BitLocker Drive Encryption Recovery Key

Similar Messages

• Hp Drive Encryption Recovery key

  Good day my hp probook needs a recovery key on the screen its written recovery key; hp Drive Encryption

  Hi,
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Did you mean you have re-install the OS? Did you use another clean image rather than capturing the old OS?
  Did you encrypt the OS partition?
  Please use below command to check the status:
  manage-bde -status
  If there is any volume is encrypted, use below command to turn it off:
  manage-bde -off C:
  Karen Hu
  TechNet Community Support

• Diffuser missing from BitLocker Drive Encryption

  I couldn't help but notice on my Windows Server 2012 Essentials installation that the Diffuser options are gone from BitLocker Drive Encryption. This was a shocker. Since Windows Vista/Server 2008, the following four options have always been available:
  AES 256-bit with Diffuser
  AES 128-bit with Diffuser
  AES 256-bit
  AES 128-bit
  The default was AES 128-bit with Diffuser, but I always opted for the strongest, and changed it to AES 256-bit with Diffuser. I made this change after probing around Google and Bing to see if BitLocker with Diffuser provided stronger encryption than BitLocker
  sans Diffuser.  What I found supported the use of Diffuser as being the strongest, thereby making AES 256-bit with Diffuser the strongest encryption of the four settings.
  So to find Diffuser culled from BitLocker was a shocker, and made me lose a bit of respect for the technology. Why would you WEAKEN the product (BitLocker) by removing the stronger versions of the encryption?  This TechNet article is quite disappointing: http://technet.microsoft.com/en-us/library/hh831713.aspx
  The article simply says, "The Diffuser option is no longer available to be added to the Advanced Encryption Standard (AES) encryption algorithm" under the heading "Removed
  or deprecated functionality." There is ZERO explanation.
  I'm hoping someone can answer this, please. WHY would you take out the stronger versions of encryption in favor of leaving the weaker ones? Wouldn't it be more appropriate
  to deprecate the non-Diffuser variants and require the use of Diffuser?
  BitLocker was, and still is, a great technology, but it was just made quite a bit weaker with the release of Windows 8 and Server 2012.

  Hi Manoj,
  If I understand your answer, are you saying that the BitLocker options with Diffuser are actually WEAKER than those without it?
  It's always been my impression that FIPS aims for the highest possible security standards.  If FIPS-only environments allow BitLocker without Diffuser but disallow BitLocker when Diffuser is used, that would lead me to believe Diffuser actually weakens
  BitLocker.  Is this correct?
  I guess that as long as BitLocker with AES 256-bit encryption makes the FIPS federal government folks happy, then it's good enough encryption for me!
  Also, you mention crypto-acceleration hardware.  Where would I find this?  I'm guessing this is something found in newer servers, laptops and desktops?  Or maybe even tablets?  Would the new Microsoft Surface come with such capabilities?
  Matt

• Critical BitLocker Drive Encryption system files are not available

  Hi all,
  We are running into some issues when attempting to configure BitLocker Drive Encryption through the BitLocker UI on Windows Server 2008SP2.
  On running the BitLocker configuration screen we are presented with a message stating that
  ‘Your system volume is not configured correctly to allow you to use BitLocker Drive Encryption. 
  Critical BitLocker Drive Encryption system files are not available’
  We believe this issue may have been caused during a recent hardware migration using the DoubleTake Move software as we encountered a similar issue with the Windows Backup utility not seeing any available HDDs.
  Has anyone else encountered a similar issue and aware of any potential fix?

  I think it should be supported on Windows Server 2008 as it is supported on Windows Vista.
  Can you check whether BdeHdCfg.exe is present in System32 folder. If not can you copy the BdeHdCfg.exe installer from higher version of OS and copy it to the system32 folder on Windows Server 2008 and then run the command with the administrative rights. 
  NOTE : Make sure to change the directory to %SystemDrive%\Windows\System32
  Before running the command.
  Regards, "Gaurav Ranjan" =========== NOTE: Mark as Answer and Vote as Helpful if it helps =======

• Critical BitLocker Drive Encryption system files are not available- which was working earlier.

