The TPM will lock itself out after a few incorrect authentication attempts due to incorrect PIN entry. On the TPM lockout, it will boot into WinRE to enable you to enter recovery key, once the correct recovery key is entered, the system will attempt to boot into Windows which will fail if the TPM is still in lockout, and subsequently results in another BitLocker recovery screen.
Check the Bitlocker status
- Power on the Workstation
- Choose the “Skip this drive”
- Click on Advanced options
- Click on Troubleshoot
- Choose Advanced options
- Choose Command Prompt
- Type the command and hit enter: manage-bde -status c:
Unlock the Bitlocker and suspend the protection
- Power on the Workstation
- Choose the “Skip this drive”
- Click on Advanced options
- Click on Troubleshoot
- Choose Advanced options
- Choose Command Prompt
- Type the command and hit enter: manage-bde -unlock c: -rp <your 48-digit recovery password>
- Once the drive is unlocked, type the command to suspend the protection and hit enter: manage-bde -protectors -disable c:
Resume the Bitlocker protection
- Click on the start button
- Choose the Control panel
- Change the view by to Large icons
- Click on Bitlocker Drive Encryption
- Click on resume Bitlocker