Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected

OMG! I spent hours trying to solve Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected.  The user may not be able to provide required input to unlock the volume.  I just had to post for future reference as I will surely forget this in a months time.

I have been enabling Bitlocker encryption for pre-boot authentication on Surface Pro 3; I’ve done quite a few machines and the process for it has always worked until now.  For instructions on Bitlocker encryption for pre-boot authentication on Surface Pro 3 see my other post https://maaadit.wordpress.com/2015/09/03/windows-8-bitlocker-pre-boot-authentication/

So I received a Surface Pro 3 to configure and prior to handing it out to the user I attempt to enable Bitlocker encryption.  I go back to my original post linked above and change the proper Local Group settings:

Require additional authentication at startup.

Enable use of Bitlocker authentication requiring preboot keyboard input on slate

Same old Same Old, whistling while you work…and when I go to Turn On Bitlocker it does not prompt me for the PIN.  I try every which way and nothing.  So I go to the command prompt.  You have to choose to Run as Administrator by the way.  So I issue the Manage-bde -status command and TPM is listed in there for Drive C: but no TPMandPIN.  So I issue the command Manage-bde -protectors -add C: -TPMandPIN, you know, to encrypt requiring the use of a PIN on boot.  And that is when I see Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected.  The user may not be able to provide required input to unlock the volume. 

I mess with the Local Group policy and reboot the machines countless number of times.  I was still able to Turn On Bitlocker but it would go on to encrypt the drive without prompting me to enter the PIN; booting the device also did not prompt for a PIN at startup.  Everything I searched online came back to the same two settings in Local Group Policy that had already been configured:

Require additional authentication at startup.

Enable use of Bitlocker authentication requiring preboot keyboard input on slate

In searching for Error Code 0x803100b5 No Pre-Boot Keyboard Detected I came across this seemingly unrelated link and the fourth bullet caught my attention.

  • BitLocker is not turned on (required for MNE to activate).

  • TPM configuration completed.

  • The group policy correctly matches the MNE password complexity policy.

  • Running the Windows gpupdate /force does not resolve the problem.

This is a domain joined Surface Pro I’m working on; so I issued the gpupdate /force command and … The processing of Group Policy failed because of lack of network connectivity to a Domain Controller...blah, blah, etc; although I had rebooted the machine a few times, it was not talking to the Domain Controller because I had it pointing to another DNS. Anyhow, I change the DNS and issue the gpupdate /force command again and bam Computer Policy update has completed successfully.  Then I issue the Manage-bde -protectors -add C: -TPMandPIN and bam Key Protectors Added: TPM And PIN: <Uses Secure Boot for integrity validation>.

I reboot the machine and get a few weird Bitlocker not enabled errors probably due to the fact that I did not Turn On Bitlocker prior to issuing the Manage-bde -protectors -add C: -TPMandPIN command.  So I go and Turn on Bitlocker by right-clicking on the C: and immediately get prompted to enter my PIN after which I save the Recovery Key to a USB drive and BitLocker Drive Encryption starts Encrypting…hahaha.  In your face Surface Pro Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected!

#0x803100b5, #0x803100b5-no-pre-boot-keyboard-detected, #bitlocker, #bitlocker-0x803100b5-no-pre-boot-keyboard-detected, #bitlocker-drive-encryption, #bitlocker-pin, #bitlocker-preboot, #bitlocker-system-drive, #no-pre-boot-keyboard-detected, #surface-pro