Error 0x80310059: BitLocker Drive Encryption is already performing an operation on this drive
When you turn on BitLocker Drive Encryption on a computer that is running Windows 10 Professional, you receive a message that resembles the following:ERROR: An error occurred (code 0x80310059):BitLocker Drive Encryption is already performing an operation on this drive. Please complete all operations before continuing.NOTE: If the -on switch has failed to add key protectors or start encryption,you may need to call manage-bde -off before attempting -on again.
Cause
This issue may be caused by settings that are controlled by Group Policy Objects (GPOs).Resolution
Important
Follow the steps in this section carefully. Serious problems might
occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.- Start Registry Editor, and navigate to the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
- Delete the following entries:
- OSPlatformValidation_BIOS
- OSPlatformValidation_UEFI
- PlatformValidation
- Exit Registry Editor, and turn on BitLocker Drive Encryption again.
"Access is denied" message when you try to encrypt removable drives
You have a computer that is running Windows 10, version 1709 or version 1607. You try to encrypt a USB drive by following these steps:- In Windows Explorer, right-click the USB drive and select Turn on BitLocker.
- On the Choose how you want to unlock this drive page, select Use a password to unlock the drive.
- Follow the instructions on the page to enter your password.
- On the Are you ready to encrypt this drive? page, select Start encrypting.
- The Starting encryption page displays the message "Access is denied."
Cause
The security descriptor of the BitLocker Drive Encryption service (BDESvc) has an incorrect entry. Instead of NT AUTHORITY\Authenticated Users, the security descriptor uses NT AUTHORITY\INTERACTIVE.To verify that this issue has occurred, follow these steps:
- On an affected computer, open an elevated Command Prompt window and an elevated PowerShell window.
- At the command prompt, enter the following command:
cmd
The output of this command resembles the following:C:\>sc sdshow bdesvc
D:(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCSWRPLORC;;;BU)(A;;CCLCSWRPLORC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
- Copy this output, and use it as part of the ConvertFrom-SddlString command in the PowerShell window, as follows.
If you see NT AUTHORITY\INTERACTIVE (as highlighted), in the output of this command, this is the cause of the issue. Under typical conditions, the output should resemble the following:
Note
GPOs that change the security descriptors of services have been known to cause this issue.Resolution
- To repair the security descriptor of BDESvc, open an elevated PowerShell window and enter the following command:
ps
sc sdset bdesvc D:(A;;CCDCLCSWRPWPDTLORCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLORCWDWO;;;BA)(A;;CCLCSWRPLORC;;;BU)(A;;CCLCSWRPLORC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
- Restart the computer.
The issue should now be resolved.
ReplyDeleteRegister online slotxo online free credit for online