  Hello All,
  The E drive  (external USB drive) of server which was encrypted using bitlocker. earlier it was working perfectly fine. On running the BitLocker configuration screen we are getting with a message stating that ‘Your system
  volume is not configured correctly to allow you to use BitLocker Drive Encryption.  Critical BitLocker Drive Encryption system files are not available’
  now whenever we are clicking on E drive it is showing to format the disk.
  can anyone help me to understand which are the files required or repair for bitlocker?
  Thanks & Regards,
  MAsud Hussain

  Hi Masud,
  Do you have any progress at the moment?
  If there are any related error messages in Event Logs, please post them out for further analyzing.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• BitLocker Drive Encryption, Access Issues

  I encrypted my external hard drive and save the recovery key to a thumb drive. Now I cant access my external drive. I get an error message that says that the key I have entered does not match this drive. Can anyone help?

  Hi harvey,
  You should use password first.
  If you forgot your password for decryption, you could use your recovery key for recovery. If you mean the error message says that the recovery key you entered does not match this drive. Make sure you enter the right key and txt file has not
  been modified before because error shows that you entered the wrong key.
  If the recovery key doesn’t work,  I’m afraid that there is no other way to access it
  Regards
  D. Wu

• Fresh install of Windows 7 after hard drive failure: recovery key used on original drive no longer works?

  I just had my hard drive replaced recently after it starting giving boot warnings about impending failure. The IT department at my uni replaced the drive, loaded their standard Win7 install, and restored all of my documents and files. Booting Mozilla for the first time on that install, I had all of my bookmarks, setting, passwords, etc. already there (FF even gave me the dialog to restore the last session before the drive replacement.)
  But, since their install is awful (tons of bloatware, obnoxious account management and admin privileges, etc.), I decided to go about putting my own copy of 7 on just as I want it. Having learned my lesson with my Sync account last time I did this, I checked to make sure that I still had the recovery key from the original drive/installation (not the IT install.) Now, when I try to use my recovery key, Sync says it's the wrong one, and that "your Recovery Key has been changed with another device." I haven't touched the Key since I first generated it, so what exactly happened? Did Sync auto-generate another key from the IT installation without telling me, and now all my Sync data is completely lost?

  Do you still have the signons.sqlite and key3.db files from the IT setup?
  You can find the sync account password and the sync (recovery) key in the password manager on computers where a sync account with a specific e-mail address has been set up.
  Look for:
  * chrome://weave (Mozilla Services Password)
  * chrome://weave (Mozilla Services Encryption Passphrase)

• Bitlocker no recovery key, no access to computer.

  During some standard automatic updating, bitlocker became active ( I dont know how ).
  When I tried to log-on next time I was asked for the "Windows Bitlocker Drive Encryption Recovery Key", I don't have it.
  Is there a way to access the laptop. I can prove it is mine and have all the required No's for the machine and the windows-7 OS.

  Have a look at similar thread : https://social.technet.microsoft.com/Forums/en-US/594c3109-c800-4b3e-aac9-c93bccc38d4e/how-to-unlock-a-drive-protected-by-bitlocker-without-its-password-and-recovery-key-i-lost-my?forum=w7itprosecurity
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Bitlocker enabled drive, recovery key needed during boot, PCS did not match, event id 24635, source bitlocker-driver

  Hi
  After rebooting one of our test machines, bitlocker wanted the recovery key.
  There were no hardware modifications on that machine.
  Error message in event log:
  Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match
  Event id 24635, source bitlocker-driver
   Each time the machine starts, the recovery key is needed.
  Any idea how to solve that issue and why it happens?
  update:
  Second partition was created manually on that machine. So that's clear that bitlocker reacts...
  But now: how can I confirm those changes so that the recovery key is not needed each time we boot?

