If you can't find what you need using the site search on the toolbar above, or if you need more detailed help or just need to be pointed in the right direction, post your question to the newly opened kadaitcha.cx forums. Membership is free.

Troubleshoot Vista BitLocker Problems

If you are experiencing disk problems during an installation or upgrade then also see Troubleshoot Vista Installation Problems.

For other hard disk problems not involving BitLocker see Troubleshoot Vista Disk-Related Problems.

 
   


When you try to use Windows BitLocker Drive Encryption in Windows Vista, you may receive the following error message:

The drive configuration is unsuitable for BitLocker Drive Encryption. To use BitLocker, please re-partition your hard drive according to the BitLocker requirements.
    


Consider the following scenario. On a Windows Vista-based computer, you configure the BitLocker Drive Encryption feature to encrypt a volume or to decrypt a volume. Then, you restart the computer in Windows Preinstallation Environment (Windows PE) or in Windows Recovery Environment (Windows RE). In this scenario, you unexpectedly experience heavy disk activity.
    


When you try to run the BitLocker Drive Encryption program on a Windows Vista Ultimate-based computer, the program may become unresponsive. Specifically, the % Completed value in the BDE dialog box does not continue to progress. This problem may occur if the BitLocker Drive Encryption program tries to encrypt data on a corrupted hard disk.


A computer that is running Windows Vista must have at least two volumes for Windows BitLocker Drive Encryption to work: a start-up volume and a system volume. Both volumes must use the NTFS file system. You must install BitLocker on the system volume.
    


This article describes a new setting in Windows Vista Ultimate and in Windows Vista Enterprise. This setting helps protect confidential data in a pagefile when BitLocker Drive Encryption (BDE) is enabled.
    


The BitLocker Drive Preparation Tool is available. You can use this tool to prepare the computer for BitLocker Drive Encryption. This article describes how to obtain this tool. This article also provides an operational overview of the tool. This overview includes system requirements and command-line parameters. Finally, this article describes the most common problems that you may encounter when you use the tool.
    


When you try to run the BitLocker Drive Encryption program, you receive the following error message in a BitLocker Drive Encryption Error dialog box:

Cannot run.
The path specified in the Boot Configuration Data (BCD) for a BitLocker Drive Encryption integrity-protected application is incorrect. Please verify and correct your BCD settings and try again.
    


This article describes how to use the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool. The BitLocker Drive Encryption feature is a data protection feature that is included with the following versions of Windows Vista:
  • Windows Vista Ultimate
  • Windows Vista Enterprise
You can use this tool to help locate BitLocker Drive Encryption recovery passwords for Windows Vista-based computers in Active Directory Domain Services (AD DS).


After you install Windows Vista with BitLocker Drive Encryption (BitLocker), a Trusted Platform Module (TPM) version 1.1 device is not available. Instead, a red question mark appears next to the device in Device Manager. When you try to use Windows Update to download a TPM 1.1 device driver, no TPM 1.1 device driver is available.
    


Consider the following scenario. In Windows Vista, you configure Microsoft BitLocker Drive Encryption to use a key that is stored on a USB device. You then disconnect the USB device when the computer is in hibernation. In this scenario, you may receive the following error message when the computer resumes from hibernation:

BitLocker Drive Encryption key needed.
Please insert key storage media.
Then press ESC to reboot.

When you receive this error message, you must restart the computer.
    


This article describes how to use the BitLocker Repair Tool. You can use this tool to help access encrypted data if the hard disk has been severely damaged. This tool can reconstruct critical parts of the drive and salvage recoverable data. A recovery password or recovery key is required to decrypt the data. Use this command-line tool if the following conditions are true:
  • You have encrypted the volume by using BitLocker Drive Encryption.
  • Windows Vista does not start, or you cannot start the BitLocker recovery console.
  • You do not have a copy of the data that is contained on the encrypted volume.


This article contains information about the Windows Vista Secure Online Key Backup release. This feature is installed as part of the BitLocker and EFS Enhancements Ultimate Extra in Windows Vista. Windows Vista Ultimate Extras are optional features that are only available for Windows Vista Ultimate. These features are installed by using the Windows Ultimate Extras section of Windows Update.

Note: This article describes an updated version of the tool that was published in January 2007 (KB929328). This updated version fixes an issue that might result in an incomplete localization of the tool for some languages.
    


After you configure BitLocker Drive Encryption to use a key that is stored on a USB device, you cannot start a Microsoft Windows Vista-based computer, even though the USB device is connected.
    


After you enable the BitLocker Drive Encryption feature in Windows Vista, you may receive a "Stop 0x0000007E" error message that resembles the following:

STOP 0x0000007E (parameter1, parameter2, parameter3, parameter4)
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
    


You have a Windows Vista-based computer that is configured to use BitLocker Drive Encryption (BitLocker) together with Trusted Platform Module (TPM) security hardware. When you start the computer, you receive an error message that resembles the following:

The PIN has been entered incorrectly too many times.

The Trusted Platform Module (TPM) is temporarily locking out attempts to unseal TPM sealed keys. The more times the PIN is entered incorrectly the longer the lockout time will become.

It is not possible to predict when the lockout will be over. Please wait a few moments before attempting to reenter the PIN. Then ensure that you enter the correct PIN for this drive.


In Windows Vista and in Windows Server 2008, the recovery password for Windows BitLocker Drive Encryption is not Federal Information Processing Standards (FIPS)-compliant. Therefore, you may encounter the following issues when the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting is enabled.

Issue 1
When you manually add a recovery password at a command prompt, you receive the following error message:

The numerical password was not added. The FIPS Group Policy setting on the computer prevents recovery password creation.

Issue 2
When you try to encrypt a drive on which BitLocker recovery passwords are required, you cannot encrypt the drive as expected. Additionally, you receive the following error message:

Cannot Encrypt Disk. Policy requires a password which is not allowed with the current security policy about use of FIPS algorithms.

Issue 3
When you encrypt a drive, a recovery key is created, but no recovery password is created as a key protector.

Issue 4
A recovery password is not archived in the Active Directory directory service.