When I try to add PIN protection to my bitlocker set-up I get the following error:
ERROR: An error occurred (code 0x80310031): This key protector cannot be added. Only one key protector of this type is allowed for this drive.
I have selected "Require startup PIN with TPM" in group policy settings. The rest is set to 'allow'.
Then I used the following command:
manage-bde -protectors -add c: -TPMAndPIN
From what I recall this is a proper setting (I am not setting up TPM+PIN bitlocker for the first time).
Ideas?