Discover why you're getting the "BitLocker could not be enabled" error. Follow our guide to restart encryption services, fix partition limits, or use AOMEI to encrypt your drive safely.
Data security is no longer optional. With strict corporate compliance standards and data protection laws globally, encrypting your local drives is a basic necessity. Microsoft’s built-in encryption tool, BitLocker, is the go-to solution to prevent unauthorized access to your sensitive files, preventing data theft even if your physical laptop is stolen.
However, many users hit a frustrating roadblock when deploying this security measure: they navigate to their control panel only to find that BitLocker is off can’t enable. Clicking the prompt results in a pop-up stating"BitLocker could not be enabled."
Why does this happen, and how can you force Windows to secure your drive? In this troubleshooting guide, we will break down the hardware and software prerequisites for encryption and provide five proven methods to fix your BitLocker activation error safely.
Before diving into the technical fixes, you must understand Microsoft's strict hardware requirements to encrypt hard drive Windows 10 and Windows 11 devices. If your system fails even one of these checks.
If you meet the OS requirements but still face issues, proceed through the following step-by-step fixes.
The most common reason users cannot turn on BitLocker Windows 11 or Windows 10 is that the underlying Windows service has crashed or was disabled during a system update. You need to ensure it is set to run automatically.
Step 1. Press the Windows Key + R simultaneously to open the Run dialogue box.
Step 2. Type services.msc and press Enter to open the Windows Services manager.
Step 3. Scroll down the alphabetical list until you locate the BitLocker Drive Encryption Service.
Step 4. Right-click the service and select Properties.
Step 5. In the middle of the window, locate the "Startup type" dropdown menu. Change it from "Manual" to Automatic.
Step 6. Click Apply, then click Start to run the service immediately. Click OK and try enabling BitLocker again.
If you are using an older PC or a custom-built workstation without a TPM chip, you will receive an error stating that a compatible TPM cannot be found. You can bypass BitLocker hardware requirements by tweaking the Local Group Policy Editor.
Step 1. Press Windows Key + R, type gpedit.msc, and press Enter.
Step 2. In the left pane, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
Step 3. In the right pane, double-click on Require additional authentication at startup.
Step 4. In the new window, select Enabled at the top left.
Step 5. Under the "Options" section, check the box that says "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)."
Step 6. Click Apply and OK. Restart your computer and try encrypting your C: drive again.
BitLocker refuses to encrypt a partition if it is currently flagged as the "Active" boot partition. You can remove this flag using the built-in Diskpart command-line tool.
❗ Warning: Ensure you are selecting the correct data drive. Modifying incorrect partitions via Diskpart can cause boot failures.
Step 1. Press the Windows Key, type cmd, right-click Command Prompt, and select Run as administrator.
Step 2. Type diskpart and press Enter.
Step 3. Type list disk and press Enter to see all connected drives.
Step 4. Type select disk X (replace X with the disk number containing the drive you want to encrypt) and press Enter.
Step 5. Type list partition and press Enter.
Step 6. Type select partition Y (replace Y with the target partition number) and press Enter.
Step 7. Type inactive and press Enter. The command prompt will confirm the partition has been marked inactive. Close the window and launch BitLocker.
If your system boot partition is smaller than the required 350 MB, BitLocker will instantly fail. You cannot natively expand a partition using Windows Disk Management if there is no contiguous unallocated space next to it.
To easily extend system partition for BitLocker, you should use AOMEI Partition Software. Its "Allocate Free Space" feature allows you to directly siphon unused gigabytes from a data drive (like D:) and inject them directly into your system drive in one click.
Step 1. Download, install, and launch AOMEI Partition Software.
Step 2. On the main interface, right-click a drive with plenty of free space (e.g., your D: drive) and select Allocate Free Space.
Step 3. In the pop-up window, input the amount of space you wish to transfer (e.g., 1.00 GB) and select the destination drive (your system partition) from the drop-down list.
Step 4. Click OK.
Step 5. Click Apply in the top-left corner, and then click Proceed to execute the operation. Once your system partition exceeds 350 MB, BitLocker will function normally.
If you are a Windows Home user, Microsoft restricts you from using BitLocker entirely. Alternatively, if your Windows Pro encryption tool is deeply corrupted and the above fixes fail, you need a robust alternative.
AOMEI Partition Software features an independent, highly secure BitLocker Manager tool. It allows you to enable, manage, backup keys, and encrypt drives flawlessly, completely bypassing standard Windows bugs.
Step 1. Open AOMEI Partition Software. Click on the Tools tab in the top menu and select BitLocker.
Step 2. The software will scan and display all connected operating system drives, fixed data drives, and removable USBs. Locate the drive you wish to secure and click Turn on BitLocker.
Step 3. Create a strong, memorable password to encrypt the drive, confirm the password, and click Next.
Step 4. You will be prompted to back up your 48-digit encryption key. You can choose to Save to a file (recommended, save it to a separate USB drive) or Print the recovery key.
Step 5. Click Next to begin the encryption process. Do not turn off your PC or remove the drive while it is securing your sectors.
Step 6. Once complete, click Completed. Your drive is now locked.
Securing your corporate and personal data is essential. When you discover that BitLocker is off can't enable, it usually boils down to a crashed background service, a missing TPM chip, or restrictive partition layouts. By systematically restarting the BitLocker Drive Encryption Service, bypassing TPM requirements, or adjusting partition flags, you can force Windows to secure your files.
For users who want to bypass technical command lines—or for Windows Home users who are locked out of native encryption entirely—AOMEI Partition Software is the ultimate solution to manage disk partitions securely.
Beyond its powerful standalone BitLocker Manager, AOMEI Partition Software gives you complete control over your workstation. You can safely convert legacy MBR disks to modern GPT formats for Windows 11 readiness, seamlessly allocate free space between drives to fix storage errors, and securely wipe sensitive disks before recycling old PCs.
Why is the BitLocker option completely missing from my Control Panel?
If the BitLocker icon is entirely missing, you are likely running Windows 10 Home or Windows 11 Home. Microsoft restricts native BitLocker to Pro, Enterprise, and Education editions. To encrypt your drives on a Home edition, you must use a specialized third-party encryption manager like AOMEI Partition Software.
Will turning on BitLocker delete my existing files?
No. BitLocker encrypts the data dynamically. Your operating system, personal files, photos, and applications remain exactly where they are, and no data is wiped during the encryption process. However, it is highly recommended to back up your 48-digit unlock key securely.
How do I unlock my drive if I forget my BitLocker password?
If you forget your password, the only way to access your drive is to use the 48-digit recovery key generated when you first enabled BitLocker. This key may be saved on a USB drive, printed on a physical piece of paper, or automatically synced to your Microsoft Account online.
Does BitLocker slow down my computer's performance?
Modern processors include hardware acceleration specifically designed for encryption (AES-NI). For the vast majority of users utilizing standard SSDs and modern CPUs, the performance impact of BitLocker is entirely unnoticeable during daily office work, web browsing, and media consumption.