Bitlocker recovery
I have a 64 GB USB drive Bitlocker encrypted USB drive. My PC using MS 7. I received data errors from the drive saying that is was blank, but was able to recover the Bitlocker files using a backup/recovery tool - IsoBuster.
I formatted the drive and replaced all the Bitlocker files back onto the drive. Viewing the drive from my PC the icon shows the drive is locked, but Bitlocker says that the Bitlocker is turned off. I still have the recovery keys and password, but
Bitlocker says the drive is not locked. So are there any suggestions about how I unlock the files.
Hi,
Depending on the data security, after you formatted the USB drive with Bitlocker turned on, we cannot recovery the date on Windows side with recovery key.
If the data is really important, you have to contact the data recovery center or company to help you.
Kate Li
TechNet Community Support
Similar Messages
-
I need help with Bitlocker recovery
Hi thanks for taking the time to read this. My laptop was running very rough so I put all my information onto my external hard drive. I wasn't thinking that my external would be locked if I re-downloaded windows 7 ultimate on my computer but guess what
it's locked now. My first question is does the full bit-locker recovery key identification help me at all? My second question is either know I re-downloaded windows 7 on my computer is the info I'm looking for still obtainable? I really need this info but
I'm afraid it might be lost. I feel stupid lol.I don't have access to the Bitlocker recovery tool on my version of Windows, but when I was supporting a bitlocker environment, you could install a bitlocker recovery tool on Vista. There was an update you had to download and install, then add the
Windows feature for Bitlocker Recovery Tool. You would enter the first 8 alphanumeric characters of the recovery key and it would provide the 48 character numeric recovery password.
I have a Windows Server 2012 R2 vm that does not appear to have that feature.
Maybe try this link:
http://www.sevenforums.com/tutorials/210071-bitlocker-drive-encryption-unlock-locked-data-removable-drive.html
There are also a lot of references to Bitlocker Repair, which would probably work as well even though the drive isn't damaged, but you would need another drive on which to decrypt the data. But the link above should work for you. -
Surface Pro 3 boots to BitLocker Recovery everytime
No matter what, Surface Pro 3 boots to the BitLocker Recovery screen every time. I've tried to do a clean Windows 8.1 installation and it still goes to the BitLocker Recovery screen.
If I press Esc, it goes to this screen:
Any suggestion is much appreciated.Hi Charlie,
Here is a link for reference of getting into the scenarios ,the hyperlink in it may be more comprehensive :
Issues Resulting in Bitlocker Recovery Mode and Their Resolution
http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx
“I've tried to do a clean Windows 8.1 installation and it still goes to the BitLocker Recovery screen.”
Do you mean the recovery screen will occur even after we have made a clean installation ? How did you made a clean installation ?Have the drive been formatted ?
Usually the bitlocker is used to protect the data in the drive ,it should be usable after we formatted it by doing a clean installation. After all it is meaningless after we have formatted the drive .According to the link
Please check your symptom according to the link ,it is recommended to unplug all the external device when you performed a clean installation .
Best regards -
Delegate access for Bitlocker recovery on an OU only?
Can someone give me the steps to delegate access to an AD group for Bitlocker recovery passwords on an OU only?
I have read the articles that have the vb script and talk about using ldp.exe,
http://technet.microsoft.com/en-us/library/cc771778(v=ws.10).aspx#BKMK_TestingRecovery
http://blogs.technet.com/b/craigf/archive/2011/01/26/delegating-access-in-ad-to-bitlocker-recovery-information.aspx
but I don't know how to do this specifically on an OU, and I need the steps to connect, bind, etc with ldp.exe as I never use this tool.
I tried the following but it doesn't work (bummer, because it's nice and simple)
http://blog.nextxpert.com/2011/01/11/how-to-delegate-access-to-bitlocker-recovery-information-in-active-directory/
Please give me instructions step-by-step to give a group bitlocker recovery password info on the tab in ADUC for a specific OU only (AD 2008 R2) - thanks!Hi Sara,
I searched for delegating Bitlocker permission and found the same article as you provided.
