PC Shuts Down at Bitlocker Password Entry
I have a new Lenovo Desktop running Windows 8.1 Pro with TPM. When the PC is powered on, after the initial Lenovo screen and the Blue Bitlocker Password Entry Screen appears, the computer will shut down (shuts off) while the password is being typed. This
occurs intermittently. Sometimes it shuts down after a few characters, sometimes it shuts down at the last two or three. If no password is typed in at the Blue Entry Screen, the computer will shut off after 60 seconds. When the password can be fully typed
in and entered without the computer shutting down, Windows starts normally, there is no problem entering the Windows password and the computer will operate normally.
The BIOS is fully up to date with BIOS dated 2/5/15. The problem occurred prior to and after BIOS update and Bitlocker was suspended during BIOS update.
In performing initial Bitlocker setup, the group policy editor was set to require additional authentication at startup with TPM and PIN, and enabled Allow Enhanced PINS at Startup. Cipher Encryption Strength was set at 256 AES. A 20 character
enhanced PIN was entered when Bitlocker was enabled and the PIN passed the system check when entered at reboot. Full disk encryption was completed.
I have found one Technet and one Microsoft Community posting reporting similar problems with no solution:
https://social.technet.microsoft.com/Forums/windows/en-US/932630c2-ae3d-4cbd-8d79-a492806363ea/windows-81-bitlocker-automatic-shutdown-during-password-prompt?forum=w8itproinstall
and
http://answers.microsoft.com/en-us/windows/forum/windows8_1-hardware/shut-off-after-60-seconds-bitlocker/ba826ecb-cc2c-4659-b585-c78e20db7365?page=1
I am not an IT professional. Can anyone advise on solution?
Thank you
February 15th, 2015 5:21pm
This is a firmware problem. I have seen this before on some other model (some modern ASUS mainboard). It does not matter what authentication method (TPM/TPM and PIN/Password only/...) is used, it leaves you only some seconds before it shuts down.
Contact Lenovo and tell them to try and reproduce it. They would need to fix their BIOS. Until then: be quick.
February 15th, 2015 5:56pm
This is a firmware problem. I have seen this before on some other model (some modern ASUS mainboard). It does not matter what authentication method (TPM/TPM and PIN/Password only/...) is used, it leaves you only some seconds before it shuts down.
Contact Lenovo and tell them to try and reproduce it. They would need to fix their BIOS. Until then: be quick.
-
Marked as answer by
Brandon RecordsModerator
Tuesday, March 03, 2015 8:43 PM
February 15th, 2015 10:53pm
This is a firmware problem. I have seen this before on some other model (some modern ASUS mainboard). It does not matter what authentication method (TPM/TPM and PIN/Password only/...) is used, it leaves you only some seconds before it shuts down.
Contact Lenovo and tell them to try and reproduce it. They would need to fix their BIOS. Until then: be quick.
-
Marked as answer by
Brandon RecordsModerator
Tuesday, March 03, 2015 8:43 PM
February 15th, 2015 10:53pm
Hi John,
Did the issue occur before ?
Since we still can get into the machine sometimes,we can disable the bitlocker and then reboot to verify whether it is caused by the machine or the bitlocker ?
We can try to have a startup repair in the repair mode considering this issue occurred during the startup .
To get into repair mode ,restart the machine and keep pressing "Shift".
Just as Ronald said we cannot rule out the possibility it is caused by the BIOS ,it is recommended to look for help from the Lenovo at the same time .
Best regards
February 17th, 2015 3:14am
@MeipoXu - you write "we can disable the bitlocker and then reboot to verify whether it is caused by the machine or the bitlocker " - no, we can't. Please consider: his issue is at the bitlocker authentication screen, nowhere else. If we suspend
bitlocker or if we turn off BL (=decrypt), we will not see this prompt and cannot diagnose the problem.
-
Edited by
Ronald Schilf
2 hours 10 minutes ago
February 17th, 2015 4:35am
@MeipoXu - you write "we can disable the bitlocker and then reboot to verify whether it is caused by the machine or the bitlocker " - no, we can't. Please consider: his issue is at the bitlocker authentication screen, nowhere else. If we suspend
bitlocker or if we turn off BL (=decrypt), we will not see this prompt and cannot diagnose the problem.
