BitLocker Drive Question

Similar Messages

• Bitlocker enabled drive, recovery key needed during boot, PCS did not match, event id 24635, source bitlocker-driver

  Hi
  After rebooting one of our test machines, bitlocker wanted the recovery key.
  There were no hardware modifications on that machine.
  Error message in event log:
  Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match
  Event id 24635, source bitlocker-driver
   Each time the machine starts, the recovery key is needed.
  Any idea how to solve that issue and why it happens?
  update:
  Second partition was created manually on that machine. So that's clear that bitlocker reacts...
  But now: how can I confirm those changes so that the recovery key is not needed each time we boot?

  Hi,
  I would like to confirm if BitLocker accepts the recovery key?
  Please update the BIOS to improve the stability for TPM first.
  I also would like to suggest you disable and enable BitLocker again to reset the settings.
  For more information, please refer to the following link:
  http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx
  Regards,
  Arthur Li
  TechNet Subscriber Support
  in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Bitlocker - 2 questions (Multiple active keys / Modes of operations

  Hey everyone,
  I'm doing research about the difference between Bitlocker Drive Encryption and McAfee Endpoint Encryption. I've been using wikipedia wiki Comparison_of_disk_encryption_software (sorry can't post a link apparently) as a starting place, but I need
  solid sources instead of believing everyhting on Wikipedia.
  I found most by myself, but 2 things are not clear for me:
  1. Multiple keys: Whether an encrypted volume can have more than one active key. I can't find if that's the case or not, the reference on Wikipedia doesn't seem to work anymore. This doesn't mean multiple factor authentication (i.e. TPM
  + PIN), but can there be 2 PIN's that can decrypt 1 volume.
  2. Modes of operation: On Wikipedia there is a reference to a document that dates back to 2006, is this still the case today or did something changed in Bitlocker? If so, that answers 2 of the modes, but can someone shine some light for
  the last three: CBC with random per sector keys, LRW and XTS.
  Help will be very appreciated.
  Kind regards,
  - Jimmy

  Hi,
  For question one:
  BitLocker supports four different authentication modes, depending on the computer's hardware capabilities and the desired level of security:
  • BitLocker with a TPM
  • BitLocker with a TPM and a PIN
  • BitLocker with a TPM and a USB startup key
  • BitLocker without a TPM (USB startup key required)
  If you mean recovery methods, there are three methods for recovery:
  BitLocker recovery methods
  http://technet.microsoft.com/en-us/library/ee706519(v=ws.10).aspx
  For question two:
  The basic technology still works for BitLocker, but you can get the new features in Windows 8.1:
  What's New in BitLocker for Windows 8 and Windows Server 2012
  http://technet.microsoft.com/en-us/library/hh831412.aspx
  About BitLocker architecture, refer to this article:
  BitLocker Architecture
  http://technet.microsoft.com/en-us/library/cc732774(v=ws.10).aspx#BKMK_SystemDesign
  Regarding the algorithm, BitLocker uses  AES-CBC + diffuser algorithm to encrypt, you can get more information in this document:
  AES-CBC + Elephant diffuser
  http://www.microsoft.com/en-in/download/details.aspx?id=13866
  Alex Zhao
  TechNet Community Support

• BitLocker Drive Label

  We use BitLocker on our laptops which are not connected to AD. We would like to change the Computer Name of the laptops and would like the BitLocker Drive Label to match the new Computer Name. Is there a way to change the Drive Label without decrypting and
  re-encrypting the drive? I don't see any options to change the Drive Label with the Manage-bde command line tool. Thanks.
  Charles

  Hi Ronald,
  Thanks for reply. I read your solution in the blog and I think you might misunderstand what Charles means.
  I think Charles did mean he changed his computer name and wants his drive label in Bitlocker password entry match his new computer name, not just change the Bitlocker driver label.
  As following:
  But still thank you for your input.
  Regards

• BitLocker Drive Encryption Recovery Key

  I have a Dell Optiplex 7010 running Windows 7 Enterprise 64-bit. Intermittently when booting the computer the Windows BitLocker Drive Encryption Recovery Key Entry screen shows up. Most of the time I can power off the computer and then turn it back on and
  it loads Windows without that screen showing up. If powering it off and back on again doesn’t get me past the Windows BitLocker Drive Encryption Recovery Key screen, I will enter the recovery key.
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Any ideas to keep the Windows BitLocker Drive Encryption Recovery Key Entry screen from showing up?