In the first article you mentioned, it provided steps to delegate permission to a user group:
Appendix A: Delegating Permission
http://technet.microsoft.com/en-us/library/cc771778(WS.10).aspx#BKMK_AppendixA
The steps are:
1. Create a new user group.
2. Add members to the group (for example, add Helpdesk staff members).
3. Assign control access and read property permissions to the group.
And in your second article, the author replied about applying delegation to an OU in commons:
There are only 2 reasons to create an OU:
1) Apply different GPOs
2) Apply different delegation.
And all we're doing here is delegating. So in LDP, instead of opening the ACL of the domain (as we're doing in the example above), you'd open the ACL on the relevant OUs and add different groups per OU. And the "control access flag" isn't a special function
of the domain object, you can apply it to OUs also.
Delegating access in AD to BitLocker recovery information
http://blogs.technet.com/b/craigf/archive/2011/01/26/delegating-access-in-ad-to-bitlocker-recovery-information.aspx
If you have any feedback on our support, please send to [email protected] -
Using Bitlocker Data Recovery Agent (DRA) on Surface Pro 3
We currently have the Data Recovery Agent (DRA) configured in our Bitlocker Policy for our Windows 7 Systems, and it works fine. In situations where the Recovery Key for the computer object was not backed up to AD correctly for whatever reason or the computer
object was deleted, our HelpDesk can connect the encrypted drive to another system, and then use the certificate for the DRA to unlock the drive.
I'm wondering if the BitLocker DRA Certificate unlock method will work for Surface Pro 3 devices, in the case that that their computer object and normal BitLocker recovery key is deleted or missing in AD for whatever reason. Seeing as how our helpdesk can't
easily remove the internal HD from a Surface Pro 3 (I think only MS can do this?), I'm wondering if this BitLocker recovery option is still an option for Surface Pro 3's and if it is not then if there is another recommended option for Surface Pro 3's and/or
other Windows 8.1 Tablets used in an enterprise environment.noctlos wrote:
Using linux-3.18 and -3.19 kernels, with wayland/weston v. 1.7. In its own tty, i try to run weston, and I get the following stderr:
Could anyone help me to figure this out? Thanks.
Seems that the problem lies in libinput. Maybe you can report that upstream. I suggest you recompile libinput with debug info and do not strip the binaries to obtain better backtraces.
Edit:
I have also tried running `swc-launch -- velox`, and get the following error:
Running on /dev/tty2
velox: error while loading shared libraries: libinput.so.5: cannot open shared object file: No such file or directory
Server exited with status 127
Restoring VT to original state
So, perhaps I am having some libinput trouble. Does this seem correct?
Well, that's a different problem. libinput has several soname bumps because of API and ABI incompatibility. You have to rebuild swc against the newest libinput. (Although I'm not sure if swc developer updated the code to new API)
Edit 2:
Just to tack this on here for `gnome-session --session=gnome-wayland --debug`
I'm not expert on this, it may be related to libinput problem. If you don't include GDK_BACKEND=wayland environment variable when launching gnome-wayland.
Last edited by jdbrown (2015-03-01 08:04:39) -
Bitlocker requests recovery key every time
I have a T440s. The motherboard died and was replaced by Lenovo. I had Bitlocker drive encryption enabled. Now, ever time I reboot, I am required to enter the Bitlocker Recovery Key. I can't figure out how to fix this so I don't have to type it every time!
I've tried, to no avail:
1) In BitLocker Manager, I clicked on "Suspend Protection" and then "Resume Protection". When I reboot, I get prompted for recovery key again.
2) In BitLocker Manager, I clicked on "Suspend Protection", rebooted and wasn't asked for the Recovery Key. But, on subsequent reboots, I am asked for recovery key. I read that Protection is automatically enabled (after Suspend) on next boot.
