{"id":100460,"date":"2023-10-27T14:40:45","date_gmt":"2023-10-27T18:40:45","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=100460"},"modified":"2025-01-29T07:36:28","modified_gmt":"2025-01-29T12:36:28","slug":"troubleshoot-bitlocker-policy-for-windows-devices","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices","title":{"rendered":"Troubleshoot: BitLocker Policy for Windows Devices"},"content":{"rendered":"\n

This article shows you how to troubleshoot issues that can occur with the JumpCloud Windows BitLocker Policy. For configuration instructions, see Create a BitLocker Policy for Windows Devices<\/a>.<\/p>\n\n\n\n

Policy fails and returns a “More than one numerical password currently set.” error<\/a>
\n

<\/p><\/div>

Warning:<\/strong> \n

JumpCloud only stores one Recovery Key. When the extra keys are cleared, the BitLocker policy can be applied successfully. Until the Recovery Key appears in the Admin Portal, it is a good idea to back up your Recovery Key. Not properly backing up Recovery Keys may result in potential data loss. Proceed with caution.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

If your BitLocker policy returns an error similar to {“state”: “FAILED”, “detail”: “Bitlocker Protected – More than one numerical password currently set. This configuration is not supported, please ensure that the system only has one or no numerical password in place.”}<\/kbd>:<\/p>\n\n\n\n

Cause<\/h3>\n\n\n\n

The device has multiple Recovery Keys set. This policy is failing because JumpCloud can’t determine which key is ours, and can\u2019t rotate the key properly until an admin clears the extras.<\/p>\n\n\n\n

Solution<\/h3>\n\n\n\n

To remove extra BitLocker Recovery Keys from a device that has its disk fully encrypted:<\/p>\n\n\n\n

    \n
  1. On the Windows device, open a command prompt, running it as an administrator.<\/li>\n\n\n\n
  2. Run the following command:  manage-bde.exe -protectors c: -get<\/kbd>. <\/li>\n\n\n\n
  3. Run  manage-bde.exe -protectors c: -delete -id {ID}<\/kbd> <\/em> to remove the extra numerical password. <\/li>\n<\/ol>\n<\/div><\/div><\/div>\n\n\n\n
    Policy returns a \u201cTPM Ownership has not been established\u201d error \u00a0 \u00a0\u00a0<\/a>
    \n

    If your BitLocker policy returns a \u201cTPM Ownership has not been established\u201d error, follow these steps:     <\/p>\n\n\n\n

      \n
    1. On your device, open PowerShell as an administrator and enter execute Get-Tpm<\/kbd> into the prompt.<\/li>\n\n\n\n
    2. In the results, verify that TpmOwned <\/strong>and AutoProvisioning <\/strong>are set to False\/Disabled<\/strong>. <\/li>\n\n\n\n
    3. Enter Execute Enable-TpmAutoProvisioning<\/kbd> in the prompt.<\/li>\n\n\n\n
    4. Reboot your device.<\/li>\n\n\n\n
    5. Repeat step 1 and verify that TpmOwned <\/strong>and AutoProvisioning <\/strong>are now set to True\/Enabled<\/strong>. In the event this doesn\u2019t occur, follow the steps in the procedure below. <\/li>\n<\/ol>\n<\/div><\/div><\/div>\n\n\n\n
      Policy returns a \u201cTPM is not ready to be used on this device\u201d error<\/a>
      \n

      If your BitLocker policy returns a \u201cTPM is not ready to be used on this device\u201d error, follow these steps: <\/p>\n\n\n\n

        \n
      1. Open the Run window on your device by pressing the Windows<\/strong> + R<\/strong> keys simultaneously. <\/li>\n\n\n\n
      2. Enter tpm.msc<\/kbd> into the Run <\/strong>window.<\/li>\n\n\n\n
      3. Verify that the status displays The TPM is not ready for use<\/em>.<\/li>\n\n\n\n
      4. From the Actions menu on the Run window, select Prepare TPM<\/strong>.<\/li>\n\n\n\n
      5. Using the prompt that appears, restart your device.<\/li>\n<\/ol>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        If your device recommends clearing the TPM, this could result in data loss. If you need to reset TPM, follow Microsoft\u2019s Documentation<\/a>.  <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

          \n
        1. After you restart your device, you may be prompted on the boot screen to accept changes to the TPM state. Verify these changes and accept.<\/li>\n\n\n\n
        2. Repeat steps 1 and 2 and verify that the TPM status displays The TPM is ready for use<\/em>.<\/li>\n<\/ol>\n<\/div><\/div><\/div>\n\n\n\n
          Policy returns a \u201cC: Volume does not have Tpm Key Protector. Non-OS volumes will not be encrypted\u201d error<\/a>
          \n

          BitLocker encryption was applied via the portal, and devices showed successful encryption. However, the Bitlocker policy results show this message: \u201cC: Volume does not have Tpm Key Protector.\u00a0Non-OS volumes will not be encrypted\u201d<\/strong><\/p>\n\n\n\n

          Cause<\/strong> <\/h3>\n\n\n\n

          An additional authentication method was enabled on the systems through GPO.<\/p>\n\n\n\n

          Solution<\/h3>\n\n\n\n

          Follow these steps to resolve the issue:<\/p>\n\n\n\n

            \n
          1. From Start menu<\/strong>, press the Windows<\/strong> logo key on the keyboard.<\/li>\n\n\n\n
          2. Type\u00a0gpedit.msc<\/strong> command and press Enter<\/strong>.<\/li>\n\n\n\n
          3. On the Local Group Policy Editor<\/strong> window, follow the path: Computer Configuration<\/strong> > Administrative Templates<\/strong> > Windows Components<\/strong> > Bit Locker Drive Encryption<\/strong><\/code>.<\/li>\n\n\n\n
          4. Select Operating System Devices<\/strong>.<\/li>\n\n\n\n
          5. On the right pane, double-click Require additional authentication<\/strong> at startup.<\/li>\n\n\n\n
          6. Select the Disabled<\/strong> radio button.<\/li>\n\n\n\n
          7. Ensure the Allow BitLocker without a compatible TPM <\/strong>checkbox in the Options<\/strong> section is unchecked.<\/li>\n\n\n\n
          8. Once done, click OK<\/strong> to allow the changes to take effect and close the Local Group Policy Editor<\/strong> window.<\/li>\n<\/ol>\n<\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

            This article shows you how to troubleshoot issues that can occur with the JumpCloud Windows BitLocker Policy. For configuration instructions, […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,3136,2862,3127],"support_tag":[],"coauthors":[3011],"acf":[],"yoast_head":"\nTroubleshoot: BitLocker Policy for Windows Devices - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Troubleshoot: BitLocker Policy for Windows Devices\" \/>\n<meta property=\"og:description\" content=\"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-29T12:36:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices\",\"url\":\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices\",\"name\":\"Troubleshoot: BitLocker Policy for Windows Devices - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-10-27T18:40:45+00:00\",\"dateModified\":\"2025-01-29T12:36:28+00:00\",\"description\":\"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Troubleshoot: BitLocker Policy for Windows Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Troubleshoot: BitLocker Policy for Windows Devices - JumpCloud","description":"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices","og_locale":"en_US","og_type":"article","og_title":"Troubleshoot: BitLocker Policy for Windows Devices","og_description":"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.","og_url":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices","og_site_name":"JumpCloud","article_modified_time":"2025-01-29T12:36:28+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices","url":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices","name":"Troubleshoot: BitLocker Policy for Windows Devices - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-10-27T18:40:45+00:00","dateModified":"2025-01-29T12:36:28+00:00","description":"Learn how to troubleshoot common issues with the JumpCloud BitLocker Policy for Windows devices.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/troubleshoot-bitlocker-policy-for-windows-devices#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Troubleshoot: BitLocker Policy for Windows Devices"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/100460"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/100460\/revisions"}],"predecessor-version":[{"id":120540,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/100460\/revisions\/120540"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=100460"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=100460"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=100460"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=100460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}