  Hi,
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Did you mean you have re-install the OS? Did you use another clean image rather than capturing the old OS?
  Did you encrypt the OS partition?
  Please use below command to check the status:
  manage-bde -status
  If there is any volume is encrypted, use below command to turn it off:
  manage-bde -off C:
  Karen Hu
  TechNet Community Support

• Bitlocker drive issue

  im trying to open my bitlocker drive the password is correct but after entering the password it is giving me a messege that 
  "bit locker drive encryption failed to recover from an abruptly terminated conversion. This could be due to either all conversion logs being corrupted or the media being write-protected"
  plz help me all my work iv saved in this drive

  Hi
  repair-bde C: Z: -rp 062612-026103-175593-225830-027357-086526-362263-513414
  Use repair-bde alone first
  it should give you some information about bitlocker.
  the full command explaination :
  C: is the drive that your data is on that you want to recover
  z: is the drive you want to copy the recovered data to
  after -rp switch you have to type in your recovery password.
  you can use -rk and specify recoverykey file location after. 
  ex: repair-bde C: Z: -rk F:\RecoveryKey.bek
  Have fun Recovering :P
  Farhad

• Diffuser missing from BitLocker Drive Encryption

  I couldn't help but notice on my Windows Server 2012 Essentials installation that the Diffuser options are gone from BitLocker Drive Encryption. This was a shocker. Since Windows Vista/Server 2008, the following four options have always been available:
  AES 256-bit with Diffuser
  AES 128-bit with Diffuser
  AES 256-bit
  AES 128-bit
  The default was AES 128-bit with Diffuser, but I always opted for the strongest, and changed it to AES 256-bit with Diffuser. I made this change after probing around Google and Bing to see if BitLocker with Diffuser provided stronger encryption than BitLocker
  sans Diffuser.  What I found supported the use of Diffuser as being the strongest, thereby making AES 256-bit with Diffuser the strongest encryption of the four settings.
  So to find Diffuser culled from BitLocker was a shocker, and made me lose a bit of respect for the technology. Why would you WEAKEN the product (BitLocker) by removing the stronger versions of the encryption?  This TechNet article is quite disappointing: http://technet.microsoft.com/en-us/library/hh831713.aspx
  The article simply says, "The Diffuser option is no longer available to be added to the Advanced Encryption Standard (AES) encryption algorithm" under the heading "Removed
  or deprecated functionality." There is ZERO explanation.
  I'm hoping someone can answer this, please. WHY would you take out the stronger versions of encryption in favor of leaving the weaker ones? Wouldn't it be more appropriate
  to deprecate the non-Diffuser variants and require the use of Diffuser?
  BitLocker was, and still is, a great technology, but it was just made quite a bit weaker with the release of Windows 8 and Server 2012.

  Hi Manoj,
  If I understand your answer, are you saying that the BitLocker options with Diffuser are actually WEAKER than those without it?
  It's always been my impression that FIPS aims for the highest possible security standards.  If FIPS-only environments allow BitLocker without Diffuser but disallow BitLocker when Diffuser is used, that would lead me to believe Diffuser actually weakens
  BitLocker.  Is this correct?
  I guess that as long as BitLocker with AES 256-bit encryption makes the FIPS federal government folks happy, then it's good enough encryption for me!
  Also, you mention crypto-acceleration hardware.  Where would I find this?  I'm guessing this is something found in newer servers, laptops and desktops?  Or maybe even tablets?  Would the new Microsoft Surface come with such capabilities?
  Matt

• Critical BitLocker Drive Encryption system files are not available

  Hi all,
  We are running into some issues when attempting to configure BitLocker Drive Encryption through the BitLocker UI on Windows Server 2008SP2.
  On running the BitLocker configuration screen we are presented with a message stating that
  ‘Your system volume is not configured correctly to allow you to use BitLocker Drive Encryption. 
  Critical BitLocker Drive Encryption system files are not available’
  We believe this issue may have been caused during a recent hardware migration using the DoubleTake Move software as we encountered a similar issue with the Windows Backup utility not seeing any available HDDs.
  Has anyone else encountered a similar issue and aware of any potential fix?

