Skip to content

Published: May 26, 2015 | Applies to:

If you're getting "You can't create both a recovery password and a recovery key" error message in BitLocker drive encryption wizard, here is how to fix it.

When you’re about to encrypt a drive with BitLocker, the data recovery agent should be enabled. Else in the absence of it, you can’t either encrypt or decrypt a drive. This is applicable to both fixed and removable – BitLocker To Go drives. Thus recently, while encrypting a drive, we came around this message:

You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

The cause behind such kind of issues is that some third-party software have modified data recovery agent settings and disabled it, in case of isolated machines. In case of domain controlled machine, the domain controller might have restricted the data recovery agent and you need to consult with him. But if you’re the system administrator of your machine, and don’t know how to solve this problem, then here is a solution for you.

There is a Group Policy setting to allow or disallow usage of data recovery agent. Altering it will definitely solve your problem, here is how:

FIX : You Can’t Create Both A Recovery Password And A Recovery Key

NOTE : Local Group Policy Editor is only available in Windows Enterprise and Pro editions.

1. Press W8K + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.

GPEDIT 2

2. Navigate here:

Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

3. In the right pane of above shown window, look for the Setting named Choose how BitLocker-protected removable drives can be recovered. Since you’re facing this issue, the policy must have been set to Enabled. Double click on it to get this:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

4. Finally in the above shown window, either you can set the policy to Not Configured (default setting) or let it Enabled and check Allow data recovery agent entry under Options. Click Apply followed by OK. Close the Local Group Policy Editor and now try to encrypt the drive using BitLocker. You’ll find that error has been removed and you’re ready to encrypt drive with a password or smart card:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

Hope this helps! Also checkout:

1. How To Add “Lock Drive” To Context Menu For BitLocker Drives

2. How To Change Password For A Locked BitLocker Drive In Windows 8

3. How To Use 256-Bit Drive Encryption & Cipher Strength For BitLocker


SHARE: Facebook Google+ Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

What's New


Recent Comments

  • wrshepp : Neither one of you fixes worked! In fact it made it worse, n...

    6 hours ago

  • Kapil Arya : ^^ See if FIX 2 mentioned here helps you: http://www.kapilar...

    6 hours ago

  • Kapil Arya : ^^ Yes, already mentioned in article....

    6 hours ago

  • Daffa Ananda : When i disable ipv6, can i re-enable it?...

    8 hours ago

  • Balraj Chuhan : I am connecting my 20 or more pc with Homegroup. After join...

    1 day ago


Windows Group Policy Troubleshooting