3) Ran this commands at elevated command prompt:
Manage-bde -protectors -delete C: -type TPM
and I get this error msg:
Volume C: []
Key Protectors of Type TPM
ERROR: No key protectors found.
I've googled quite a bit and can't figure out what else try, short of decrypting the drive and reencrypting it.
Thank you!I have Win 8.1. Yeah, I checked via tpm.msc and it looks like TPM is activated:
Status: "The TPM is ready for use."
And under TPM Manufacturer Info, it says Manf Name: TPM, Manf Version: 13.12, Specification Version: 1.2.
And in the Actions on right pane, "Prepare the TPM" is greyed out. And these actions are available: Turn TPM Off, Change Owner Password, Clear TPM, and Reset TPM Lockout.
I've been wondering about turning TPM off and on. Would that screw things up? -
BitLocker requests Recovery Password at every boot.
Hi all,
For some reason after running a command to test Bitlocker recovery I need to enter the Recovery password everytime I start the computer.
I am successfully backing up the Bitlocker recovery password and TPM key to Active Directory so I am able to sucessfully enter any passwords required.
I have tried Clearing the TPM, Resetting the TPM and changing the owner password but nothing seems to stop me needing to enter the Bitlocker Recovery password everything I restart the computer.
Im at a loss!!
Any ideas?
SpooterHi,
Thanks for the post!
What command did you run result in this problem?
I recommend you try to unlock the BitLocker and re-lock it. Refer to
How do I use the Unlock options in Bitlocker Drive Encryption.
Hope it helps!
Regards,
Miya Yao
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer
your question. This can be beneficial to other community members reading the thread. -
Bitlocker on Windows 7 - External drive recovery with unlock password
Hi,
I am in the unfortunate situation where I have a 3tb external hard drive that I have 2 partitions on. The smaller, 250gb partition was encrypted using bitlocker for work purposes. Now that I have left my previous job, I wanted to decrypt the drive and use
it normally.
While trying to decrypt, the laptop ran out of battery, and the process was interrupted. In the morning when I tried to unlock the drive, I keep getting the message "Bitlocker Drive Encryption failed to recover from an abruptly terminated conversion"
Unfortunately, I do not any of the recovery keys (which were in the old work laptop). However, I have the password that I normally use to unlock the drive.
My question is: Is there any way I can use the bitlocker recovery tool to salvage my data using the normal unlock password?
Second, on the off chance that I can, do I need to output the data to an entirely new drive? If I use the option to output to an image file, will that still overwrite all the contents of the output drive?
Any help would be much appreciated. Please let me know if there is any more information I can provide. Thank you!Hi,
Have you tried using manage-bde command to decrypt this partition?
manage-bde -unlock Volume -pw *********
Andy Altmann
TechNet Community Support -
Hi,
Can anyone help me on this, I am using Win 8.1 Ent edition and Hard-disk has been encrypted from control panel, now I changed my Laptop motherboard and prompting me the recovery key on booting :(, when I log into my Microsoft account error will throws
stating "You don't have any BitLocker recovery
keys in your Microsoft account." I have some important data in my drive and seeking your help to get the recovery ID
Thanks,
JimuHi,
You can refer to the detailed steps to troubleshoot this issue, as
Ronald Schilf mentioned already, if you don't have a recovery key, then I', afraid that you’ll need to restore the PC to factory default settings, do a reinstallation.
BitLocker recovery keys: Frequently asked questions
http://windows.microsoft.com/en-HK/windows-8/bitlocker-recovery-keys-faq
Regards
Yolanda Zhu
TechNet Community Support -
Problems with Comodo Kill Switch, Windows Services & Bitlocker Encryption on Asus N56VZ
Hi All,
So recently I found myself stuck in a different scenario than before, and after many hours researching and efforts to fix this I still find myself stuck yet with a few options still to fix.
What is the problem?