  Hi,
  I would like to confirm if BitLocker accepts the recovery key?
  Please update the BIOS to improve the stability for TPM first.
  I also would like to suggest you disable and enable BitLocker again to reset the settings.
  For more information, please refer to the following link:
  http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx
  Regards,
  Arthur Li
  TechNet Subscriber Support
  in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Bitlocker requests recovery key every time

  I have a T440s. The motherboard died and was replaced by Lenovo. I had Bitlocker drive encryption enabled. Now, ever time I reboot, I am required to enter the Bitlocker Recovery Key. I can't figure out how to fix this so I don't have to type it every time!
  I've tried, to no avail:
  1) In BitLocker Manager, I clicked on  "Suspend Protection" and then  "Resume Protection". When I reboot, I get prompted for recovery key again.
  2) In BitLocker Manager, I clicked on  "Suspend Protection", rebooted and wasn't asked for the Recovery Key. But, on subsequent reboots, I am asked for recovery key. I read that Protection is automatically enabled (after Suspend) on next boot.
  3) Ran this commands at elevated command prompt:
  Manage-bde -protectors -delete C: -type TPM
  and I get this error msg:
  Volume C: []
  Key Protectors of Type TPM
  ERROR: No key protectors found.
  I've googled quite a bit and can't figure out what else try, short of decrypting the drive and reencrypting it.
  Thank you!

  I have Win 8.1.  Yeah, I checked via tpm.msc and it looks like TPM is activated:
  Status: "The TPM is ready for use."
  And under TPM Manufacturer Info, it says Manf Name: TPM, Manf Version: 13.12, Specification Version: 1.2. 
  And in the Actions on right pane, "Prepare the TPM" is greyed out. And these actions are available: Turn TPM Off, Change Owner Password, Clear TPM, and Reset TPM Lockout.
  I've been wondering about turning TPM off and on. Would that screw things up?

• Hard Drive Encryption Issue

   
  This is in regard to hard drive encryption issues in my USB Hard drive. I have Windows 7. I was encrypting my USB hard drive and
  was able to enter a password. However, I did not receive any prompt to save the Bitlocker recovery key.  During encryption process, I received an error. The encryption process was unsuccessful. However, now when I plug-in the hard drive, I receive the
  following message on the status bar:
  Application and Device Control rule Block writing to removable media. Unencrypted drive found (No_Encrypted_Found) has blocked edpa.exe trying to access Volume
  {e3901a75-f1ff-11e1-817c-806e6f6e6963 alpha-numeric number appearing here}
  When I try to open the drive, it asks for a password. When I enter the password, I am receiving the following error message:
  Bitlocker Drive Encryption failed to recover from an abruptly terminated conversion. This could be due to either all conversion logs being corrupted or the media
  being write-protected.
  I have read that Bitlocker repair tool can help resolve this issue.
  However, I just have the password that I had set to encrypt the drive and Bitlocker recovery key identification. Can this help to get access to my hard drive data  using the Bitlocker tool.

  Checked this ? 
  http://answers.microsoft.com/en-us/windows/forum/windows_7-security/bitlocker-drive-encryption-failed-to-recover-from/232e812b-4f7a-e011-9b4b-68b599b31bf5
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Bit Locker Recovery key lost

  hi,
  i recently formated my system. i lost my bit locker recovery key.
  how to remove bit locker to the drive.
  i tried these....
  C:\Windows\System32>manage-bde -status J:
  BitLocker Drive Encryption: Configuration Tool version 6.1.7600
  Copyright (C) Microsoft Corporation. All rights reserved.
  Volume J: [Label Unknown]
  [Data Volume]
      Size:                 Unknown GB
      BitLocker Version:    Windows 7
      Conversion Status:    Unknown
      Percentage Encrypted: Unknown%
      Encryption Method:    AES 128 with Diffuser
      Protection Status:    Unknown
      Lock Status:          Locked
      Identification Field: Unknown
      Automatic Unlock:     Disabled
      Key Protectors:
          Numerical Password
          External Key
          External Key
  C:\Windows\System32>manage-bde -protectors j: -get
  BitLocker Drive Encryption: Configuration Tool version 6.1.7600
  Copyright (C) Microsoft Corporation. All rights reserved.
  Volume J: [Label Unknown]
  All Key Protectors
      Numerical Password:
        ID: {CA7EA469-38CE-4E7E-814D-292A06DF8819}
      External Key:
        ID: {D70EAC47-DEBB-480A-BFFC-E74479BDDBC1}
        External Key File Name:
          D70EAC47-DEBB-480A-BFFC-E74479BDDBC1.BEK
      External Key:
        ID: {2BD85A61-C76F-4433-8DE6-48651047AF6C}
        External Key File Name:
          2BD85A61-C76F-4433-8DE6-48651047AF6C.BEK
  C:\Windows\System32>
  how to solve these. help me
   

