"BitLocker couldn't contact the Domain" error during activation (Non-Domain system)


D

dcan

New member
Local time
10:17 AM
Posts
1
OS
Windows 11
I get the error in the title when trying to activate BitLocker on my non-domain joined, Windows 11 Pro workstation (fully patched). I've researched the issue and most threads suggest changing Group Policy; however, both "Store Bitlocker Recovery to Active Directory Domain Services" and "Configure use of Passwords for Removable Data Drives" policies are disabled. The workstation should meet BitLocker system requirements and has TPM 2.0. It should be noted that the system has been hardened, but I don't see any other policies in BitLocker Drive Encryption that would cause it to reach out to a domain controller. Any help would be greatly appreciated.

Edit: Changing the "Choose how Bitlocker-protected operating system drives can be recovered" policy fixed the initial issue. It was trying to store Bitlocker recovery info to an AD. However, now the error message reads "There are conflicting settings for recovery options...When a recovery password is required backup to active directory should be turned on or the user should be required to save the recovery password." I assume this is a specific policy that needs disabling or enabling.
 
Windows Build/Version
Windows 11 Pro
Last edited:

My Computer

System One

  • OS
    Windows 11

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build 22631.5039
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    1000/400Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 23H2 Build: 22631.4249
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
I had this same issue, are you using a second hand device by any chance? What the issue was for me was that despite being factory reset, at some point in the devices lifecycle it was enrolled in an MDM solution, in this case Intune + Windows Autopilot. Even though the device was deleted from Intune, the sysadmin at the company who previously owned the device did not disable it on windows autopilot. Reach out to whoever you purchased it from with the serial number and ask them to remove it from their autopilot enrollment list
 

My Computer

System One

  • OS
    Windows 10
You must log in or register to reply here.

Similar threads

Microsoft Store: install Apps for domain accounts despite WSUS
Replies
1
Views
4K
bwmgwm
B
  • Article Article
Netjoin: Domain join hardening changes for Windows
Replies
0
Views
670
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom