Bitlocker - Cannot Enable

After installing Server 2016 updates and rebooting a couple days ago, BitLocker came up in a suspended state for drive C:. When I clicked on Resume protection, I got this popup:  “Wizard initialization has failed. The path specified in the Boot Configuration Data (BCD) for a BitLocker Drive Encryption integrity-protected application is incorrect. please verify and correct your BCD settings and try again.”

This is common enough that there is a Microsoft knowledge base article about it:  KB929834. The article correctly identifies the issue:  BCD has lost track of the boot manager and memory diagnostic (though it doesn’t explain how this happens). Unfortunately, the article’s Resolution instructions do not work, as they assume that the System partition has a drive letter, which it does not.

This Veritas article has the right info about identifying and specifying the System partition (though they are talking about a backup/restore issue).

1. From an administrative command prompt, run these two commands to confirm the issue:

bcdedit /enum {bootmgr}
bcdedit /enum {memdiag}

You’ll see that the Device is “unknown”:

(You can also run bcdedit /enum all to check for the Resume from Hibernate settings, another potential issue mentioned in KB929834. Those settings already had a Device filled in on my machine.)

2. To identify the System volume, run diskpart then list volume:

In the left column, note the volume number of the System partition (4 in my case). Type exit to get out of diskpart.

3. Run the following commands, substituting the volume number found in the previous step:

bcdedit -set {BOOTMGR} device partition=\Device\HarddiskVolume4
bcdedit -set {MEMDIAG} device partition=\Device\HarddiskVolume4

4. Confirm that the both now have a Device listed:

5. Under BitLocker management settings, click Resume protection. It should work now: