When you’re about to encrypt a drive with BitLocker, the data recovery agent should be enabled. Else in the absence of it, you can’t either encrypt or decrypt a drive. This is applicable to both fixed and removable – BitLocker To Go drives. Thus recently, while encrypting a drive, we came around this message:
You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.
The cause behind such kind of issues is that some third-party software have modified data recovery agent settings and disabled it, in case of isolated machines. In case of domain controlled machine, the domain controller might have restricted the data recovery agent and you need to consult with him. But if you’re the system administrator of your machine, and don’t know how to solve this problem, then here is a solution for you.
There is a Group Policy setting to allow or disallow usage of data recovery agent. Altering it will definitely solve your problem, here is how:
FIX : You Can’t Create Both A Recovery Password And A Recovery Key
1. Press + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.
2. Navigate here:
Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives
3. In the right pane of above shown window, look for the Setting named Choose how BitLocker-protected removable drives can be recovered. Since you’re facing this issue, the policy must have been set to Enabled. Double click on it to get this:
4. Finally in the above shown window, either you can set the policy to Not Configured (default setting) or let it Enabled and check Allow data recovery agent entry under Options. Click Apply followed by OK. Close the Local Group Policy Editor and now try to encrypt the drive using BitLocker. You’ll find that error has been removed and you’re ready to encrypt drive with a password or smart card:
Hope this helps!