Skip to content

If you're getting "You can't create both a recovery password and a recovery key" error message in BitLocker drive encryption wizard, here is how to fix it.

When you’re about to encrypt a drive with BitLocker, the data recovery agent should be enabled. Else in the absence of it, you can’t either encrypt or decrypt a drive. This is applicable to both fixed and removable – BitLocker To Go drives. Thus recently, while encrypting a drive, we came around this message:

You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

The cause behind such kind of issues is that some third-party software have modified data recovery agent settings and disabled it, in case of isolated machines. In case of domain controlled machine, the domain controller might have restricted the data recovery agent and you need to consult with him. But if you’re the system administrator of your machine, and don’t know how to solve this problem, then here is a solution for you.

There is a Group Policy setting to allow or disallow usage of data recovery agent. Altering it will definitely solve your problem, here is how:

FIX : You Can’t Create Both A Recovery Password And A Recovery Key

NOTE : Local Group Policy Editor is only available in Windows Enterprise and Pro editions.

1. Press W8K + R and put gpedit.msc in Run dialog box to open Local Group Policy Editor. Click OK.

GPEDIT 2

2. Navigate here:

Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Removable Data Drives

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

3. In the right pane of above shown window, look for the Setting named Choose how BitLocker-protected removable drives can be recovered. Since you’re facing this issue, the policy must have been set to Enabled. Double click on it to get this:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

4. Finally in the above shown window, either you can set the policy to Not Configured (default setting) or let it Enabled and check Allow data recovery agent entry under Options. Click Apply followed by OK. Close the Local Group Policy Editor and now try to encrypt the drive using BitLocker. You’ll find that error has been removed and you’re ready to encrypt drive with a password or smart card:

[FIX] You Can't Create Both A Recovery Password And A Recovery Key For BitLocker Drive Encryption

Hope this helps! Also checkout:

1. How To Add “Lock Drive” To Context Menu For BitLocker Drives

2. How To Change Password For A Locked BitLocker Drive In Windows 8

3. How To Use 256-Bit Drive Encryption & Cipher Strength For BitLocker


Facebook Google+ Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

What's New


Recent Comments

  • Kapil Arya : ^^ Try repairing boot records, see if it helps: https://www....

    2 hours ago

  • Daniel Huervas : Mine it says the os couldn't be loaded because the system re...

    4 hours ago

  • Kapil Arya : ^^ Suggest you to contact software vendor in regards of this...

    17 hours ago

  • SATISH SAHU : 64 bit operating system x64based processor then also I am fa...

    22 hours ago

  • thomas : Error Code 0xc000000e attempting Win10 Recovery from USB ...

    1 day ago

  • Jenna : hello i have an HP Pavilion notebook and i am still on versi...

    1 day ago


Windows Group Policy Troubleshooting