Bitlocker start decryption by itself after the first reboot

Hello Artem Yatsenko,

thank you for posting on the Microsoft Community Forums.

For this issue, here are a few possible causes and solutions to investigate:

1. Group Policy Settings: There might be a Group Policy setting that is causing BitLocker to decrypt the drive. Check the Group Policy settings on your PC to ensure that there are no policies configured to automatically decrypt the drive.

2. Third-Party Software Conflict: Sometimes third-party security software or disk management tools can interfere with BitLocker. Try disabling or uninstalling any such software to see if that resolves the issue.

3. TPM Configuration: The Trusted Platform Module (TPM) might be misconfigured or malfunctioning. Ensure that the TPM is enabled and functioning correctly in the BIOS/UEFI settings. You can also try clearing the TPM and reinitializing it.

4. Re-enabling BitLocker: Try fully decrypting the drive manually and then re-enabling BitLocker.

5. Account Permissions: Ensure that your user account has the necessary permissions to manage BitLocker. If you're using a standard account, consider trying from an administrator account.

Hope it helps.

Best regards,

Lei

I tested that, when I turn off TMP - Bitlocker works properly, but when I enabling TMP - it start decrypting bitlocker and bitlocker become filly decrypted. What steps I should do to troubleshoot TMP?

To identify and resolve issues related to TPM and BitLocker, please try these:

1. TPM Initialization and Configuration

- Clear TPM: Sometimes, clearing the TPM can resolve issues. Note that clearing the TPM can reset certain settings, so make sure to back up important data.

- Go to **Windows Security** > **Device Security** > **Security processor (TPM) details** > **Security processor troubleshooting** > **Clear TPM**.

- Reinitialize TPM: Check if your TPM is initialized and ready for use.

- Run `tpm.msc` command in the Run dialog (Win + R) and verify that the TPM is initialized.

2. TPM Firmware and Drivers Update

- Update TPM Firmware: Check if there is a firmware update available for your TPM from Dell's support website.

- Check for Driver Updates: Ensure that you have the latest system and TPM drivers installed. Check Dell's support site for any updates.

3. Group Policy Configuration

- BitLocker Group Policy Settings: There are Group Policy settings related to TPM and PIN that might be affecting behavior.

- Open **Local Group Policy Editor** (gpedit.msc).

- Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives**.

- Ensure that policies like **"Configure TPM startup PIN"** and **"Require Additional Authentication at Startup"** are properly configured.

4. Reset BitLocker Configuration*

- Disable BitLocker and Re-Enable: Reset BitLocker configuration by disabling and then reenabling it.

- Open **Control Panel** > **BitLocker Drive Encryption**.

- Turn off BitLocker, wait for the decryption to complete, and then turn it back on.

- Ensure you select options to use both TPM and PIN during setup.

5. BIOS/UEFI Settings

- Check BIOS/UEFI Settings: Ensure that the TPM is enabled and configured correctly in the BIOS/UEFI settings. Also, check if there are any firmware updates for your BIOS/UEFI.

If the issue persists, it might be worth contacting Dell support for further assistance, as there could be a specific firmware or hardware-related issue with your Dell OptiPlex 3040.

1. TPM Initialization and Configuration

- Clear TPM: done (+)

- TPM status: ready for use (+)

2. TPM Firmware and Drivers Update

- Update TPM Firmware: TPM version Full: 1.258.0.0

- "There are no new updates. The most recent updates are already installed."

3. Group Policy Configuration
The policies is configured in the following way as shown in the screenshots

4. Reset BitLocker Configuration

- As far as bitlocker is decrypting by itself, by default bitlocker was turned off, so I turned it on.

- options to use both TPM and PIN during setup: (look at screenshot)

5. BIOS/UEFI Settings

- TPM is enabled (look at screenshot above)

- BIOS is updated

* My PC version is Dell Latitude 3520

! Also, noticed that TPM driver version 1.3.2.8 is available (the latest version) but this driver is incompatible this my device.

THE PROBLEM STILL PERSIST
Could you confirm, that I performed all the troubleshooting steps correctlly?

Hello!
Could you confirm, that I performed all the troubleshooting steps correctlly?

Especially, GPO configurations?