Print
login Account
Search

Enabling BitLocker Drive Encryption for Vista Ultimate could result in error messages - Thinkpad, ThinkStation, ThinkCentre

Symptom

The user may see any of the following error messages:

"BitLocker could not be enabled. The Trusted Platform Module (TPM) was not able to unlock the volume because the system boot information changed. No encryption applied, any changes made to C: during BitLocker setup will be removed."

Affected Configurations

The above symptom may occur on the following systems:

  • ThinkStation: Type with Trusted Platform Module installed and Client Security Solution installed
  • ThinkCentre: Type with Trusted Platform Module installed and Client Security Solution installed
  • ThinkPad: Type with Trusted Platform Module installed and Client Security Solution installed

Applies to:

Microsoft Windows Vista Ultimate 32/64

- The system is configured with hardware Trusted Platform Module (TPM) and Client Security Solution (CSS).

Additional Information:

1. Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.

2. If the User Account Control message appears, verify that the proposed action is what you requested, then click Continue. For more information, see Additional Resources later in this document.

3. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. If your TPM is not initialized, you will see the Initialize TPM Security Hardware wizard. Follow the directions to initialize the TPM and restart your computer.

4. On the Save the recovery password page, you will see the following options: ?Save the password on a USB drive. Saves the password to a USB flash drive. ?Save the password in a folder. Saves the password to a network drive or other location. ?Print the password. Prints the password. Use one or more of these options to preserve the recovery password. For each option, select the option and follow the wizard steps to set the location for saving or printing the recovery password. When you have finished saving the recovery password, click Next.

5. On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check box is selected, and then click Continue. Confirm that you want to restart the computer by clicking Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem.

6. If it is ready for encryption, the Encryption in Progress status bar is displayed. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the tool bar at the bottom of your screen.

Solution

None. Do not replace any hardware for this issue. Working as designed.

Limitation

This issue happens when the TPM is initialized and owned before enable BitLocker, such as CSS will perform. Enrolling users in Client Security Solution in XP will take ownership of TPM. Before upgrading the OS from XP to Vista, users must manually clear TPM.

Manually clear the TPM using the following steps:

Warning: If you have enabled CSS, make sure you have the password for it before you perform the following steps. You will need it the next time you boot to the OS.

- Power off the machine.

- Power on the machine and press F1 key to BIOS setting

- Navigate to Security Setting | Security Chip | clear Security Chip

- Press Enter to clear Security Chip

- Reboot the system and repeat steps 1 to 6 in Additional Information to turn on BitLocker Drive Encryption.

 

 


  • Alias ID: SF08-D0149
  • Document ID: HT003544
  • Last Updated :17/06/2014
  • (c) 2014 Lenovo