click Administrative Templates, click Windows Components, and then clickBitLocker Drive Encryption.
4. Double-click the setting Control Panel Setup: Enable Advanced Startup Options.
5. Select the Enabled option, select the Allow BitLocker without a compatible TPM check box, and then click OK.

You have changed the policy setting so that you can use a startup key instead of a TPM.

1. Close the Local Group Policy Editor.
2. To force Group Policy to apply immediately, you can click Start, typegpupdate.exe /forcein the Start Search box, and then press ENTER.
3. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
5. On the BitLocker Drive Encryption page, click Turn On BitLocker. This will only appear with the operating system volume.
6. On the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every startup option. This is the only option available for non-TPM configurations. This key must be inserted each time before you start
   the computer.
7. Insert your USB flash drive in the computer, if it is not already there.
8. On the Save your Startup Key page, choose the location of your USB flash drive, and then click Save.
9. On the Save the recovery password page, you will see the following options:

· Save the password on a USB drive. Saves the password to a USB flash drive.

· Save the password in a folder. Saves the password to a folder on a network drive or other location.

· Print the password. Prints the password

While I have a problem on step 4.

Double-click the setting Control Panel Setup: Enable Advanced Startup Options.

I can find "BitLocker Drive Encryption" on my group policy editor, while I cannot find
Control Panel Setup: Enable Advanced Startup Options anywhere.

Thank you for your help.

Best Regards,

Yan