Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000137168

Common situations that can lead to troubleshooting Microsoft's BitLocker and the TPM on a Dell PC

Summary: Common situations that I suggest you rule out an issue with Microsoft BitLocker or the TPM when these situations occur and some information on how to do this on a Dell PC.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

The following article provides information about common situations that BitLocker should be suspended before being carried out or I suggest you rule out an issue with Microsoft BitLocker or the TPM when these situations occur and offer some information on how to do this on a Dell PC.

Table of Contents:

  1. What kind of situation is known to cause BitLocker to go wrong?
  2. What is BitLocker Recovery and how do I use it?
  3. How do I Troubleshoot the TPM?

 

What kind of situation is known to cause BitLocker to go wrong?

 

SLN318770_en_US__1image(11863)

(Figure.1 BitLocker)

I recommend that you suspend BitLocker before anyone attempts any of the following tasks:

  • Updating the system BIOS from the Dell Support Site
  • Replacing the Boot drive (HDD/SSD) - such as swapping in a known working drive for troubleshooting purposes
  • Replacing the Motherboard for a system fault

This is because Microsoft has advised that any of the following situations have been known to cause BitLocker to trip and can result in you having to enter a BitLocker key:

  • Moving a BitLocker protected drive between different systems
  • Installing a new motherboard with a new TPM into the system
  • Turning off, disabling or clearing the TPM
  • Changing any Boot Configuration settings
  • Changing the BIOS, UEFI firmware, master boot record, boot sector, boot manager, option ROM, or other early boot components or boot configuration data

If you are experiencing BitLocker issues and the history of the machine includes any of these situations happening without BitLocker having been suspended, then I recommend you read the following sections to troubleshoot the TPM and BitLocker as the possible root of your issue.


Back to Top

Resolution

 

What is BitLocker Recovery and how do I use it?

 

BitLocker recovery is how you can go about restoring access to a BitLocker-protected drive in the event that you can't unlock the drive normally.

In a recovery scenario, you have the following options to restore access to the drive:

  • You know and can supply the recovery password for the system. If your organization allows you to print or store recovery passwords, then you can type in the 48-digit recovery password that you printed or stored on a USB drive or with your Microsoft Account online. (Saving a recovery password with Microsoft Account online is only allowed when BitLocker is used on a PC that is not a member of a domain.)
  • A data recovery agent can use their credentials to unlock the drive. If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it
  • Your domain administrator can obtain the recovery password from AD DS (Active Directory Domain Services) and use it to unlock the drive. Storing recovery passwords in AD DS is recommended as a way for IT professionals to be able to obtain recovery passwords for drives in your organization if needed. This method requires that you have enabled this recovery method in the BitLocker Group Policy setting. You can choose how BitLocker-protected operating system drives can be recovered at Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives in the Local Group Policy Editor. For further information about BitLocker Group Policy settings, read the following article:


Back to Top

 

How do I troubleshoot the TPM?

 

The following article will take you through how to troubleshoot the most common TPM issues on a Dell PC:

The following articles from Microsoft cover Basic Deployment and Recovery Triggers:

  • BitLocker Basic Deployment SLN318770_en_US__2iC_External_Link_BD_v1 BitLocker provides full volume encryption (FVE) for operating system drives, as well as fixed and removable data drives. BitLocker uses an unencrypted system drive for the files required to boot, decrypt, and load the operating system to support these fully encrypted operating system drives. This drive is created automatically during installation of client and server operating systems.
  • BitLocker Recovery Guide SLN318770_en_US__2iC_External_Link_BD_v1 Your company or organization can use the BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access the BitLocker-protected data. When planning your BitLocker deployment, creating a recovery model for BitLocker is recommended. (To get the best use of this article you will need prior experience of using Active Directory.)


Back to Top

Article Properties

Last Published Date

21 Feb 2021

Version

4

Article Type

Solution

Back to Top