-
Edited by
Ronald Schilf
Tuesday, February 17, 2015 9:33 AM
February 17th, 2015 12:32pm
@MeipoXu - you write "we can disable the bitlocker and then reboot to verify whether it is caused by the machine or the bitlocker " - no, we can't. Please consider: his issue is at the bitlocker authentication screen, nowhere else. If we suspend
bitlocker or if we turn off BL (=decrypt), we will not see this prompt and cannot diagnose the problem.
-
Edited by
Ronald Schilf
Tuesday, February 17, 2015 9:33 AM
February 17th, 2015 12:32pm
Hi Ronald,
"we can disable the bitlocker and then reboot to verify whether it is caused by the machine or the bitlocker "
This is used to verify whether there will be an issue with the startup .I agree with you this issue may be caused by the BIOS.
Best regards
February 17th, 2015 8:07pm
Until then: be quick.
I wonder if the BIOS would at least support reading the recovery key from a USB stick?
http://windows.microsoft.com/en-us/windows7/learn-more-about-bitlocker-drive-encryption
<quote>
In place of a password, a recovery key that has been stored to a file on removable media, such as a USB flash drive, can also be used to unlock the protected drive.
</quote>
Or, require just a PIN (aka Startup key) after inserting such a flash drive?
FWIW I still have this problem to solve on my Surface RT when I want to use Advanced Boot Options. This has been a reminder to try something like that.
February 18th, 2015 12:00pm
Robert, the machine we had this problem on did work alright with reading a .bek file from a usb thumb drive (aka startup key). A PIN is not called a startup key and cannot be combined with a startup key (a USB thumb drive) without using a TPM as well.
We are still at square one here: we don't even know why the machines shut down. Normally, we would only see shutdowns when the hardware decides the CPU is getting too hot. So it could be that for some reason the cpu is getting too hot at the BL prompt and
at the same time the fans are not getting a command to speed up. That's the only theory I have.
-
Edited by
Ronald Schilf
2 hours 46 minutes ago
February 19th, 2015 3:58am
Robert, the machine we had this problem on did work alright with reading a .bek file from a usb thumb drive (aka startup key). A PIN is not called a startup key and cannot be combined with a startup key (a USB thumb drive) without using a TPM as well.
We are still at square one here: we don't even know why the machines shut down. Normally, we would only see shutdowns when the hardware decides the CPU is getting too hot. So it could be that for some reason the cpu is getting too hot at the BL prompt and
at the same time the fans are not getting a command to speed up. That's the only theory I have.
-
Edited by
Ronald Schilf
Thursday, February 19, 2015 8:58 AM
February 19th, 2015 8:55am
Robert, the machine we had this problem on did work alright with reading a .bek file from a usb thumb drive (aka startup key). A PIN is not called a startup key and cannot be combined with a startup key (a USB thumb drive) without using a TPM as well.
We are still at square one here: we don't even know why the machines shut down. Normally, we would only see shutdowns when the hardware decides the CPU is getting too hot. So it could be that for some reason the cpu is getting too hot at the BL prompt and
at the same time the fans are not getting a command to speed up. That's the only theory I have.
-
Edited by
Ronald Schilf
Thursday, February 19, 2015 8:58 AM
February 19th, 2015 11:55am
I have the same issue on an ASUS Z97-AR MB I bought and configured with win 8.1. Bought the asus TPM module and configured Group Policy for TPM and USB. Then turned on Bitlocker. Noticed the next few boots that unless i quickly entered my pin the computer
turned off. Read it may be fast start in power applet. only appears if hiberrnation is on. turned on hibernation, then turned off fast start. No joy. Updated Bios, no joy, machine runs for days if I dont reboot so its not thermal. I have stressed it with overclocking
ATI Radeon R9 270 to play some games. No shutdowns. only occurs at boot. Sometimes i get a minute, other times 15 seconds. No solution yet. Could if be secure boot through UEFI?
March 5th, 2015 10:48pm
Same issue here with a Asus Z-97A USB 3.1 motherboard. I contacted ASUS and submitted a trouble ticket. I'd recommend you do the same. If enough people complain, they'll have to fix it. They initially tried to tell me it was Microsoft,
but I pointed them to this thread and they escalated it.
March 21st, 2015 2:14pm
I am not absolutely sure its Asus. There seems to be posts of other models with the same problem. I have disabled tpm in the interim as this is quite an annoyance. Lets see what asus says. issues like these usually result in one manufacturer pointing to
another as the problem.