  I think it should be supported on Windows Server 2008 as it is supported on Windows Vista.
  Can you check whether BdeHdCfg.exe is present in System32 folder. If not can you copy the BdeHdCfg.exe installer from higher version of OS and copy it to the system32 folder on Windows Server 2008 and then run the command with the administrative rights. 
  NOTE : Make sure to change the directory to %SystemDrive%\Windows\System32
  Before running the command.
  Regards, "Gaurav Ranjan" =========== NOTE: Mark as Answer and Vote as Helpful if it helps =======

• Critical BitLocker Drive Encryption system files are not available- which was working earlier.

  Hello All,
  The E drive  (external USB drive) of server which was encrypted using bitlocker. earlier it was working perfectly fine. On running the BitLocker configuration screen we are getting with a message stating that ‘Your system
  volume is not configured correctly to allow you to use BitLocker Drive Encryption.  Critical BitLocker Drive Encryption system files are not available’
  now whenever we are clicking on E drive it is showing to format the disk.
  can anyone help me to understand which are the files required or repair for bitlocker?
  Thanks & Regards,
  MAsud Hussain

  Hi Masud,
  Do you have any progress at the moment?
  If there are any related error messages in Event Logs, please post them out for further analyzing.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• I can not access my hard disk protected by Bitlocker drive despite the right recovery key

  I had locked my 1 TB harddisk 1 year back with BitLocker Drive. I have been using its recovery key to unlock it since then. But since 3 days back, it has been displaying the message " Error recovering disk. The recovery key entered is not correct, try
  it again." And I am not able access my important documents despite of having the right key.
  Please help me. Thanks alot in advance.

  One of the greatest feature of MBAM is single-sign of Recovery Key which means if a recovery key is used once, it will be automatically re-generated. So, first match the 8 digit starting of Recovery ID with its associated recovery key.
  Or re-request for the Recovery Key to your MBAM Administrator by providing him the starting 8 digit recovery ID. You can also get the recovery key again using the MBAM self-Service Portal.
  Gaurav Ranjan

• No additional properties & driver question

  Hello
  Just got done building a new computer and put the  MSI NX6800GT TD256 card in and had some driver questions.
  I used the drivers that came on the CD for now and everything is working fine, but when I go into the advanced settings and click on the 6800 tab theres no where too adjust direct3d and opengl settings. Supposedly theres and additonal properties tab.......
  And are you guys using the drivers from MSI or are you using the Forceware drivers from Nvidia....
  Thanks for the help!!

  Try using the Catalyst 4.12 final drivers! They really boosted my scores!  Get the driver here:
  http://www2.ati.com/drivers/wxp-w2k-catalyst-8-082-041130a-019577c.exe
  Goodluck  

