Microsoft Intune “You can’t create both a recovery password and a recovery key” | Solved

For the second time, I faced a BitLocker issue when trying to launch automatic encryption on one of the intune joined devices. Since the BitLocker encryption does not kick in automatically, I immediately tried to manually encrypt the disks, and this time I have a new error.

You can find the first issue I faced with Intune Bitlocker from the below link.

Microsoft Intune “BitLocker encryption cannot be applied to this drive” | Solved

Issue

You can’t create both a recovery password and a recovery key. Contact your system administrator for more information.

Since we have already configured the encryption policy as per the official guide, and it works on other devices, this error did not make sense.

Official Intune BitLocker guide: https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices

Solution

Again the issue was caused by a previous attempt to encrypt the disk. It does not matter how many policy changes we push it will not forget the past and move. For BitLocker to attempt again, we have to delete the knowledge of the system on the previous attempt by deleting the FVE registry container located in the below path.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

Once this registry container is deleted, rerun a intunes sync and restart the system. The BitLocker auto encryption should kick in if policy configuration is done.