Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.


0 like 0 dislike

Using a brand new Surface Pro 3 out of the box, installed current updates.

I've installed a two other things that don't seem connected to the issue: the Cisco Anywhere VPN client and Visual Studio 2013.

I'd like to enable Bitlocker, but during the verification step, the following error is displayed, with no options to continue:

This PC deosn't support entering a BitLocker recovery password during startup. Ask your administrator to configure Windows Recovery Environment so that you can use BitLocker.

The "administrator" in this case is me, and I don't:

  1. ... understand why this has happened
  2. ... know how to fix the issue, as if it's really necessary to make this change, what would I do?
asked by  

4 Answers

0 like 0 dislike
Best answer
Run this on CMD as admin:

powershell.exe -command "New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft -Name FVE; Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\FVE -Name OSEnablePrebootInputProtectorsOnSlates -Value 1 -Type DWord -Force"

This will allow you to enable bitlocker again.
answered by  
0 like 0 dislike
I have same problem but its bit different.

I build new Surface Pro 3 then bitlocker it which worked fine but after few days someone unbitlocker it and now I cant bitlocker it anymore, when I remove it from Domain and try to do it off domain I get same message as Above.

I dont understand why it worked first time but not other times
answered by  
0 like 0 dislike

As already stated the Windows 10 upgrade wipes out the WinRE environment from the recovery partition. If you look in Disk Manager the partition is now empty when under Windows 8 there was content.

You can also confirm this by running

reagentc /info

This is fixed by by copying the winre.wim file from the C:\Windows\System32\Recovery folder which recreates the WinRE area in the recovery partition. Here are the steps to accomplish this:

  1. In DISKPART assign a drive letter to the recovery partition (I used Q:)
  2. Run Robocopy.exe C:\Windows\System32\Recovery\ Q:\Recovery\WindowsRE\ Winre.wim /copyall /dcopy:t
  3. Run reagentc /setreimage /path Q:\Recovery\WindowsRE
  4. Run reagentc /enable
  5. Use DISKPART to remove the drive letter previously assigned to the recovery partition.

Confirm it works with:

reagentc /info
answered by  
0 like 0 dislike

This worked well with Windows 10, with a couple of tweaks, swapping steps 5 & 6. You must use the FORMAT command before exiting DISKPART. Also, if like me you have upgraded from 8.1 to Enterprise, to Windows 10 you might have multiple recovery partitions. You can use reagent /info beforehand to check which partition is currently being used. The reagent /enable process failed when I tried to change to an older recovery volume.

  1. Start CMD as Administrator, enter DISKPART
  2. Enter LIST VOLUME
  3. Then select the recovery volume with SELECT VOLUME x where x is the corresponding number of the volume
  4. Enter ASSIGN LETTER=Q (to assign the letter Q:/ to the recovery partition)
  5. Enter FORMAT fs=ntfs label="Recovery" quick override where label="Recovery" is optional and works with any other name as well
  6. Enter EXIT to leave diskpart
  7. Run Robocopy.exe C:\Windows\System32\Recovery\ Q:\Recovery\WindowsRE\ /copyall /dcopy:t
  8. Run reagentc /setreimage /path Q:\Recovery\WindowsRE
  9. Run reagentc /enable
  10. Run reagentc /info to check whether the setup worked, "WinRe-Status" should be enabled now
  11. Use DISKPART to remove the drive letter previously assigned to the recovery partition. To do that repeat steps 1. to 3. and then enter REMOVE LETTER=Q
answered by