[Problem Solved] Accidentally Turned off BitLocker, Can’t Turn on Again

Certain users may discover that PC accidentally turned off BitLocker and is unable to be reactivated due to mysterious disk malfunctions. This guide demonstrates how to reactivate BitLocker and deactivate it.

Lucas

By Lucas / Updated on July 9, 2024

Share this: instagram reddit

User case: Bitlocker problem -- turned off accidentally with SSD, now can't turn on again

“Hi, Instead of stopping, accidentally BitLocker turned off on my Samsung SSD Evo, and I want to turn it back on. When I do, I am prompted to encrypt "part of all of drive", which I understand is unnecessary as my SSD has its encryption (as I did not receive initially when things were working correctly). I have UEFI booting, TPM, and'secure boot' in the bios. After turning off the TPM and rebooting, I'm asked for the BitLocker recovery key, which I don't think is normal. Why would I need a recovery key if BitLocker is off? I'm considering wiping the SSD and reinstalling Win10 to acquire BitLocker. If this is what I'm up against, BitLocker may not be worth the hassle. Despite BitLocker being off in win10, the SSD says once I've turned on encryption it can't be taken off, therefore I'm 1/2 encrypted.”

--User from Microsoft Community

Although BitLocker offers convenience for users to protect their privacy, some SSD users may confront some prblems among TPM, UEFI, and BitLocker. In our case, the user found the BitLocker drive on the SSD accidentally turned off and he could not enable it again. The most possible reason is some incompatible settings of TPM and BitLocker, and also some other issues can cause this issue:

1. Firmware or Software Updates: Firmware or software updates can sometimes cause BitLocker to be turned off. This can happen if the update changes the way the system interacts with the TPM or if there are changes in the UEFI/BIOS settings.
2. TPM Configuration: Changes in the TPM configuration or issues with the TPM can cause BitLocker to become disabled. Since the user mentioned turning off the TPM and being asked for a recovery key, it suggests that there might be an issue with how the TPM is handling the encryption keys.
3. UEFI/BIOS Settings: Changes in UEFI/BIOS settings, such as disabling or enabling secure boot, can affect BitLocker. The system might prompt for a recovery key if it detects changes in the boot configuration.

And for encryption of the whole drive, the prompt to encrypt part or all of the drive might be due to the system treating the drive as unencrypted after BitLocker was turned off, prompting the user to encrypt it again. Additionally, the accidental turning off of BitLocker could have reset its configuration, leading to the system asking for encryption settings once more.

Being asked for the BitLocker recovery key when TPM is off can occur because, without the TPM, BitLocker relies on the recovery key as a fallback security measure to ensure that unauthorized changes to the system configuration do not compromise data security. Additionally, BitLocker depends on the TPM to store encryption keys securely, so if the TPM is disabled, BitLocker cannot access these keys and thus prompts for the recovery key.

Solutions of PC accidentally turned off BitLocker

To resolve accidentally turned off BitLocker on SSD and can’t turn it on again, you can try some setting fixes and if they can’t help you, you can try some third-party tool to encrypt your drive.

Way 1. Allow BitLocker to encrypt the whole drive

Since the PC asks to encrypt "part of all of drive", you can try to encrypt your whole drive and see if you can get a new recovery key, which should replace the old one. Please ensure that the TPM is left enabled.

Step 1. Open the control panel and select BitLocker Drive Encryption to enter the management BitLocker interface.

BitLocker

Step 2: In the window that opens, select the drive you want to encrypt and click, in the displayed drop-down menu, click Turn on BitLocker to start BitLocker encryption.

Turn on BitLocker

Step 3. Set a password for the BitLocker encrypted drive, and then Next.

Step 4. Select a way to backups the recovery key, then click Next.

Step 5. To this step, select Encrypt entire drive, then click Next.

Encrypt entire drive

Step 6. Now you can start the encryption process. Click Start encrypting.

