If you want to encrypt a USB drive with BitLocker To Go, it might happen that the command to start the BitLocker agent is missing in the drive's context menu. If you then try to work around this problem with manage-bde or PowerShell, you will get an error message.

If a drive cannot be encrypted with BitLocker, it is possible that it does not meet the requirements. Therefore, you should first check whether compression has been enabled and whether the cluster size of the file system exceeds 4 KB. Both would be potential obstacles for BitLocker.

But even if these conditions are met, the command to start the BitLocker wizard might still be missing in the context menu of the drive, and the control panel under System and Security > BitLocker Drive Encryption does not show the USB drive.

In some cases the menu entry for BitLocker encryption is missing for a drive

In some cases the menu entry for BitLocker encryption is missing for a drive

In this case, you can try to start encryption using PowerShell or the command line tool manage-dbe. But already querying the status with

Get-BitLockerVolume -MountPoint <drive letter>

usually leads to the following error:

Get-Win32EncryptableVolumeInternal: e: does not have an associated BitLocker volume.
At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:344 char:35
+ ... bleVolume = Get-Win32EncryptableVolumeInternal -MountPoint $MountPoin ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Get-Win32EncryptableVolumeInternal
When the GUI option is missing the encryption cannot usually be activated via PowerShell either

When the GUI option is missing the encryption cannot usually be activated via PowerShell either

The equivalent command

manage-bde -status <drive letter>

generates the following message:

ERROR: The volume E: could not be opened by BitLocker.
This may be because the volume does not exist, or because it is not a valid
BitLocker volume.
The command line tool manage bde also reports an incorrect status 1

The command line tool manage bde also reports an incorrect status 1

You get the same result if you try to encrypt the drive from the command line, for example with Enable-BitLocker.

However, various reports show that this problem only occurs on certain computers. PCs with newer versions of Windows 10 seem to be affected, while it does not exist under version 8.1.

Disable partition with diskpart ^

The solution is to set the partition on the USB stick to inactive. This can be done using the command line tool diskpart.exe. Here you enter the following commands:

list disk
select disk <#number>
list part
select part <#number>
inactive
exit

You pass the number of the disk, which you get from the output of the first command, to the second command. The same applies to the fourth command, where you get the partition number form the previous command

Setting the partition of a removable disk to inactive with diskpart

Setting the partition of a removable disk to inactive with diskpart

After disconnecting and reconnecting the memory stick, the command for BitLocker should appear in the context menu of the drive.

Use a different computer ^

Alternatively, you can activate BitLocker To Go for the removable drive on another PC running an older version of Windows.

However, you do not have to pass the encrypted disk to the user together with the password. Rather, you can simply format the drive afterwards. On the computer that previously refused to encrypt, the command Turn on BitLocker is now available.

Subscribe to 4sysops newsletter!

If there is any data on the external storage medium, you would of course have to back it up beforehand and restore it after formatting.

+4
avataravatar
1 Comment
  1. Mo2b 9 months ago

    Thanks !
    Did de diskpart thing !
    but for me the volume was already inactive, so I put active instead.
    AND IT WORKED !

    list disk
    select disk
    list part
    select part
    active
    exit

    +2

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account