1
When I try to add PIN protection to my bitlocker set-up I get the following error:
ERROR: An error occurred (code 0x80310031): This key protector cannot be added. Only one key protector of this type is allowed for this drive.
I have selected "Require startup PIN with TPM" in group policy settings. The rest is set to 'allow'.
Then I used the following command:
manage-bde -protectors -add c: -TPMAndPIN
From what I recall this is a proper setting (I am not setting up TPM+PIN bitlocker for the first time).
Ideas?
I don't have any expertise with your problem, but from your description, it appears that there is already a key protector enacted. Logic suggests to me that you would have to remove the previous key protector before you could add a new one. I await my education. :) – Xavierjazz – 2017-09-09T20:51:32.440
hehe, before setting up bitlocker I have 'cleared' the tpm, and 'retook the ownership' I am not a specialist in TPMs one might think it got cleared.. no you say? hmm – Vega4 – 2017-09-09T21:00:49.900
1well, it did the trick. There was a TPMandPIN setting from a previous installation but why wasn't it active... all in all unexpected things happen when you reinstall windows after a lost bitlocker recovery key. thats not the only thing – Vega4 – 2017-09-09T21:07:38.940
I have made my comment into an answer. I would appreciate it if you accept it. I'm glad it worked. – Xavierjazz – 2017-09-09T21:25:31.397