The bad point you need to know is that the old Recovery Key may still be used, as the partition containing the boot sector is encrypted and you are currently being prompted for it when you disable the TPM. The sole method of verifying this is to deactivate the TPM after the drive has been encrypted and observe which recovery key is accepted before reactivating it. It is advisable to maintain a record of both keys as a precaution.

Way 2. Reset BitLocker

If you can’t turn BitLocker on, another way to reset BitLocker is to make sure turn it off completely, and restart your PC and try turn it on again.

Step 1. Open the Control Panel, go to System and Security, then BitLocker Drive Encryption.

Step 2. Select "Turn off BitLocker" for the affected drive and follow the prompts to decrypt the drive completely.

Turn off Bitlocker

Now, you need to restart your computer. After PC is ready, try to go back to the BitLocker Drive Encryption settings and select "Turn on BitLocker." Follow the prompts to set up BitLocker encryption again.

Way 3. Try third-party BitLocker management tool to turn it on

If your Windows BitLocker function can’t help you, try AOMEI Partition Assistant Standard, a powerful Windows disk and drive manager for Windows 11/10/8/7 PC. The “BitLocker” function of this tool can perform the same BitLocker feature as Windows. Moreover, this tool allows users using Windows Home to use BitLocker to protect their data.

And this multifunctional software has many handy features like disk check, disk/partition clone, MBR/GPT data-safe conversion, etc.

AOMEI Partition Assistant

The Best Windows Disk Partition Manager and PC Optimizer

Step1. First, download and open AOMEI Partition Assistant Standard. Then, click on the "Tools" tab and choose "BitLocker".

bitlocker-tools

Step 2. You'll see a list of all the drives on your computer, including your operating system drive, fixed data drives, and removable drives. Find the drive you want to encrypt with BitLocker and click on "Turn on BitLocker". (For example, let's say it's drive D:)

turn-on-bitlocker

Tip: It only supports encrypting NTFS partitions. If you are using FAT or FAT32  or other file system, please convert it to NTFS.

Step 3. Set a password for the drive and confirm it by clicking "Next".

turn-on-bitlocker-enter-password

Step 4. Choose how you want to back up your recovery key. You can either save it to a file or print it out.

turn-on-bitlocker-backup-recovery-key

Step 5. If you select "Save to a file", please choose a location on your PC to save the recovery key.

turn-on-bitlocker-save-to-a-file

Then, please click the "Next" button to start the encryption process.

Step 6. The encryption might take a while. Don't close the program, remove the drive, or shut down your computer until it's done. Once it's finished, click "Completed". Now, your drive is BitLocker encrypted.

encryption-completed

Further reading: How to disable BitLocker permanently

If BitLocker always cause problems on your disk, you can also choose to permanently disable it on your PC.

Group Policy Editor is in charge of turning on or off all the services in Windows, including the BitLocker service, it's the most complicated method compared to others, but we’ll give a specific step guide here:

Step 1. Press the Win+R combination and run command “gpedit.msc” to open Local Group Policy Editor.

Step 2. Now, please proceed to the designated pathway:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixes Data Drives

Ultimately, find the setting that restricts writing access to non-BitLocker protected fixed drives.

bitlocker-windows-service

Step 3. Double-click on it, then within, adjust the status to Disabled. Finally, press OK and restart the computer.

disable-bitlocker-group-policy

Conclusion

This post is about how to resolve accidentally turned off BitLocker on Windows PC. If Windows tools can't help you, you can turn to AOMEI Partition Assistant to solve the problem, no matter you need to check your disks or manage BitLocker drive, this tool will offer you satisfactory methods.

Besides Windows PC, this tool also has the Server edition for Windows Server 2022/2019/2016/2012 users to manage Windows Server disks and drives efficiently.

Lucas
Lucas · Staff Editor
I prefer peaceful and quiet life during vacation,but sometimes I watch football match if my favorite club performs brilliantly in that season. And I love reading, painting and calligraphy, thus I send my friends festival handwriting cards every year.