So as a security cautious user when i first got to Windows 8.1 Pro 64Bit I encrypted both the C and D drive (Split the main disk) to protect myself and my family. Unfortunately that has not been very helpful with the way in which booting and running from
either external USB devices or CD/DVD works, not allowing myself to at all.
My usual security suit I use is Comodo Internet Security, which additionally comes with Comodo Kill Switch. Whilst using the application instead of stopping one of the TCP connections I was meant to I accidently stopped an Windows Explorer connection.
For some reason since then Windows Explorer, nor most windows apps or services themselves will run. For example msconfig will run but sfc /scannow or mmc will not, whether in safe mode or normal mode.
What Caused the Problem?
Cannot 100% say
What I Think Caused the Problem?
Myself running Comodo Kill Switch stopping a vital server connection with Windows Explorer that messed up alot. Or a potential Virus unknown how cannot fully scan system as wont boot externally or run many apps.
Additional Info
Asus Webcam is Disabled on Purpose
Laptop was fully customized to run latest games full graphics minus Anti Aliasing, works with Evolve + CoD Advanced Warfare
Laptop does not boot if USB Keyboard plugged in, works with everything else normal (had this on other systems no problem for me)
Ask me for more info if required to add here, braindead again
Specifications of my system
Intel® Core™ i7 3610QM Processor
Windows 8.1 Pro 64Bit
Intel® HM76 Chipset
DDR3 1600 MHz SDRAM, 2 x SO-DIMM 8GB
15.6" HD (1366x768)/Full HD (1920x1080)/Wide View Angle LED Backlight
NVIDIA® GeForce® GT 650M with 2GB DDR3 VRAM
1TB 5400RPM OR 750GB 5400/7200RPM (Cannot remember off top of head, braindead)
Super-Multi DVD
Kensington lock (Security Feature)
LoJack (Security Feature)
BIOS Booting User Password Protection (Security Feature)
HDD User Password Protection and Security (Security Feature)
Pre-OS Authentication by programmable key code (Security Feature)
What Can Run and Won't Run?
ON BOOT:
Bitlocker Encryption Password & Advanced Settings are accessible
Bios (password protected) is accessible
Windows Recovery Mode is accessible (Think it is F9 or F10)
Windows Logon Password Screen is accessible
ON NORMAL/SAFE-MODE START UP:
After Log-In Windows Explorer will not run
Task Manager will run, also allows me to browse the files when trying to start new task
Can run Command prompt
Cannot run any control panel items
Cannot run services.msc
Cannot run mmc
Cannot run sfc
Every time it metions windows drive is locked
Start Error's when running certain applications (Will post codes soon)
Rufus USB Tool does run
Cannot boot Kali Linux off USB
Cannot boot Windows 8.1 off USB
Cannot boot Windows 8.1 off DVDRW
Fixwin2 will not run
Apps either work or don't whether in safe mode or normal
Cannot use Windows Installer
What Fixes I Have Tried So Far
Ok so like any normal user I don't want to lose my files. So here are what I have tried so far:
Repair MBR (Repair Completed, No Luck)
SFC /SCANNOW (Returns Error 'Windows Resource Protection could not start the repair service')
Tried sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows (Could not access drive)
Fixwin2 (Will not run in either normal or safe mode)
Booting using Windows 8.1 via USB (Cannot boot from extermal devices due to Bitlocker Encryption)
Booting using Kali Linux Via DVD & USB (Cannot boot from external devices due to Bitlocker Encrytption)
How do I know it is because of Bitlocker, because last time I disabled it, I could run from external devices
Tried to run bitlocker to change settings (Will not run)
Have used both password and recovery keys to unlock driver, they work but when applications are running on windows the drive is still locked?
