Getting bitlocker to accept my valid passwords

I have attempted to use BitLocker to encrypt a bootable win 10 pro (latest anniversary edition ver) drive on numerous occasions with a NON TPM group policy setup (“Require additional authentication at startup” setting has been enabled and the “allow BitLocker without a compatible TPM” option has been selected) which uses a USB drive or a password for drive entry after encryption is successful.

Unfortunately, I can never get to encrypt the drive because Bitlocker keeps on saying “incorrect password“ regardless of what VALID (and verified matched) password I setup with BitLocker. I have used 8 or more characters which included upper case chars, lowercase chars, numeric digits and even included non-alphanumeric chars like “$” etc.

I have also attempted very simple password cases like only using lower case chars and numbers etc. all without success. So basically, every conceivable valid password combination has been attempted.

These distinct simple and complex password iterations have been aligned with the following group policy selected options in order to make them acceptable to the Bitlocker system:

Within the group policy folders, I have set up the password policy for an operating system drive for a minimum length of 8 chars and have executed ALL the following distinct policy settings combinations:

[1] Enabled the “configure use of passwords for operating system drives” setting and have set up the password complexity setting to be “Do not allow password complexity”.

[2] Did not configure the password policy.

[3] Disabled the “configure use of passwords for operating system drives” setting.

I determined that executing any of the three cases above causes the “Password must meet complexity requirements” setting to be ignored EVEN if enabled. Therefore cases [1] through [3] cover “simple” password entry scenarios like entering only 8 lower case chars etc.

[4] Enabled the “configure use of passwords for operating system drives” setting and set up the password complexity setting to be “allow password complexity” in a system without domain controllers (my single user PC system). In this case, the complexity of the password requirement format is dependent on the whether the “password must meet complexity requirements” is enabled or not.

In case [4] when the “password must meet complexity requirements” setting was enabled the Bitlocker system prompted to me to enter more complex password entries lower case chars and upper case chars, numerical digits and non-alphabetic char combinations (three out of the four categories are required)

[5] The selection of the password complexity setting to “Require password complexity” was not a valid choice because I am on a single user PC system and therefore there are NO domain controllers to interface. Attempting this just yields a Bitlocker “no domain controllers complaint” at the point one is setting their password etc.

Therefore, regardless of any or all of the group policy combinations previously specified and used in conjunction with my related valid password entries, Bitlocker never gets to the encryption stage because it ALWAYS states “INCORRECT PASSWORD”.

I am hoping someone else has previously run into this very annoying case when setting up Bitlocker for a whole operating system drive encryption and can give me some guidance for resolution since in this password rejection state, you pretty much are going nowhere with Bitlocker.

I have already spent over six hours on this with enormous amounts of google searches leading nowhere.

My last closing “thinking out loud” comment at this point is,

[1] is there the possibility of an enabled default BitLocker group policy that precludes all and any valid passwords to be ignored or rejected by Bitlocker that needs to be disabled? 

[2] Is there a Bitlocker related registry key setting that is precluding all valid passwords from being accepted by Bitlocker that needs to be modified?

Thanks ahead for any guidance on this matter.

Ed R 581.  
Can you provide a screenshot of the screen when it asks you for a password.
Would love to see that to grasp where you are stuck.

And one more thing, I am assuming this is just standalone workstation?
So you are NOT connected to a domain controller. Thanks

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I guess I end up solving my own question since few responses with concise answers were forthcoming from this forum:

To clarify the issue, the problem is Bitlocker not correctly recognizing and validating a password phrase at the PRE-BOOT phase of the encryption process.

This means the user entered a correct eight alpha numeric char minimum in the simplest case (no mixture of upper/lower or special chars complexity), that was accepted as an OK password during the setup part of the encryption process but once windows is restarted for the first time to initiate the encryption process, it does not recognize the previously accepted password to start the encryption process.

This happens even though the entered password is EACTLY the SAME one Bitlocker was OK with when the user previously set it up INSIDE windows.

This anomaly seems to affect the BitLocker app ONLY if the pass word validation is attempted from OUTSIDE of windows AKA during the PRE-BOOT phase part of the process.

If the user entered windows successfully and from there attempted to activate an encrypted drive, a correctly entered password phrase would be accepted and validated by BitLocker REGARDLESS of the keyboard utilized.


The problem was that there is an incompatibility between the Bit Locker app and many wireless mini keyboards that do NOT have an F12 key. These keyboards do NOT seem to have a problem with any other windows 10 app that use keyboard entries or with any other whole drive encryption programs during the password validation process (tried the password validation part successfully with four other encryption programs)


Many of these wireless mini keyboards that don’t have an F12 key, necessitate the activation of a specific key such as F7 or the num-lock key BEFORE the password phrase entry is accepted and successfully validated by BitLocker. ONLY then, would Bit Locker detect and validate the correct passwords.

a. The use of a standard size wireless or wired keyboard OR the use of a wireless mini keyboard that HAS an F12 key if the encryption program to be used is Bitlocker .
b. The use of a different encryption program

Hopefully this can help some other poor soul that runs into this very insidious problem yet virtually no one out there knows how to resolve.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.


Question Info

Last updated December 31, 2020 Views 1,078 Applies to: