BitLocker is a Windows-native encryption tool used to protect your hard drive(s) and USB flash drives. We have already discussed how to enable, disable, and manage BitLocker using the Graphical User Interface (GUI), as well as the Command Line Interface (CLI).
However, users have often reported that they see the following error while trying to enable BitLocker on their Windows PC:
Failed to open the BitLocker control panel tool. Error code: 0x80004005
The error can occur on either Windows 10 or Windows 11.
It is still uncertain why this error occurs. However, there are a few theories:
- BitLocker is not supported on the current operating system.
- Critical system files linking to BitLocker have been corrupted.
- The relevant Windows service is not running.
Today we are going to show you how to mitigate this error and get BitLocker back to working normally again.
Table of Contents
How to Fix BitLocker Error Code 0x80004005
Performing only one of these tasks may not fix the issue for you. We suggest you perform all the following mitigation methods to try and fix BitLocker.
Check if BitLocker is Supported
The first thing to do is check whether BitLocker is supported on your operating system or not. Microsoft has only made BitLocker available on the Enterprise and Professional editions of Windows. Therefore, if you are using any other edition, it is likely that you cannot run BitLocker.
To check our OS edition, type in winver in the Run Command box.
Follow the steps below to check if your system supports BitLocker:
-
Type in msinfo32 in the Run Command box, then press the CTRL + Shift + Enter shortcut keys to open System Information with administrative rights.
Open System Information -
Here, in the System Summary tab, you will find the entry “Device Encryption Support” in the right pane. Search for it and look what it states.
Check BitLocker support If it states “Meets prerequisites,” it means BitLocker is supported. If it does not, you either need to install a supported OS or choose a BitLocker alternative.
Run BitLocker Device Encryption Service
As we mentioned, one of the reasons for the said error is that the dependent Windows service isn’t running, which is the “BitLocker Device Encryption” service. Perform the following steps to make sure it is enabled:
-
Open the Services console by typing in services.msc in the Run Command box.
Open Services console -
Here, double-click the service “BitLocker Drive Encryption Service.”
Open service -
From the popup Properties window, select “Startup type” as Automatic, then click Start.
Start service -
Now click Apply and Ok to save the changes.
Save changes
Now check to see if you can perform the task which earlier prompted the BitLocker error.
Run DISM and SFC Repairs
In case the error is caused by any missing or corrupted system files, you can attempt to repair them by running the System File Checker (SFC) and the Deployment Image Servicing and Management (DISM) tools.
Perform these steps to use these tools to attempt to repair BitLocker:
-
Launch the Command Prompt with administrative privileges.
-
Now execute the following command:
DISM.exe /Online /Cleanup-image /Checkhealth
Check health -
The command above will run and should only take a few seconds. Run the following command when it is completed:
DISM.exe /Online /Cleanup-image /Scanhealth
Scan health -
The command above may take a minute or two as it performs a deep scan. When finished, run the following command to repair the system image (if any anomalies are detected):
DISM.exe /Online /Cleanup-image /Restorehealth
Restore health -
Once the 3 DISM cmdlets are finished, run the following SFC cmdlet:
sfc /scannow
Run System File Checker The SFC command can take a few minutes to fully scan your PC and perform any repairs in case of any anomalies. We suggest that you allow ample time for the tool to perform its task.
-
Once completed, restart the computer.
As the computer reboot, check to see if the issue persists.
Configure Additional BitLocker Authentication
You may need to configure additional BitLocker authentication when the computer starts up using the Group Policy editor. Here is how:
-
Open the Group Policy editor by typing in gpedit.msc in the Run Command box.
Open Group Policy editor -
Now navigate to the following from the left pane:
Computer Concifguration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives
-
Double-click the policy “Require additional authentication at startup (Windows Server 2008 and Windows Vista)” in the right pane.
Open policy -
From the popup, select the Enabled radio button and leave all default settings. Then click Apply and Ok.
Enable policy -
To implement the changes, run the following cmdlet in an elevated Command Prompt.
GPUpdate /Force
Enforce Group Policy
Closing Words
BitLocker can add significant protection to the PC, encrypting your data, thus only making it accessible to you. However, if it does not work, then all your content is available in plain text, making it easily accessible.
We certainly hope that the methods discussed above will fix the issue for you. However, if these fail, then as a last resort, you would need to clean install a Windows edition that does support BitLocker.