Tried windows Automatic Diagnostic and Repair (Could not repair anything, did make a log I am still to extract from the syste)
There are No System Restore Points
I'm sure there is much more information I could post however I will leave it on an ask to know basis, apart from the log files and further information to gather. Below is my list of trial and error fixes to try for today (need more ideas and help please!):
Hiren's 15.2 Boot CD via DVD (NOT ABLE TO BOOT)
Hiren's 15.2 Boot CD via USB (NOT ABLE TO BOOT)
Research into the Bios and Possible Update in-case of implementation of Virus, can access flash utility (STILL NOT TESTED)
Try and get a portable version or a working version of windows installer to try and re-install Comodo Internet Security (STILL NOT TESTED)
Another way to disable Bitlocker
Anti-Malware / Anti-Virus Scan If Possible to Run One
Bitlocker Repair Tool, will try this also
I have posted this as have not found much info online, usually find it and crack on but this time things are a little more tricky, my priority task I really need to do is remove the Bitlocker Encryption, but if the application will not run... what do I do
then?
Thanks for your time reading all, Sorry for any poor formatting or spelling.
Update 1: MMC.exe Error Code
Ok so now have the computer in safe mode, still same as before, no explorer.exe, no services etc... Just went into the Task Manager > Services (Tab) > Open Services (Option at bottom)
This is the error I get:
'The Instruction at 0x785a746c referenced memory at 0x000000a8. The memory could not be read.
Any Ideas on what this error is and why?
Update 2: CHKDSK Works with no Fix
Update 3: Hiren's 15.2 Boot CD - USB Boot still no luck booting around Bitlocker Encryption
Just to explain again, I already have unlocked the drive with correct bitlocker password or recovery key yet the drive remains locked not allowing windows refresh of files of complete install from the windows recovery menu as keeps saying drive is lockedOk so attempt number two to write this update via bloody phone! (Just refreshed page whilst writing!)
Update 4:
Problem - cannot run from bootable devices (DVD/USB)
Cause - bitlocker fully encrypted drive stops this working
Repair - Boot up holding F9 to enter windows recovery Input Bitlocker recovery keys to unlock drives
Navigate to Command Prompt in advanced settings Execute following code:
Repair-bde c: d: -rp 000111-222333-444555-etc...
(Code found from https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx)
Note for those using this: It is common while unlocking certain drives to get errors such as: Quote from http://www.benjaminathawes.com/2013/03/17/resolving-partial-encryption-problems-with-bitlocker/
"LOG INFO: 0x0000002aValid metadata at offset 8832512000 found at scan level
1.LOG INFO: 0x0000002b Successfully created repair context.
LOG ERROR: 0xc0000037 Failed to read sector at offset 9211592704.
(0×00000017) LOG ERROR: 0xc0000037 Failed to read sector at offset 9211593216.
(0×00000017) …followed by around 20 similar entries that differed only by the offset value"
Repair Status for Update 4: COMPLETED - However over wrote D drive data so now need to recover that
Problem 2 - windows services corrupted along with windows files
Cause - Unknown
Repair - wait until system is fully decrypted Once fully decrypted ensure boot from USB/DVD
Re-do fixes that would not work before if this has fixed boot issue Confirm fix / update post Hope anything I put here helps others also -
How can I find Bitlocker External Key File location?
My Windows 8.1 PC includes a system drive and data drives. All the drivers were encrypted using Bitlocker with the data drives set for autounlock.
I recently decrypted the system drive (without decrypting the data drives) and reinstalled the OS, after which my data drives required the Bitlocker recovery key to unlock.
However, I had "backed up" the recovery keys to my Microsoft account but now I can find only the recovery keys for the system drive. The recovery keys for the data drives cannot be found on my Microsoft account.
I have tried to use the "manage-bde" command at the console to obtain the recovery password but I am only getting the Numerical Password ID and the External Key File Name. Can anyone provide advice on how I can retrieve the passwords or the
External Key File location?
Thanks.Hi Ridgewood,
As my point of viewer, the BitLocker Automatic unlock volume is also protected by BitLocker Disk Encryption. The user encrypted information is stored in the registry and volume metadata. After a user unlocks the operating system volume, BitLocker uses the
encrypted information to unlock the data volume automatically.
