BitLocker could not be enabled when USB drive is not found

Symptoms

When attempting to turn on BitLocker using a Startup Key as a protector and the system check option is accepted, BitLocker restarts the machine to complete the hardware test. If the USB drive holding the Startup Key is removed, or if USB ports are not enumerated correctly by the BIOS, then BitLocker is not enabled on the volume and you may see following error message:


Cause

Boot Manager (Bootmgr) verifies that the key material needed to unlock the disk is available prior to booting and starting encryption.  If it is not available during the pre-boot hardware test prior to encryption, BitLocker will refuse to encrypt rather than leave the disk in a state that may not be usable in the expected manner.  In the Startup Key case, this can occur when Bootmgr fails to find the Startup Key, either because then USB flash drive containing the Startup Key was not plugged in, or because the BIOS did not correctly enumerate the USB port with the USB drive inserted.

Resolution

The resolution will depend on the underlying cause. If you have already verified that the USB flash drive containing the Startup Key is inserted correctly and securely in the USB port, try the following steps:

  1. Some USB ports are not enumerated during boot. Try a different USB port.
  2. Some USB drives cannot be read during boot. Try a different USB dongle.
  3. Boot into the BIOS and ensure USB is supported at boot time.
  4. Check to see if there is a firmware update for your machine.

Properties

Article ID: 2732377 - Last Review: 18 Jul 2012 - Revision: 1

Windows Vista Enterprise, Windows Vista Ultimate, Windows 7 Enterprise, Windows 7 Ultimate, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise

Feedback