Bitlocker no recovery key, no access to computer.

Similar Messages

• Bitlocker requests recovery key every time

  I have a T440s. The motherboard died and was replaced by Lenovo. I had Bitlocker drive encryption enabled. Now, ever time I reboot, I am required to enter the Bitlocker Recovery Key. I can't figure out how to fix this so I don't have to type it every time!
  I've tried, to no avail:
  1) In BitLocker Manager, I clicked on  "Suspend Protection" and then  "Resume Protection". When I reboot, I get prompted for recovery key again.
  2) In BitLocker Manager, I clicked on  "Suspend Protection", rebooted and wasn't asked for the Recovery Key. But, on subsequent reboots, I am asked for recovery key. I read that Protection is automatically enabled (after Suspend) on next boot.
  3) Ran this commands at elevated command prompt:
  Manage-bde -protectors -delete C: -type TPM
  and I get this error msg:
  Volume C: []
  Key Protectors of Type TPM
  ERROR: No key protectors found.
  I've googled quite a bit and can't figure out what else try, short of decrypting the drive and reencrypting it.
  Thank you!

  I have Win 8.1.  Yeah, I checked via tpm.msc and it looks like TPM is activated:
  Status: "The TPM is ready for use."
  And under TPM Manufacturer Info, it says Manf Name: TPM, Manf Version: 13.12, Specification Version: 1.2. 
  And in the Actions on right pane, "Prepare the TPM" is greyed out. And these actions are available: Turn TPM Off, Change Owner Password, Clear TPM, and Reset TPM Lockout.
  I've been wondering about turning TPM off and on. Would that screw things up?

• HT6170 lost password id apple and lost recovery key

  I lost password id apple and lost recovery key,how to reset my password

  Do you have another trusted device for two-step verification?
  See:  Frequently asked questions about two-step verification for Apple ID   
  http://support.apple.com/kb/HT5570
  What if I lose my Recovery Key?
  If you lose your Recovery Key, you can replace it any time:
  Go to My Apple ID.
  Select Manage your Apple ID and sign in with your password and trusted device.
  Select Password and Security.
  Under Recovery Key, select Replace Lost Key.
  When you create a new key, your old Recovery Key is no longer usable.
  and
  What if I forget my Apple ID password?
  You can reset it at My Apple ID using your Recovery Key and one of your trusted devices.
  Apple Support can't reset your password for you. To reset your password, you must have your Recovery Key and access to at least one of your trusted devices.
  if you have neither your AppleID password, nor your Recovery Key, nor a trusted device, not even Apple can help you to get access to your account.

• I can not access my hard disk protected by Bitlocker drive despite the right recovery key

  I had locked my 1 TB harddisk 1 year back with BitLocker Drive. I have been using its recovery key to unlock it since then. But since 3 days back, it has been displaying the message " Error recovering disk. The recovery key entered is not correct, try
  it again." And I am not able access my important documents despite of having the right key.
  Please help me. Thanks alot in advance.

  One of the greatest feature of MBAM is single-sign of Recovery Key which means if a recovery key is used once, it will be automatically re-generated. So, first match the 8 digit starting of Recovery ID with its associated recovery key.
  Or re-request for the Recovery Key to your MBAM Administrator by providing him the starting 8 digit recovery ID. You can also get the recovery key again using the MBAM self-Service Portal.
  Gaurav Ranjan

• Bitlocker fails to store recovery key in AD

  I am deploying Windows 8.1 with Bitlocker with TPM and PIN and recovery keys stored in AD.
  This works fine for most deployments but rarely Manage-bde fails to store the Recovery key into AD. This only happened three times over about 200 deployments.
  I have checked the ZTIBDE.WSF script and I have noticed that the command is launched but there is no check on its return code. I am not even sure if Manage-bde actually returns any. Therefore for the failed deployments I don't know why the recovery key wasn't
  stored and also I din't get any report that it actually failed. The only reason we realised that is because one user had problems in getting the PIN to work and required the Recovery Key. To our surprises this was not in AD! This is then when we checked
  all AD objects and found only three didn't have it. Looking at the deployment logs there are no errors for these.
  Luckily the user then successfully managed to enter the PIN and could boot up his laptop (and, by the way, we could get his recovery key from C:\). 
  Questions:
  1) Has anybody else experienced this?
  2) Does Manage-BDE return anything at all? It seems strange to me that ZTIBDE.WSF doesn't check for its return code as the script checks for errors in a million places.
  3) Is there any easy way I can check whether the AD info is actually stored? I was thinking to write some code to query AD for that computer and see if the BL info actually are there. Maybe Manage-BDE can provide that?
  Many thanks.

