Bitlocker : asking the key every reboot

Dear expert support

We have issue and required your help : we are implement Bitlocker feature with the users ( different PC models )  90 % is working fine but the issue with 10 % is asking the key every reboot.

Note: this issue dont related to computer model , generally with different models

Regards
usama khalilAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sajid Shaik MSystem AdminCommented:
Greetings,

Similar issues found on different vendors with different solutions please check the following

Dell System

How to set the BIOS to prevent BitLocker recovery key prompts.
To resolve the issue please follow the steps below.

Enter the BIOS (F2 at boot or F12 one time boot menu at boot)
Go to System Configuration, then USB Configuration, and uncheck the following.
Disable USB Type-C or Thunderbolt 3 Boot support
Disable USB Type-C or Thunderbolt 3 (and PCIe behind TBT) Pre-boot
Set POST Behavior -> Fastboot -> Thorough
Upon doing this the system should not prompt for the BitLocker key on every boot.

Note: This is a solution for USB Type-C / Thunderbolt 3 configurations causing a BitLocker recovery prompt at boot. There are other reasons for recovery key prompts that this procedure may not resolve.

This solution should work in UEFI mode.

Systems using legacy mode can use the same steps provided in SLN305408 - BitLocker Fails to turn on or prompts for the Recovery Key after every reboot with Windows 10, UEFI, and the TPM 1.2 Firmware

Lenovo

upgrade the BIOS

& check the following

Open the BitLocker manager tool by either
Typing BitLocker into the start menu seach box and selecting the first result
or in the control panel, System & Security > BitLocker
Click "Suspend Protection" on your system disk
Select yes to the prompt that appears
Click "Resume Protection"
Now BitLocker will remember your updated system configuration.


HP

use UEFI with TPM 2.0 then Bitlocker is working just fine.


all the best
usama khalilAuthor Commented:
Dear Sajid

Thanks for your support

I tried with your solution but Unfortunately it is dont working with us

when I reached in System Configuration, I can see below options, please advice which one need disable



Enable boot support
Enable rear dual usb ports
Enable front usb ports
Enable real Quad USB port
McKnifeCommented:
Usama, this is normally expected to be seen under these conditions:
- you have a TPM module running in TPM 2.0 mode
- you have installed windows as non-uefi (disk is MBR formatted)

To verify this, open an elevated command prompt and launch the commands
diskpart
list disk

Open in new window

In the output, see if there's an asterisk ("*") below GPT. If there is none, you have found the reason.

To solve that on windows 10 (1703 and higher), you can convert your MBR installation to GPT using the command line tool mbr2gpt.exe
Afterwards, the recovery key will no longer be requested.

Tell me, if you need more help.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

usama khalilAuthor Commented:
Dear

attached, please check to us, i do as your advice with same issue

Regards
500.PNG
usama khalilAuthor Commented:
Dear all

Any help ?

Regards
McKnifeCommented:
I wrote before:
In the output, see if there's an asterisk ("*") below GPT. If there is none, you have found the reason.
and your screenshot proves me right. Then I wrote:
To solve that on windows 10 (1703 and higher), you can convert your MBR installation to GPT using the command line tool mbr2gpt.exe
Afterwards, the recovery key will no longer be requested.
So you have the solution in front of you. If you need help with using that command line tool, her it comes:
1st, create a full backup of your data and don't continue until you verified it.
2nd: suspend bitlocker by right-clicking c: and selecting "manage bitlocker", then select the topmost option: "suspend bitlocker"
3rd On an elevated command prompt, launch
MBR2GPT.exe /convert disk:0

Open in new window

Afterwards, reboot, resume bitlocker (right-click c:, select "resume protection", then reboot to and see if the key is still being requested.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.