Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected

OMG! I spent hours trying to solve Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected.  The user may not be able to provide required input to unlock the volume.  I just had to post for future reference as I will surely forget this in a months time.

I have been enabling Bitlocker encryption for pre-boot authentication on Surface Pro 3; I’ve done quite a few machines and the process for it has always worked until now.  For instructions on Bitlocker encryption for pre-boot authentication on Surface Pro 3 see my other post https://maaadit.wordpress.com/2015/09/03/windows-8-bitlocker-pre-boot-authentication/

So I received a Surface Pro 3 to configure and prior to handing it out to the user I attempt to enable Bitlocker encryption.  I go back to my original post linked above and change the proper Local Group settings:

Require additional authentication at startup.

Enable use of Bitlocker authentication requiring preboot keyboard input on slate

Same old Same Old, whistling while you work…and when I go to Turn On Bitlocker it does not prompt me for the PIN.  I try every which way and nothing.  So I go to the command prompt.  You have to choose to Run as Administrator by the way.  So I issue the Manage-bde -status command and TPM is listed in there for Drive C: but no TPMandPIN.  So I issue the command Manage-bde -protectors -add C: -TPMandPIN, you know, to encrypt requiring the use of a PIN on boot.  And that is when I see Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected.  The user may not be able to provide required input to unlock the volume. 

I mess with the Local Group policy and reboot the machines countless number of times.  I was still able to Turn On Bitlocker but it would go on to encrypt the drive without prompting me to enter the PIN; booting the device also did not prompt for a PIN at startup.  Everything I searched online came back to the same two settings in Local Group Policy that had already been configured:

Require additional authentication at startup.

Enable use of Bitlocker authentication requiring preboot keyboard input on slate

In searching for Error Code 0x803100b5 No Pre-Boot Keyboard Detected I came across this seemingly unrelated link and the fourth bullet caught my attention.

  • BitLocker is not turned on (required for MNE to activate).

  • TPM configuration completed.

  • The group policy correctly matches the MNE password complexity policy.

  • Running the Windows gpupdate /force does not resolve the problem.

This is a domain joined Surface Pro I’m working on; so I issued the gpupdate /force command and … The processing of Group Policy failed because of lack of network connectivity to a Domain Controller...blah, blah, etc; although I had rebooted the machine a few times, it was not talking to the Domain Controller because I had it pointing to another DNS. Anyhow, I change the DNS and issue the gpupdate /force command again and bam Computer Policy update has completed successfully.  Then I issue the Manage-bde -protectors -add C: -TPMandPIN and bam Key Protectors Added: TPM And PIN: <Uses Secure Boot for integrity validation>.

I reboot the machine and get a few weird Bitlocker not enabled errors probably due to the fact that I did not Turn On Bitlocker prior to issuing the Manage-bde -protectors -add C: -TPMandPIN command.  So I go and Turn on Bitlocker by right-clicking on the C: and immediately get prompted to enter my PIN after which I save the Recovery Key to a USB drive and BitLocker Drive Encryption starts Encrypting…hahaha.  In your face Surface Pro Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected!

Advertisements

4 thoughts on “Bitlocker Error Code 0x803100b5 No Pre-Boot Keyboard Detected

  1. I want to let you know that this article helped me immensely. I spent several hours troubleshooting this and was running into the same issue you did. Your article made me realize that the Computer group policy changes were not applying because I was not on the correct network to reach a domain controller. To resolve this, I decided to remove my device from the domain, refreshed Group Policy and was finally able to use a PIN for BitLocker. I then re-added the Surface to the domain once I was able to.

    Thanks again!

    Like

    1. Thx for the comment. Thank goodness for the internet, don’t know where I’d be if not for all the people out there that have helped me out in finding a solution or workaround countless times.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s