• K8T Master 2 FAR; Hard Drive Questions About

  Greetings!
  I just got off the Google bus and stubbed my toe on your doorstep.  What luck!
  I have many questions, and it's getting harder to find answers for a mainboard that's not being sold "new" anymore.  I did see some other topics that go along lines similar to my own, but I figured it would be a good idea to open a new thread with my specific questions.
  I have decided to split my questions into three parts.  This is part one, "hard drive" questions.
  HARD DRIVE RELATED:
  Western Digital recently announced a new high-capacity SATA Raptor drive, with 150 GB of storage: 
  1)  Can I mount two of them into my K8T Master 2 FAR system and "hardware stripe" them for Windows/XP?
  ....1A)  If yes, is there a minimum recommended BIOS that I should be running?
  ....1B)  If no, then would it be feasibile to "software stripe" them in Windows/XP Pro?
  If I decide to proceed, I will be well-prepared to accept the risk of data loss that would occur if one drive were to crash.
  I currently run my system with a removable SATA drive caddy for my system drive.  This makes it easy to swap OS's by swapping hard drives without opening my CPU case.  If I go with a dual-striped SATA drive arrangement and two Raptors, then I'll replace that removable caddy with a unit that can accomodate two SATA drives. 
  ....1C)  Once in a blue moon, I get a BSOD after having swapped SATA drives.  It happens when I first boot Windows/XP after having run Linux.  Hot-swappable claims notwithstanding, I always swap drives while the system is powered down, although I don't typically shut off the hardware switch at the power power supply.  Are there any known issues or reports of other people having similar occurrences? 
  I also run some IDE devices for data and archival purposes.  My system is typically set up as follows:
  CH 0/0 - Data drive
  CH 0/1 - DVD burner
  CH 1/0 - Data drive
  CH 1/1 - Data drive
  Recently, my system stopped "seeing" any hard drives on CH 1 drive 1.  Known good drives won't show up in the BIOS, and auto-detect doesn't "see" a drive in that position.  I have tried more than one drive, and the problem stays on that channel and position.  I swapped cables with a known good cable, and the problem stays on that channel and position.  For the time being, I have disconnected one of the data drives...but I'd really like to resolve this issue if possible.
  ....1D)  Are there any known problems or issues with "disappearing IDE devices" in the K8T Master 2 FAR?
  Thanks in advance!

  Can't say, this is the first time I hear about SATA caddies....
  Maybe a bad contact or so?
  Sata is pretty sensitive to connection problems, or even folded cables for that matter...

• Z68A-GD65 (G3) build in progress, have a driver question

  First, everything works so far. Have installed most drivers, all windows updates.
  Have some misc driver questions not covered in MSI docs or driver WWW page.
  Question: MSI's list of updated drivers for this MB includes the following.
  Note that the title doesn't list Z68 (typo, or ?), so should I install this driver?
    Title: Intel Management Engine Driver for P67/H67
    Description: System & Chipset Drivers
    Ver: 7.0.10.1203
    Date: 2011-03-11
    http://us.msi.com/product/mb/Z68A-GD65--G3-.html#/?div=Driver&os=All
  Also, I did not install the following driver:
     Intel Rapid Storage Technology Floppy Driver (F6)
  Reason: no floppy in system (whats a floppy? )
  Should I install this for some other reason?
  Thanks for a great forum.

  Strictly speaking all the needed drivers should be on your DVD. You can always update them with the drivers on the MSI site if they are later ones and you have issues, otherwise the drivers that shipped with the board should be fine.
  Here is a bit of history on floppy drives http://en.wikipedia.org/wiki/Floppy_disk
  Yes, some people still use them.
  Quote
  Floppy disks are used for emergency boots in aging systems lacking support for other bootable media, and for BIOS updates since most BIOS and firmware programs can still be executed from bootable floppy disks. If BIOS updates fail or become corrupt, floppy drives can be used to perform a recovery

• Bitlocker drive recovery and formatted

  Hello Dears. I had encrypted my drive by Bitlocker in windows 7. 
  few days after my friend did quick format in my encrypted drive.
  i remember unlock password & recover password
  how can i recover my data??????
  someone help me please.

  Hello., I
  tried all recovery
  programs but were unable
  to retrieve something.
  Because Bitlocker information
  is encoded
  And as stated before:
  Your only possible solution is a commercial or third party disk recovery program or service.
  There is nothing in Windows to recover data from a formatted hard drive.
  If you comprehend English, then you can comprehend the solution given above and that from Vladimir Bundalo!
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Bitlocker - Drive not detected, asks to format.

  Greetings.
  Situation:
  Laptop with encyrpted drive (bitlocker) fails (unable to boot). Data recovery is required. Hard Drive is removed and connected to a system running Windows 7 Enterprise. Instead of drive being detected as encrypted, a Window requesting to format the drive
  is displayed. Both computers are on the same domain.
  Question:
  Why are we not being prompted to enter the bitlocker recovery key? Could Group Policy be an issue? Do we need to setup recovery agents?
  We have tried this with a number of working encrypted drives with the same results.

  No, there is no tool to decrypt the drive. You need to put the password or use the recovery key that;s created during encryption.
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.