  Hi,
  This link has all the information you need. And more importantly which policies to create.
  I have managed to do this implementation myself, and can only state that it works like a charm.
  See a copy/paste of the bit-locker section I have configured in the customsettings.ini when doing deployments with MDT:
  [HP Elitepad 900]
  SkipTaskSequence=YES
  TaskSequenceID=OSD001
  ; Bitlocker Configuration
  BDEInstallSuppress=NO
  BDeWaitForEncryption=False
  BDEDriveLetter=S:
  BDEDriveSize=2000
  BDEInstall=TPM
  ; OSDBitLockerCreateRecoveryPassword=AD
  BDERecoveryKey=AD
  BDEKeyLocation=C:\Windows\BDEKey
  Hope this helps!
  If this post is helpful please click "Mark for answer", thanks! Kind regards

• BitLocker Drive Encryption Recovery Key

  I have a Dell Optiplex 7010 running Windows 7 Enterprise 64-bit. Intermittently when booting the computer the Windows BitLocker Drive Encryption Recovery Key Entry screen shows up. Most of the time I can power off the computer and then turn it back on and
  it loads Windows without that screen showing up. If powering it off and back on again doesn’t get me past the Windows BitLocker Drive Encryption Recovery Key screen, I will enter the recovery key.
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Any ideas to keep the Windows BitLocker Drive Encryption Recovery Key Entry screen from showing up?

  Hi,
  I have already reimaged the computer, replaced the hard drive, cleared Bitlocker Cache in the BIOS and have updated the BIOS to the latest version.
  Did you mean you have re-install the OS? Did you use another clean image rather than capturing the old OS?
  Did you encrypt the OS partition?
  Please use below command to check the status:
  manage-bde -status
  If there is any volume is encrypted, use below command to turn it off:
  manage-bde -off C:
  Karen Hu
  TechNet Community Support

• Had to crash my computer. Lost my recovery key. Have my iphone paired with previous install. is there any way to get the data back?

  In order to upgrade my computer from Windows xp to Windows 7, I lost access to firefox without thinking to generate a recovery key. Is there any way to get my data back?

  If the only thing you have paired to the account is an iPhone the answer is that unfortunately no. The iPhone client (Firefox Home) is just a "consumer" of the Sync data and can't do much.
  My best advice is to keep the iPhone synced to have access to bookmarks and manually transfer them to your new profile.
  Sorry to be the carrier of the bad news.

• Bitlocker enabled drive, recovery key needed during boot, PCS did not match, event id 24635, source bitlocker-driver

  Hi
  After rebooting one of our test machines, bitlocker wanted the recovery key.
  There were no hardware modifications on that machine.
  Error message in event log:
  Bootmgr failed to obtain the bitlocker volume master key from the TPM because the PCRs did not match
  Event id 24635, source bitlocker-driver
   Each time the machine starts, the recovery key is needed.
  Any idea how to solve that issue and why it happens?
  update:
  Second partition was created manually on that machine. So that's clear that bitlocker reacts...
  But now: how can I confirm those changes so that the recovery key is not needed each time we boot?

  Hi,
  I would like to confirm if BitLocker accepts the recovery key?
  Please update the BIOS to improve the stability for TPM first.
  I also would like to suggest you disable and enable BitLocker again to reset the settings.
  For more information, please refer to the following link:
  http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx
  Regards,
  Arthur Li
  TechNet Subscriber Support
  in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• MBAM bitlocker-protected removable drives recovery keys saved on sql database not active directory

  Hi Guys
  I need help in saving bitlocker protected removable drives on the sql database instead of active directory .
  I have tried to play around with the policy and I am not winning , currently my GPO : Choose how bitlocker-protected removable drives can be recovered has only the allow data recovery agent chosen and I have left out all the AD DS option unticked
  Please point me in the right direction on how to achieve this , I want all my keys in a SQL database so the users can recover the keys themselves using the mbam helpdesk website

  Under client management, define your endpoint URLs. You can see the help and the description section for that particular policy. Copy and paste the URL removing the port number and replace the name of the Server with that of your MBAM Web server.
  Also, Disable or don't configure the policy "Choose how bitlocker protected removable Drives can
  be recovered".
  This will save your recovery keys to the MBAM DBs.
  Gaurav Ranjan

• My computer crashed and I lost everything. It was the only computer with Sync on it and I cannot get my recovery key: how can I get all my bookmarks from that Sync account?