  Hi，
  If you lost recovery key and are unable to access the disk at this moment, then I'm sorry but I have to say that you're lost.  If the data in that encrypted drive is very important for you, then you might need a data recovery center to help you.
  Yolanda Zhu
  TechNet Community Support

• How to avoid the recovery key

  I deployed MBAM2.5 and have a tricky issue: Recovery Key keep prompt after OS partition encrypted. If I 
  Open Control Panel - BitLocker Drive Encryption
  Click Suspend protection
  Once protection has been suspended, click Resume protection
  Reboot
  the issue resolved. I'm going to deploy Bitlocker to 3000 over computers and can't afford manual work. Anyone have any idea can help me to get ride of this prompt?
  Jason

  Jason, you´re right By suspend -> resume you only create a workaround of your main issue, and not having end resolution of your problem. Normally, after encryption you should not get recovery key promt. The behavior of yours is not normal. I´m not sure,
  if the way of starting encyption is the problem here. But you should enforce MBAM client to initiate encryption process By group policies.
  Usually recovery key promt comes after hardware change, sometimes it can be huge change of OS as well. I couldn´t find the right path to track down changes which causes this. One way is to low TPM profile with selecting only option 11 of all, but it´s bad
  practise.

• Bit locker drive encryption failed due to power failer and hard disk corrupted

  I ran Bitlocker drive ecryption drive D. My pc is windows 7 ultimate, while it was in progress of 1% due to power failer the encryption failed, when power resume the drive didn't showed the file format nor the size but it shows the size in disk management.
  It showed like this in My computer
  I do Have the recovery code password and back of recovery password so I ran the "manage-bde-_unlock D:-rp[my code ]
  and my pc got hang  no other option rather than to press the restart button. 
  then I used commang "repair-bde -force D:I:-rp[my rp] and following info showed but it stucked in 1% about 8 hours, and there was no increase in the pecentage
  I also connected the hardisk to mac but all othe partation showed but didn't showed the encrypted one.
  I had lots of memorable picture and other backups so any one kindly help me to get out of this problem. Thanks for help

  Hi,
  The BitLocker encryption and decryption processes can be interrupted by turning the computer off, and it will resume where it left off the next time Windows starts. This is true even if the power is suddenly unavailable.
  Bitlocker-repair (repair-bde)  tool
  can't repair a drive that failed during the encryption or decryption process.
  In addition, could you please explain a bit for what drive you are trying to deal with? external one?
  When you first restart your PC, have you seen any signs that indicate that the encryption is in process?
  Regarding your scenario, please take a look to see if the following articles could help here:
  Scenario 11: Recovering Data Protected by BitLocker Drive Encryption (Windows 7)
  Besides, when running manage-bde command, did we followed the steps mentioned in the below article?
  Scenario 14: Using a Data Recovery Agent to Recover BitLocker-Protected Drives (Windows 7)
  Best regards
  Michael Shao
  TechNet Community Support

• Bit locker encryption requests key unless I suspend and resume the encryption

  I am rolling out new computers with Windows 7 Enterprise OS on them.  I am installing bit locker encryption on them.  For some reason with this group of computers, and I recently rolled out a different batch of computers without this problem,
  after encrypting, I must suspend and resume bit locker or upon restart of shutdown and start the user is prompted for the bit locker encryption key.

  Hi,
  Could you please tell some more details about the issue? What do you want to achieve here? To enable bitlocker without the prompt of the startup key? If it is , then please take a check if we have  Require
  additional authentication at startup  policy enabled.
  Besides, could you please have a share for how do you enable bitlocker?
  And here is a guide for bitlocker in Windows 7, just for reference:
  BitLocker Drive Encryption Step-by-Step Guide for Windows 7
  BitLocker Drive Encryption in Windows 7: Frequently Asked Questions
  Hope this may help
  Best regards
  Michael Shao
  TechNet Community Support