If a drive cannot be encrypted with BitLocker, it is possible that it does not meet the requirements. Therefore, you should first check whether compression has been enabled and whether the cluster size of the file system exceeds 4 KB. Both would be potential obstacles for BitLocker.
But even if these conditions are met, the command to start the BitLocker wizard might still be missing in the context menu of the drive, and the control panel under System and Security > BitLocker Drive Encryption does not show the USB drive.
In this case, you can try to start encryption using PowerShell or the command line tool manage-dbe. But already querying the status with
Get-BitLockerVolume -MountPoint <drive letter>
usually leads to the following error:
Get-Win32EncryptableVolumeInternal: e: does not have an associated BitLocker volume. At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psm1:344 char:35 + ... bleVolume = Get-Win32EncryptableVolumeInternal -MountPoint $MountPoin ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], COMException + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Get-Win32EncryptableVolumeInternal
The equivalent command
manage-bde -status <drive letter>
generates the following message:
ERROR: The volume E: could not be opened by BitLocker. This may be because the volume does not exist, or because it is not a valid BitLocker volume.
You get the same result if you try to encrypt the drive from the command line, for example with Enable-BitLocker.
However, various reports show that this problem only occurs on certain computers. PCs with newer versions of Windows 10 seem to be affected, while it does not exist under version 8.1.
Disable partition with diskpart ^
The solution is to set the partition on the USB stick to inactive. This can be done using the command line tool diskpart.exe. Here you enter the following commands:
list disk select disk <#number> list part select part <#number> inactive exit
You pass the number of the disk, which you get from the output of the first command, to the second command. The same applies to the fourth command, where you get the partition number form the previous command
After disconnecting and reconnecting the memory stick, the command for BitLocker should appear in the context menu of the drive.
Use a different computer ^
Alternatively, you can activate BitLocker To Go for the removable drive on another PC running an older version of Windows.
However, you do not have to pass the encrypted disk to the user together with the password. Rather, you can simply format the drive afterwards. On the computer that previously refused to encrypt, the command Turn on BitLocker is now available.
Subscribe to 4sysops newsletter!
If there is any data on the external storage medium, you would of course have to back it up beforehand and restore it after formatting.