Event ID - 24589

Event Id24589
SourceMicrosoft-Windows-BitLocker-Driver
DescriptionFailed to enable auto-unlock for volume %2.
Event InformationExplanation: When a computer protected with BitLocker Drive Encryption is restarted, the early startup components perform a series of integrity checks and, if the system passes, attempts to retrieve the needed key information to unlock any BitLocker-protected volumes. Success depends on the availability of configured key protectors, such as the TPM or a user-supplied PIN, and the existence of volume metadata stored within the encrypted drive.

If Windows cannot unlock the Windows operating system volume, BitLocker enters recovery mode. If the user can supply a recovery password or insert a USB flash drive with a recovery key, BitLocker will unlock the volume.

After the Windows operating system volume has been successfully unlocked, BitLocker uses encrypted information stored in the volume metadata and Windows registry to unlock any data volumes configured for automatic unlocking.

According to Microsoft :
Cause :
This event is logged when Failed to enable auto-unlock for volume.
Resolution :
Configure automatic unlocking with Manage-BDE.wsf

The automatic unlocking and locking of data volumes (volumes other than the Windows operating system volume) can be managed by using the Manage-bde.wsf command-line tool.
This condition indicates that auto-unlock of the specified volume could not be configured as requested. To configure autounlock, the following conditions must be met:
  • The Windows operating system volume is always automatically unlocked at startup.
  • The Windows operating system volume is encrypted.
If Windows is configured correctly for these conditions, you can use the Manage-bde command-line tool to configure auto-unlock.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

Enable auto-unlock for a volume

To enable auto-unlock for a volume:
  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt,and then click Run as administrator.
  2. Type cscript manage-bde.wsf -autounlock -enable e: where e: is the drive letter for the volume to be automatically unlocked at startup.
  3. The script should indicate "Automatic unlock is enabled."
Disable auto-unlock for a volume

To disable auto-unlock for a volume:
  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. Type cscript manage-bde.wsf -autounlock -disable e: where e: is the drive letter for the volume to be automatically unlocked at startup.
  3. The script should indicate "Automatic unlock is disabled on volume e:" where e: is the drive letter for the volume to no longer be automatically unlocked at startup.
Verify :
To verify that BitLocker has started successfully:
  1. If the computer is not running, start the computer.
  2. If BitLocker has been configured to use a USB flash drive, insert the USB flash drive. If BitLocker has been configured to use a PIN, enter your PIN when prompted.
    3.Verify that Windows Welcome Screen, Logon Screen or Desktop appears. This indicates that BitLocker has correctly unlocked the Windows operating system volume.
  3. Log on to Windows and access any data volumes that are encrypted with BitLocker.
    Note: Data volumes can be configured to be automatically unlocked or to require manual unlocking.
Reference LinksEvent ID 24589 from Microsoft-Windows-BitLocker-Driver

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.