  My computer crashed and I lost everything. It was the only computer with Sync on it and I cannot get my recovery key: how can I get all my bookmarks from that Sync account? I have a ton of bookmarks/saved password and the only way to get on sync is create a new recovery key and lose all of my information.
  Is there any way to get my stuff back without creating a new recovery key and losing all my old stuff?

  It has always been very basic to always maintain a  backup copy of your computer for just such an occasion.
  Use your backup copy to put everything back.

• Why "Wrong Recovery Key" When Generated By Firefox When Trying To Sync "Without A Device" After Original Computer Crash

  My computer crashed and for reasons unknown to me, Mozy didn't back up my Mozilla Firefox files, which I realize are hidden but are no where to be found on Mozy's backup. All I have is my iphone that does have Firefox on it and a new computer. However, the iphone will not sync with the new computer in "discovery mode". And, when I try to perform a sync on the new computer, with a new download of Firefox, clicking "without a device", it generates a recovery key which it in turn rejects as invalid - over and over. Please advise. Also, will an iphone sync with a computer and/or generate a recovery key? My iphone Firefox app doesn't seem to have the capability - anywhere to be found - to generate such a key. Is there any way to copy the bookmarks from the phone to the computer? Lastly, still another mystery, my Firefox account has an old email address, that I need to change, but I have no earthly idea of how to do that either.

  Thanks for trying to help, but I have an iphone and not an Android. When in blue tooth mode and now discoverable, it won't discover. Other than discover, to my knowledge, there is no sync button on the iphone app.

• Sync isn't pulling any data from my old computer. I don't have that computer anymore or the recovery key. Please help

  I created a sync account on my old laptop 3 weeks ago. I got a new laptop this week and I'm trying to get all of my old bookmarks and passwords. I am trying to sync the new laptop, but it isn't pulling in anything from the old account. I don't have a recovery key. Is there anything I can do?
  Thanks!

  Not without the Sync (recovery) key that was used to set up that account.
  The sync key is used locally to encrypt the data before uploading and without this key the data can be considered as lost.
  *https://support.mozilla.org/kb/ive-lost-my-firefox-sync-account-information
  *https://support.mozilla.org/kb/firefox-sync-troubleshooting-and-tips

• Using Bitlocker Data Recovery Agent (DRA) on Surface Pro 3

  We currently have the Data Recovery Agent (DRA) configured in our Bitlocker Policy for our Windows 7 Systems, and it works fine. In situations where the Recovery Key for the computer object was not backed up to AD correctly for whatever reason or the computer
  object was deleted, our HelpDesk can connect the encrypted drive to another system, and then use the certificate for the DRA to unlock the drive.
  I'm wondering if the BitLocker DRA Certificate unlock method will work for Surface Pro 3 devices, in the case that that their computer object and normal BitLocker recovery key is deleted or missing in AD for whatever reason. Seeing as how our helpdesk can't
  easily remove the internal HD from a Surface Pro 3 (I think only MS can do this?), I'm wondering if this BitLocker recovery option is still an option for Surface Pro 3's and if it is not then if there is another recommended option for Surface Pro 3's and/or
  other Windows 8.1 Tablets used in an enterprise environment.

  noctlos wrote:
  Using linux-3.18 and -3.19 kernels, with wayland/weston v. 1.7. In its own tty, i try to run weston, and I get the following stderr:
  Could anyone help me to figure this out? Thanks.
  Seems that the problem lies in libinput. Maybe you can report that upstream. I suggest you recompile libinput with debug info and do not strip the binaries to obtain better backtraces.
  Edit:
  I have also tried running `swc-launch -- velox`, and get the following error:
  Running on /dev/tty2
  velox: error while loading shared libraries: libinput.so.5: cannot open shared object file: No such file or directory
  Server exited with status 127
  Restoring VT to original state
  So, perhaps I am having some libinput trouble. Does this seem correct?
  Well, that's a different problem. libinput has several soname bumps because of API and ABI incompatibility. You have to rebuild swc against the newest libinput. (Although I'm not sure if swc developer updated the code to new API)
  Edit 2:
  Just to tack this on here for `gnome-session --session=gnome-wayland --debug`
  I'm not expert on this, it may be related to libinput problem. If you don't include GDK_BACKEND=wayland environment variable when launching gnome-wayland.
  Last edited by jdbrown (2015-03-01 08:04:39)