After the reinstallation of the system, the encrypted information is lost and BitLocker can’t unlock the data volume automatically.
Every volume has own recovery key.
As mentioned in your post, the data drive require the recovery key to unlock.
I suggest you to double-check the OneDrive and try to find out where did you store the recovery key.
If you can’t find the recovery key, we can’t help you to decrypt the data volume.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Need advice on retrieving Bitlocker Key or External Key File Location
My Windows 8.1 PC includes a system drive and data drives. All the drivers were encrypted using Bitlocker with the data drives set for autounlock.
I recently decrypted the system drive (without decrypting the data drives, <very bad>) and reinstalled the OS, after which my data drives required the Bitlocker recovery key to unlock.
However, I had "backed up" the recovery keys to my Microsoft account but now I cannot find them.
I have tried to use the "manage-bde" command at the console to obtain the Recovery Keys but I am only getting the Numerical Password ID and the External Key File Name. Can anyone provide advice on how I can retrieve the recovery passwords
or the External Key File location?
Before I had set the data drives to autounlock I had used a recovery password to unlock the drives. However, now when I try to unlock the data drives only the recovery key (which I don't have) is being requested not the password.
Thanks.Hi HMcBean,
How did you back up the BitLocker recovery key? To local computer, flash driver or Microsoft account?
If you backed up the recovery key to a Microsoft account, please refer to the following article to find it.
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Is Diskpart unable to clean bitlocker encrypted Windows 8 to go installations?
Hi all.
I am aware that this is a configuration that not many of you will have, but worth a try...
I am running windows 8.1 enterprise x64 installed on a USB drive as windows to go. The USB drive is a supported one for this configuration, Kingston Data Traveller 32 GB. Also I use bitlocker to encrypt the whole drive and all works very nice.
Lately however, I wanted to restore an image backup to the drive, so I plugged it into another pc running windows 8.1 enterprise.
The imaging software however was not able to write to the drive and told me, it is in use. So I looked at explorer, but it was not even mounted, which is expected behavior with windows 8.1.
To overcome the problem, I tried to clean the drive using diskpart and this is where the question starts: Although diskpart told me that cleaning was successful, the imaging software was still not able to write to the drive! So I said, "damn
it, win8.1, what's wrong? I'll use windows 7 to replay the image to the drive!"
On windows 7 I was flabbergasted after inserting the drive: I was presented a message from bitlocker to go which asked me for the password (which I provided and which worked). I did not get that on 8.1!
Attention, the question is right here:
Why is diskpart unable to clean the drive? Why does it tell me "cleaning was successful" (and I could verify that, partitions were indeed removed) although it is obviously unable to remove the bitlocker info?
So far, my understanding of diskpart's clean command was that it completely resets the drive.
Am I right, or what did I miss? Is diskpart not supported on "windows 8.1 to go"?I dont think diskpart will remove bitlocker encryption.. To remove encryption you must use decryption method.. If you have forgotten password you have to use bitlocker recovery key
Try try Bitlocker repair tool if the partition is damaged..http://www.microsoft.com/en-us/download/details.aspx?id=17294
"The BitLocker Repair
Tool can assist administrators in recovering data from a corrupted or damaged disk volume that was encrypted with BitLocker."
Using the BitLocker
Repair Tool to Recover a Drive
http://technet.microsoft.com/en-us/library/ee523219(WS.10).aspx
http://support.microsoft.com/kb/928201
If you have lost your password or recovery key check these
I
Lost My Bitlocker Recovery Key
http://www.pcandtablet.com/windows-8-errors-and-crashes/279/i-have-lost-my-windows-8-bitlocker-key-now-i-cant-boot-how-can-i-recover-my-data.html
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
Hetti Arachchige V Aravinda | Network & System Administrator (B.Sc, Microsoft Small Business Specialist, MCP, MCTS, MCSA, MCSE,MCITP, CCNA, CEH, MBCS) -
Windows 8.1 Pro Bitlocker with HP Envy 700
I just got a new HP Envy 700-249. I upgraded to Windows 8.1 Pro immediately for Bitlocker and Remote Access. The PC will be stored in a relatively unsecure location and is for public use - but will have a few users who have access to install software, store private files, etc. SO I want to be sure that the OS stays safe as well as the data.