March 21st, 2015 5:45pm
I am running Windows 8.1 Pro. I turned on bitlocker for full drive encryption (this is part of windows 8.1 Pro). Bitlocker works fine - except on startup when it's asking for your password. While I'm typing the password my ASUS laptop shuts off. It shuts
off in approx 10 to 15 seconds. Sometimes I can type fast enough to get it to boot. I have an ASUS laptop Q501LA.
I opened a ticket with ASUS.
Does anyone have any suggestions on this issue?
March 22nd, 2015 4:09pm
I ordered the asus tpm module for another machine with Gigabyte F2A88Xm-D3H running windows 7 Sp1. It should be here in couple of days. If this machine experiences same/similar results then its not the firmware, no OS, etc. It would most likely be the TPM
module and/or drivers associated with it. This is where i got my TPM
Asus Accessory TPM FW3.19 TPM Module BitLocker FW3.19
http://www.amazon.com/Asus-Accessory-TPM-FW3-19-BitLocker/dp/B0085E4WQQ/ref=cm_cr_pr_product_top?ie=UTF8
I had an MSI TPM module for my MSI board, but the BIOS/UEFI never saw the module as being installed and i had to return it last week.
will let you know.
March 22nd, 2015 9:00pm
Folks, this is not a TPM problem.
We see it with or without a TPM.
March 23rd, 2015 3:31am
so your saying that you have implemented bitlocker without a TPM chip, and after such implementation your computer shutsdown prematurely? I would think there would be a huge outcry over this occurring and numerous tech articles. Does anyone with
bitlocker not get shutdown prematurely?
March 23rd, 2015 10:28am
Does anyone with bitlocker not get shutdown prematurely?
I have it on my Surface RT and my only problem with it is having to get out and type its key any time I want to do something unusual at boot time. That's why I mentioned the USB stick alternative. I still don't have that set up for it though.
March 23rd, 2015 11:12am
"I would think there would be a huge outcry over this occurring and numerous tech articles"
- there sure would be. We have bitlocked about 80 devices and only one shows that behavior, a modern Asus mainboard. So to be clear: it's only with certain hardware, that machine is the only one with that mainboard here.
March 23rd, 2015 12:01pm
Got the ASUS TPM module and plugged it into my Gigabyte Motherboard with Windows 7 Sp1. Initialized chip, took ownership, etc. encrypted hard drive. rebooted left it at the please enter pin screen for 30 min. never shutdown. I will try it some more today
when I get back home, so my early conclusion is that this is mainly a ASUS motherboard UEFI problem. Same TPM Infineon chip in both boards. Different OS, so that could be problematic, but at this stage of boot, the OS is not involved. logical conclusion would
be ASUS BIOS. I have updated it to the latest available which is something I do not like to do since I just bricked an MSI MB last week doing this
March 26th, 2015 9:00am
Two days, no unexpected shutdowns, bitlocker screen is rock solid and stays on forever. Same TPM module, this one is the gigabyte MB and the other is Asus. Got to be ASUS problem. Has anyone heard from them. If not I will open a ticket with them
March 26th, 2015 11:08am
I have the same issue. I sent an email to Asus to open a ticket, but I'd appreciate it if you could as well. The more people they have reporting this issue, the higher the priority it will be, and the less likely they will dismiss it as a configuration
issue.
March 29th, 2015 11:48pm
I'm having the exact same issue with the following setup:
Intel Xeon E3 1231 v3
Asus H97-Pro (UEFI 2705)
4x 4096MB Kingston KVR1333D3N9/4G
Samsung SSD 840 EVO (Firmware EXT0CB6Q)
ASUS Strix NVIDIA GeForce GTX 970
Enermax MODU87+ 600W
Windows 8.1 Pro 64bit
I'm running Windows Bitlocker with Hardware Encryption (Windows eDrive) enabled on my EVO 840 SSD. The system runs stable, except when I'm at the password prompt of Bitlocker (random crashes).
Every time it crashes, I get 2 Kernel-PnP warnings in my windows event viewer:
- Event 219 \Driver\WUDFRd failed to load for the device ACPI\PNP0A0A\2&daba3ff&1
- Event 219 \Driver\WudfRd failed to load for the device ROOT\WPD\0000
It seems that this device is the "AMDA00 Interface". Updating/reinstalling the ASUS Probe II Sense Driver 1.0.1.0 did NOT help.
It really seems that this is an ASUS-related issue.
I just submitted the needed details to an ASUS-employee, and he promised me to forward my information to Taiwan.
Really, we need more people reporting this to ASUS! Please, open a ticket, submit necessary information!
April 4th, 2015 12:55pm
Asus support got back to me today and proposed a solution that (so far) works. Let me know if this works for anyone else:
open up command prompt window as administrator:
type in this command: bcdedit /set {bootmgr} bootshutdowndisabled 1
press enter key, wait couple seconds then exit window. reboot the system and see if issue is resolved.
-J
April 30th, 2015 10:42pm
What do you put for {bootmgr} ? Explicitly. Thanx
May 1st, 2015 12:00am
Asus support got back to me today and proposed a solution that (so far) works. Let me know if this works for anyone else:
open up command prompt window as administrator:
type in this command: bcdedit /set {bootmgr} bootshutdowndisabled 1
press enter key, wait couple seconds then exit window. reboot the system and see if issue is resolved.
-J
-
Proposed as answer by
stateofloveandtrust
15 hours 5 minutes ago
May 1st, 2015 2:41am
Asus support got back to me today and proposed a solution that (so far) works. Let me know if this works for anyone else:
open up command prompt window as administrator:
type in this command: bcdedit /set {bootmgr} bootshutdowndisabled 1
press enter key, wait couple seconds then exit window. reboot the system and see if issue is resolved.
-J
-
Proposed as answer by
stateofloveandtrust
Friday, May 01, 2015 4:15 PM
May 1st, 2015 2:41am
How do you get the GUID of the {bootmgr} thanks?
May 1st, 2015 10:07am
I just entered it as is - '{bootmgr}' and it said "command accepted".
I can now leave my bitlocker screen up indefinitely and it wont shut down.
May 1st, 2015 10:19am
Awesome. I am rebuilding mine with 8.1 enterprise now to use applocker (used pro before), so I will implement this weekend after get everything ready. I have installed tpm/bitlocker on a new Dell 6320 and did not have the problem. it must surely be Asus
related, but the bcd command is generic to all motherboards . Need to understand what "bootshutdowndisabled" does.
thanks
May 1st, 2015 12:49pm
This is really a huge deal!! I can confirm this:
bcdedit /set {bootmgr} bootshutdowndisabled 1
working on the following system:
Intel Xeon E3 1231 v3
Asus H97-Pro (UEFI 2705)
4x 4096MB Kingston KVR1333D3N9/4G
Samsung SSD 840 EVO (Firmware EXT0CB6Q) (Hardware Accelerated Encryption)
ASUS Strix NVIDIA GeForce GTX 970
Enermax MODU87+ 600W
Windows 8.1 Pro 64bit
There is a MSDN page that documents the setting (https://msdn.microsoft.com/en-us/library/windows/desktop/aa362652%28v=vs.85%29.aspx):
"BcdLibraryBoolean_BootShutdownDisabled: Disables the 1-minute timer that triggers shutdown on boot error screens, and the F8 menu, on UEFI systems."
-
Proposed as answer by
zeneroq
10 hours 17 minutes ago
May 1st, 2015 5:05pm
This is really a huge deal!! I can confirm this:
bcdedit /set {bootmgr} bootshutdowndisabled 1
working on the following system:
Intel Xeon E3 1231 v3
Asus H97-Pro (UEFI 2705)
4x 4096MB Kingston KVR1333D3N9/4G
Samsung SSD 840 EVO (Firmware EXT0CB6Q) (Hardware Accelerated Encryption)
ASUS Strix NVIDIA GeForce GTX 970
Enermax MODU87+ 600W
Windows 8.1 Pro 64bit
There is a MSDN page that documents the setting (https://msdn.microsoft.com/en-us/library/windows/desktop/aa362652%28v=vs.85%29.aspx):
"BcdLibraryBoolean_BootShutdownDisabled: Disables the 1-minute timer that triggers shutdown on boot error screens, and the F8 menu, on UEFI systems."
-
Proposed as answer by
zeneroq
Friday, May 01, 2015 9:04 PM
May 1st, 2015 9:03pm