• Bit Locker Recovery key lost

  hi,
  i recently formated my system. i lost my bit locker recovery key.
  how to remove bit locker to the drive.
  i tried these....
  C:\Windows\System32>manage-bde -status J:
  BitLocker Drive Encryption: Configuration Tool version 6.1.7600
  Copyright (C) Microsoft Corporation. All rights reserved.
  Volume J: [Label Unknown]
  [Data Volume]
      Size:                 Unknown GB
      BitLocker Version:    Windows 7
      Conversion Status:    Unknown
      Percentage Encrypted: Unknown%
      Encryption Method:    AES 128 with Diffuser
      Protection Status:    Unknown
      Lock Status:          Locked
      Identification Field: Unknown
      Automatic Unlock:     Disabled
      Key Protectors:
          Numerical Password
          External Key
          External Key
  C:\Windows\System32>manage-bde -protectors j: -get
  BitLocker Drive Encryption: Configuration Tool version 6.1.7600
  Copyright (C) Microsoft Corporation. All rights reserved.
  Volume J: [Label Unknown]
  All Key Protectors
      Numerical Password:
        ID: {CA7EA469-38CE-4E7E-814D-292A06DF8819}
      External Key:
        ID: {D70EAC47-DEBB-480A-BFFC-E74479BDDBC1}
        External Key File Name:
          D70EAC47-DEBB-480A-BFFC-E74479BDDBC1.BEK
      External Key:
        ID: {2BD85A61-C76F-4433-8DE6-48651047AF6C}
        External Key File Name:
          2BD85A61-C76F-4433-8DE6-48651047AF6C.BEK
  C:\Windows\System32>
  how to solve these. help me
   

  Hi，
  If you lost recovery key and are unable to access the disk at this moment, then I'm sorry but I have to say that you're lost.  If the data in that encrypted drive is very important for you, then you might need a data recovery center to help you.
  Yolanda Zhu
  TechNet Community Support

• AD contains system Recovery Key, but not showing in MBAM.

  I am in an environment with MBAM 1.0 installed. I built the MDT 2013 system here and am currently trying to figure out why the bitlocker keys are showing up in AD but not MBAM.
  In MDT, I have disabled the "enable bitlocker" options so there shouldn't be a case where that the TPM ownership is wrong (I think). I do however set the
  bios password with CCTK, then apply the default bios configuration with an ini via cctk. The bios sets and activates tpm just before the hard disk is formatted by LTI.
  q1. Could setting the TPM without restarting cause the TPM ownership to be set to the PE in some weird way.
  q1.1. would I clear the tpm if this is the issue?
  So MBAM client is installed on the reference image and captured by MDT. The WIM is then deployed to a system using a standard TS with the bitlocker disabled like
  I mentioned above. I do not make any changes to reg for mbam in the reference image. For testing, I tried adding the mbam recovery key location url to the reference image reg. I still need to test that but a few other tests I did makes me believe this
  is not the case.
  MDT binds the system to a default OU in the domain. After the system is configured, I start Bitlocker. (Sometimes I start bitlocker when the system is in the default
  OU, sometimes I start it after I move them into the right ou for the role). I am almost positive the default OU has the mbam settings (I do not have access to this gpo), since the manage-bde -status comes back AES 128 with diffuser (as compared to regular
  aes 128).
  After bitlocker finishes, the key is found in AD but not mbam.
  I think the major questions I have are:
  How can I force MBAM to take ownership of the TPM after the os is bitlockered? (about 100/700 machines are not reporting to mbam but are to bitlocker because of this new deployment system)
  If I turn TPM on and activate while I was in the PE, would that mean the PE has the TPM ownership? (or bitlocker in this case, since mbam is not installed on the PE)
  - Could I install MBAM on the PE and use that to manage the tpm? (MDT 2013) (I have seen some documents that cover this but it largely comes from wanting a pre-provisioned bitlocker.)
  ** I think the most manual way of correcting the issue I am having, is to either clear the tpm and rebitlocker, or
  .. when a system is about to image, turn tpm on but leave it deactivated. (If I leave the tpm deactivated, every system will need to be manually rebooted and f10 will need to be pressed to continue the bitlocker process. this includeds
  a user login too)

  Keep the MBAM out of the .wim! Install it in task sequence.
  MBAM Client has its own log files in event viewer, there you perhaps find the reason why recovery key is not stored in DP. But fix your image first, keep it thin.