黑料海角91入口

Troubleshoot: BitLocker Policy for Windows Devices

This article shows you how to troubleshoot issues that can occur with the 黑料海角91入口 Windows BitLocker Policy. For configuration instructions, see Create a BitLocker Policy for Windows Devices.

Policy fails and returns a “More than one numerical password currently set.” error

Warning:

黑料海角91入口 only stores one Recovery Key. When the extra keys are cleared, the BitLocker policy can be applied successfully. Until the Recovery Key appears in the Admin Portal, it is a good idea to back up your Recovery Key. Not properly backing up Recovery Keys may result in potential data loss. Proceed with caution.

If your BitLocker policy returns an error similar to {"state": "FAILED", "detail": "Bitlocker Protected - More than one numerical password currently set. This configuration is not supported, please ensure that the system only has one or no numerical password in place."}:

Cause

The device has multiple Recovery Keys set. This policy is failing because 黑料海角91入口 can't determine which key is ours, and can鈥檛 rotate the key properly until an admin clears the extras.

Solution

To remove extra BitLocker Recovery Keys from a device that has its disk fully encrypted:

  1. On the Windows device, open a command prompt, running it as an administrator.
  2. Run the following command:  manage-bde.exe -protectors c: -get.
  3. Run  manage-bde.exe -protectors c: -delete -id {ID}  to remove the extra numerical password.
Policy returns a 鈥淭PM Ownership has not been established鈥 error 聽 聽聽

If your BitLocker policy returns a 鈥淭PM Ownership has not been established鈥 error, follow these steps:     

  1. On your device, open PowerShell as an administrator and enter execute Get-Tpm into the prompt.
  2. In the results, verify that TpmOwned and AutoProvisioning are set to False/Disabled
  3. Enter Execute Enable-TpmAutoProvisioning in the prompt.
  4. Reboot your device.
  5. Repeat step 1 and verify that TpmOwned and AutoProvisioning are now set to True/Enabled. In the event this doesn鈥檛 occur, follow the steps in the procedure below. 
Policy returns a 鈥淭PM is not ready to be used on this device鈥 error

If your BitLocker policy returns a 鈥淭PM is not ready to be used on this device鈥 error, follow these steps: 

  1. Open the Run window on your device by pressing the WindowsR keys simultaneously. 
  2. Enter tpm.msc into the Run window.
  3. Verify that the status displays The TPM is not ready for use.
  4. From the Actions menu on the Run window, select Prepare TPM.
  5. Using the prompt that appears, restart your device.

Note:

If your device recommends clearing the TPM, this could result in data loss. If you need to reset TPM, follow .  

  1. After you restart your device, you may be prompted on the boot screen to accept changes to the TPM state. Verify these changes and accept.
  2. Repeat steps 1 and 2 and verify that the TPM status displays The TPM is ready for use.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case