Issue:
Encryption or Decryption fails with the Error 0x80310029
BitLocker Drive Encryption cannot be turned off on the operating system drive until the auto
unlock feature has been disabled for the fixed data drives and removable data drives associated with this computer
Error: 0x80310029"
Error message can be found in different logs. For example:
SDCC.log
[2023-06-01 15:15:21.726] [4396:6404] DBG SDD AddAuditLog: Action = 166, details = 'C:', user = '', error = 0x80310029
[2023-06-01 15:15:21.733] [4396:6404] DBG SDD Managed conversion set to: 0
[2023-06-01 15:15:21.737] [4396:4748] DBG SDC ReturnError: Windows error message retrieved: 'Die BitLocker-Laufwerkverschlüsselung kann für das Laufwerk des Betriebssystems erst deaktiviert werden, wenn das Feature für automatisches Entsperren für die dem Computer zugeordneten integrierten Datenlaufwerke und die Wechseldatenlaufwerke deaktiviert wurde.'
SDBat.log:
[2023-06-01 14:35:07.146] [6296:8092] INFO SDD AUDIT LOG (0x80310029): Entschlüsselung des logischen Laufwerks wird gestartet
[2023-06-01 14:35:07.146] [6296:8092] DBG SDC ReturnError: Windows error message retrieved: 'Die BitLocker-Laufwerkverschlüsselung kann für das Laufwerk des Betriebssystems erst deaktiviert werden, wenn das Feature für automatisches Entsperren für die dem Computer zugeordneten integrierten Datenlaufwerke und die Wechseldatenlaufwerke deaktiviert wurde.'
[2023-06-01 14:35:07.149] [6296:8092] DBG SDD RunCmdFve: wEdisk(FVE) decrypting boot drive 2, bOperation: 7, status: 0x80310029
[2023-06-01 14:35:07.149] [6296:8092] DBG SDD RunCmdEnc_Decrypt: Decrypting boot (Non-SED) disk finished with status: 0x80310029
Symptoms:
Autologin doesn't work, can only enter machine with Challenge Response. No context menu in Windows
Solution:
The customer solved the issue with the following two commands:
manage-bde -autounlock -ClearAllKeys Volume
and
manage-bde -protectors -delete c: -t externalkey
autounlock Manages the automatic unlocking of BitLocker-protected data drives
ClearAllKey Removes all stored external keys on the operating system drive.
protectors Manages the protection methods used for the BitLocker encryption key.
delete Deletes key protection methods used by BitLocker. All key protectors will be removed from a drive unless the optional -delete parameters are used to specify which protectors to delete. When the last protector on a drive is deleted, BitLocker protection of the drive is disabled to ensure that access to data is not lost inadvertently.
externalkey Specifies that any external key protectors associated with the drive should be deleted.