Event ID - 514

Event Id514
SourceMicrosoft-Windows-BitLocker-API
Description"Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services. Errorcode: %2 Protector GUID: %1 Volume GUID: %3"
Event InformationAccording to Microsoft :
Cause :
This event is logged when Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services.
Diagnose :
This error might be caused by one of the following conditions:
The computer was not connected to organization's network
To back up recovery passwords to AD DS, computer must be connected to organization's network when enabling BitLocker. If have enabled BitLocker while disconnected from the network, or while accessing a network outside of the domain, such as a home network, a hotel network, or "hotspot," BitLocker will not be able to back up recovery password.
If the computer was not connected to organization's network, see the section titled "Connect to your organization's network and recreate the recovery password."
The computer cannot reach a writable domain controller due to connectivity issues
To perform this procedure, must have membership in Users, or must have been delegated the appropriate authority.
If the computer cannot reach a writable domain controller due to connectivity issues, see the section titled "Establish connectivity and recreate the recovery password"
The computer is not a member of an AD DS domain
In order for BitLocker to be able to back up recovery passwords to AD DS, the computer must be a member of an AD DS domain.
To perform this procedure, must have membership in Users, or must have been delegated the appropriate authority.
To determine whether the computer is a member of a domain:
  1. Click Start, right-click Computer, and then click Properties.
  2. In the Computer name, domain, and workgroup settings section, the last entry contains the name of the computer's workgroup or domain.
  3. If the entry indicates that the computer is a member of a Workgroup, then it is not a member of a domain.
If the computer is not a member of an AD DS domain, see the section titled "Join the computer to a domain and recreate the recovery password.
The AD DS domain has not been properly configured to store recovery information
Backing up the recovery information in AD DS requires specific configuration steps. Microsoft has published extensive guidance and tools to facilitate the configuration.
To perform these procedures, must have membership in Domain Admins, or must have been delegated the appropriate authority.
To determine the configuration of AD DS:
  1. Review the information provided in "Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information".
  2. After reviewing all of the information, use a tool such as ADSIedit.msc or LDP.exe to verify that the required attributes and objects were created.
  3. Run the list-ace.vbs script as described in Appendix F and compare the reported output with the configuration described in the document.
If the AD DS domain has not been properly configured to store recovery information, see the section titled "Reconfigure AD DS and recreate the recovery password.
Resolve
To resolve this issue :
Cause :
The computer was not connected to organization's network
Resolution :
Connect to organization's network and recreate the recovery password
Connect the computer to a domain network
First, connect to organization's network by using one of the following methods:
Establish a wired connection at a physical site operated by your organization.
Connect by using a wireless network provided by your organization that connects to your internal network.
If available, connect remotely to your organization's network by using a virtual private network (VPN).
Then, in order to force BitLocker to back up the recovery passwords to AD DS, recreate the recovery password by using the following procedure.
Recreate the recovery password
To perform this procedure, must have membership in Administrators, or must have been delegated the appropriate authority.
Cause :
The computer cannot reach a writable domain controller due to connectivity issues
Resolution :
Establish connectivity and recreate the recovery password
The following procedures describe the steps to troubleshoot a network connection and then recreate BitLocker recovery passwords for backup to AD DS after connectivity has been restored.
To perform this procedure, must have membership in Users or must have been delegated the appropriate authority.
I Restore connectivity between the computer and the domain controllers
To restore connectivity between the computer and the domain controllers:
  1. Determine at what point connectivity is failing by using network troubleshooting steps.
  2. Resolve any networking issues. If unable to discover or resolve the networking issue, contact help desk or support organization for assistance.
II Recreate and back up a new BitLocker recovery passwordAfter connectivity has been restored, in order to force BitLocker to back up the recovery passwords to AD DS, recreate the recovery password by using the following procedure.
To perform this procedure, must have membership in Administrators or must have been delegated the appropriate authority.
Cause :
The computer is not a member of an AD DS domain
Resolution :
Join the computer to a domain and recreate the recovery password
Join the computer to a domain, and then recreate the BitLocker recovery passwords for backup.
To perform these procedures, must have membership in Administrators or must have been delegated the appropriate authority.
  • Join the computer to a domain
  • Back up the BitLocker recovery password to AD DS
Cause :
The AD DS domain has not been properly configured to store recovery information
Resolution :
Reconfigure AD DS and recreate the recovery password
Configuring your domain for backup of BitLocker recovery information involves verifying or extending your AD DS schema, correctly configuring permissions on directory objects, and configuring clients with Group Policy or local policies to back up the recovery information.
The first of the following procedures describes the resources to help configure a domain to back up BitLocker recovery passwords, and the second procedure provides the steps to recreate BitLocker recovery passwords for backup to AD DS after the domain has been configured.
  • Configure AD DS to back up BitLocker recovery information
    To perform this procedure, must have membership in Domain Admins or must have been delegated the appropriate authority.
  • Recreate and back up the BitLocker recovery password to AD DS
    To perform this procedure,must have membership in Administrators, or must have been delegated the appropriate authority.
Reference LinksEvent ID 514 from Microsoft-Windows-BitLocker-API

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh