LKBEN11551: Bitlocker ask pin or password at every boot for a virtual machine running on HyperV.


Somehow you always need to go on the hypervisor to enter a password for booting.


This is due to the fact of bitlocker encryption but can be changed.


A VM who needs a key at boottime is not productive. First you should check your if your settings in HyperV have a TPM defined.

This can be done in HyperV with a right click on the Virtual Machine, select settings. Go to security and check the checkbox for "activate Trusted Platform Module". If this is not present, you shutdown the VM, change the setting and start the VM.

After startup, and with entering the RecoveryPassword, you can check the presence of the TPM in windows setting or via powershell with:


To check your encrypted volume you can use the following command:


The result should look like the following:

The problem is the KeyProtector. It reads "RecoveryPassword". That's why the system asks for it at boottime.

Here we need to add at least our TPM Chip. This can be done with:

manage-bde.exe -protectors -add c: -tpm

You can check the result wit Get-BitLockerVolume.

The KeyProtector should list the Tpm.

If your Tpm is active and your output of Get-BitLockerVolume lists "Tpm", you can reboot your system without entering a password.

Have fun.



The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.

Latest update: 25/03/2022 | Comment: