When you’re about to encrypt a drive with BitLocker, the data recovery agent should be enabled. Else in the absence of it, you can’t either encrypt or decrypt a drive. This is applicable to both fixed and removable – BitLocker To Go drives. Thus recently, while encrypting a drive, we came around this message:

You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

The cause behind such kind of issues is that some third-party software have modified data recovery agent settings and disabled it, in case of isolated machines. In case of domain controlled machine, the domain controller might have restricted the data recovery agent and you need to consult with him. But if you’re the system administrator of your machine, and don’t know how to solve this problem, then here is a solution for you.

There is a Group Policy setting to allow or disallow usage of data recovery agent. Altering it will definitely solve your problem, here is how:

FIX : You Can’t Create Both A Recovery Password And A Recovery Key

FYI: GPO snap-in is not available in Windows basic editions. If you’re on Windows 10 Home and want to use Group Policy, go here and upgrade to Pro edition.

1. Press W8K + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.

GPEDIT 2

2. Navigate here:

Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

3. In the right pane of above shown window, look for the Setting named Choose how BitLocker-protected removable drives can be recovered. Since you’re facing this issue, the policy must have been set to Enabled. Double click on it to get this:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

4. Finally in the above shown window, either you can set the policy to Not Configured (default setting) or let it Enabled and check Allow data recovery agent entry under Options. Click Apply followed by OK. Close the Local Group Policy Editor and now try to encrypt the drive using BitLocker. You’ll find that error has been removed and you’re ready to encrypt drive with a password or smart card:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

Hope this helps!

1 Comment

Add your comment

  • Matt

    It was already set to Not Configured, so clearly there are other causes for this

  • Leave a Reply

    Your email address will not be published. Required fields are marked *