[Solved] How to Fix BitLocker Failed to Encrypt C: drive issue?

March 10, 2021, Posted by Admin to BitLocker for Windows Home

When we use the BitLocker encryption feature built into the Windows operating system to encrypt the Windows C: drive, you may get the error prompt 'This device can't use a Trusted Platform Module. Your administrator must select the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes.'. The reason for this problem is that your computer does not contain a TPM chip, TPM is mainly used to save passwords, certificates, and encryption keys, while providing hardware-based authentication and tampering detection. BitLocker uses the TPM chip to generate and store the actual encryption keys, and uses TPM's identity verification and tampering detection mechanisms to prevent illegal data access. If you encounter the same problem and are looking for a solution, here we will introduce in detail how to fix BitLocker failed to encrypt C: drive issue.

Solution 1: Fix BitLocker Failed to Encrypt C: drive issue with the Local Group Policy Editor built into Windows?

Step 1. Press Windows+R, type 'gpedit.msc' into the Run dialog box, and then press Enter to open the 'Local Group Policy Editor'.

run gpedit.msc


Step 2. Navigate to 'Local Computer Policy' > 'Computer Configuration' > 'Administrative Templates' > 'Windows Components' > 'BitLocker Drive Encryption' > 'Operating System Drives' in the left pane.

bitlocker drive encryption policy


Step 3. Double-click the 'Require additional authentication at startup' option in the right pane.

bitlocker require additional authentication at startup


Step 4. Select 'Enabled' at the top of the window, and ensure the 'Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)' checkbox is enabled here.

bitlocker enable authentication at startup


Step 5. Click 'OK' to save your changes. Your change takes effect immediately, so you don’t need to reboot your computer.

After performing the above operations, you can now use the Windows built-in BitLocker feature to encrypt the Windows system partition without get the 'This device can't use a Trusted Platform Module ...' error message.


Solution 2: Fix BitLocker Failed to Encrypt C: drive issue with Hasleo BitLocker Anywhere?

Step 1. Download and install Hasleo BitLocker Anywhere.

Step 2. Launch Hasleo BitLocker Anywhere, right-click the Windows drive letter (usually C:), then click "Turn On BitLocker".

select windows drive to encrypt


Step 3. In this step, you are asked to choose how to unlock the Windows drive at startup. You can choose to enter a password or insert a USB flash drive each time you start your PC.

select how to unlock drive at startup


If you choose to enter a password at startup, you are required to specify a password for encrypting the drive, enter the password and click "Next". You should choose a password having a combination of upper and lower case letters, numbers, spaces, and special symbols.

enter encrypt password


If you choose to insert a USB flash drive at startup, you are required to specify a USB drive to save the startup key, select a USB drive and click "Next".

save bitlocker startup key to usb


Step 4. After clicking "Next", you are asked how you want to backup the BitLocker recovery key. You can save the recovery key to a file or print a copy of it, then click "Next" to move on. Please note that anyone can use the recovery key to gain access to the drive, even if they do not have the startup key or password created in the previous step, so please do not disclose it to others.

back up bitlocker recovery key


Step 5. Now a pop-up will appear asking you if you want to reboot into Pre-OS to encrypt the Windows partition. Click "Yes" to continue.

need reboot into Pre-OS


Step 6. Another pop-up will appear asking you if you want to build a WinPE image to continue. Click "Yes".

need build winpe


Step 7. Hasleo BitLocker Anywhere starts building WinPE. This may take several minutes, so please be patient to wait.

building winpe


Step 8. After successfully builded the WinPE image, Hasleo BitLocker Anywhere will prompt you to reboot the computer, click "Yes" button to allow Hasleo BitLocker Anywhere to reboot your computer.

need reboot computer


Step 9. Hasleo BitLocker Anywhere will now reboot and enter Pre-OS to encrypt the contents of the selected drive using BitLocker drive encryption. The encryption process could take a long time to finish depending on the size of the drive, so please be patient to wait. If you don't want to wait until the encryption operation is finished, "Shut down the computer when the operation is completed" option is a good idea. Just check it.

encrypting drive with bitlocker


Step 10. After the encryption is complete, click the "Finish" button to close the window.

encryption is complete


Step 11. Now you have to enter the BitLocker password or plug in the USB drive which contains the startup key before you can start the Windows.

Enter BitLocker password to boot

Plug in USB drive to boot


Above we will introduced two ways to fix BitLocker failed to encrypt C: drive issue, both of them can help you successfully encrypt the C: drive.