Skip to content

If you're getting "You can't create both a recovery password and a recovery key" error message in BitLocker drive encryption wizard, here is how to fix it.

When you’re about to encrypt a drive with BitLocker, the data recovery agent should be enabled. Else in the absence of it, you can’t either encrypt or decrypt a drive. This is applicable to both fixed and removable – BitLocker To Go drives. Thus recently, while encrypting a drive, we came around this message:

You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

The cause behind such kind of issues is that some third-party software have modified data recovery agent settings and disabled it, in case of isolated machines. In case of domain controlled machine, the domain controller might have restricted the data recovery agent and you need to consult with him. But if you’re the system administrator of your machine, and don’t know how to solve this problem, then here is a solution for you.

There is a Group Policy setting to allow or disallow usage of data recovery agent. Altering it will definitely solve your problem, here is how:

FIX : You Can’t Create Both A Recovery Password And A Recovery Key

FYI: GPO snap-in is not available in Windows basic editions. If you’re on Windows 10 Home and want to use Group Policy, go here and upgrade to Pro edition.

1. Press W8K + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.

GPEDIT 2

2. Navigate here:

Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

3. In the right pane of above shown window, look for the Setting named Choose how BitLocker-protected removable drives can be recovered. Since you’re facing this issue, the policy must have been set to Enabled. Double click on it to get this:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

4. Finally in the above shown window, either you can set the policy to Not Configured (default setting) or let it Enabled and check Allow data recovery agent entry under Options. Click Apply followed by OK. Close the Local Group Policy Editor and now try to encrypt the drive using BitLocker. You’ll find that error has been removed and you’re ready to encrypt drive with a password or smart card:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

Hope this helps!


Facebook Google+ Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

What's New


Recent Comments

  • Ahmad Hammadeh : Hi, Does not work for Windows 10 1607 Any other idea...

    12 hours ago

  • Kapil Arya : ^^ Try repairing your Windows 10 with In-place upgrade, see ...

    17 hours ago

  • Kapil Arya : ^^ Try Refresh. it won't affect your data....

    17 hours ago

  • Mayank : Neither of the fixes work for me. Using HP laptop with Win 8...

    18 hours ago

  • Robert Headley : I was hoping this would resolve my problem, because I have t...

    1 day ago

  • srikanth : Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Cor...

    1 day ago