We have a machine that had bitlocker enabled with a previous hard drive. We moved the drive to another machine and ended up having to reformat that drive and reinstall Windows. I am fairly sure that the drive had Bitlocker disabled before this happened.
We have Bitlocker save the keys in Active Directory with all the systems on the network. These new machines are running Windows 8.1.
I have a new drive in the laptop and when I try to enable Bitlocker, I have problems. Bitlocker passes the check process and says to restart the system. When you restart the system I get the following error message:
Bitlocker could not be enabled. The Bitlocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken. If this computer does not have a TPM, verify that the USB drive is inserted and available. C: was not encrypted.
The system is a brand new Dell Precision M4800 and it does have TPM installed and enabled. And like I said before, it was enabled on the old hard drive at one time.
After doing a bit of research, my guess is that there is a key in Active Directory related to the old system that has become orphaned. (Based on this article I found trying to Google a solution: http://blogs.technet.com/b/askcore/archive/2013/08/05/how-to-cleanup-tpm-information-from-ad-for-windows-8-computers.aspx) However, when you look in Active Directory under this new key area, we have about 12 machines listed there. Unfortunately, the information is cryptic and doesn't have any way for me to tell which key is for which machine. I was thinking I might be able to remove the key and it would solve the problem.
I have tried searching for solutions all over the place but the link above is the only item I've found that could possibly relate. Thus I am trying here. I cannot get the new machine encrypted so that I can deploy it to my user. So I must get this fixed.