Note: Some computers have BIOS settings that skip measurements to certain PCRs, such as PCR[2]. Changing this setting in the BIOS would cause BitLocker to enter recovery mode because the PCR measurement will be different.
Note: The BitLocker TPM initialization process sets the usage authorization value to zero, so another user or process must explicitly have changed this value.
manage-bde -forcerecovery <BitLockerVolume>
manage-bde. -ComputerName <RemoteComputerName> -forcerecovery <BitLockerVolume>
-forcerecovery
persists for multiple restarts until a TPM protector is added or protection is suspended by the user. When using Modern Standby devices (such as Surface devices), the -forcerecovery
option is not recommended because BitLocker will have to be unlocked and disabled manually from the WinRE environment before the OS can boot up again. For more information, see BitLocker Troubleshooting: Continuous reboot loop with BitLocker recovery on a slate device.Warning: You must include the braces in the ID string.