I want a way to keep someone from accessing anything on C drive that isn't in the Public folders and make the drive unable to be viewed if booted from anything other than itself. So I figured BitLocker. I've gone into gpedit.msc and set option to allow bitlocker without TPM. BitLocker runs and allows me to turn on encryption. I've tried a couple of types of USB drives and BitLocker says it has saved the key to them. I've checked and they have a BitLocker recovery file on them.
BUT - when the system reboots, it will not recognize the USB drive as the key and will not encrypt the drive. I am stumped.
Has anyone gotten an HP non-TPM desktop to encrypt the OS and data drives with Win 8.1 Bitlocker? How?????Hi,
Bit locker was meant to encrypt entire physical drives. Review this MS article.
I would suggest that you install a second hard drive and then move your sensitive files and documents to that physical hard drive and use bit locker to encrypt that hard drive. If you are going to keep the key on an external device (USB flash drive) then make a backup copy in case the USB drive fails or is lost.
HP DV9700, t9300, Nvidia 8600, 4GB, Crucial C300 128GB SSD
HP Photosmart Premium C309G, HP Photosmart 6520
HP Touchpad, HP Chromebook 11
Custom i7-4770k,Z-87, 8GB, Vertex 3 SSD, Samsung EVO SSD, Corsair HX650,GTX 760
Custom i7-4790k,Z-97, 16GB, Vertex 3 SSD, Plextor M.2 SSD, Samsung EVO SSD, Corsair HX650, GTX 660TI
Windows 7/8 UEFI/Legacy mode, MBR/GPT -
Sudden prompt for Bitlocker key without Any Hardware, Bios or Software Changes
Hi
My 3 Dell Windows 7 Enterprise laptops suddenly prompted me for a Bit locker key with out any changes made to them. I just wanted to find the root cause of the issue as I made no changes to the laptop. Looking at the Microsoft page for Bitlocker failures
found nothing that might have caused the bitlocker recovery key prompt. One of the three laptops I had in my draw and haven't turned on for few months until yesterday.
Only common thing between the laptops they were all encrypted about the same time a year ago and until now I have never been prompted for the bit locker recovery key.
Looking through the system logs I found the two error messages below on all three laptops.
Event id - 24635
General - Bootmgr failed to obtain the BitLocker volume master key from the TPM because the PCRs did not match.
Details
System
Provider
[ Name]
Microsoft-Windows-BitLocker-Driver
[ Guid]
{651DF93B-5053-4D1E-94C5-F6E6D25908D0}
EventID
24635
Version
0
Level
2
Task
0
Opcode
0
Keywords
0x8000000000000000
TimeCreated
[ SystemTime]
2014-01-21T08:15:55.932006100Z
EventRecordID
50445
Correlation
Execution
[ ProcessID]
4
[ ThreadID]
52
Channel
System
Computer
FT-WL25662.FTROOT.com
Security
[ UserID]
S-1-5-18
EventData
ErrorCode
0xc0280018
Volume
C:
WritePhase
0x0
VolumeGUID
{43C5A384-AC50-4017-9B84-DB1B1448041C}
OptionalGUID
{00000000-0000-0000-0000-000000000000}
Flags
Event id - 24636
General - Bootmgr failed to obtain the BitLocker volume master key from the TPM.
Details
+
System
Provider
[ Name]
Microsoft-Windows-BitLocker-Driver
[ Guid]
{651DF93B-5053-4D1E-94C5-F6E6D25908D0}
EventID
24636
Version
0
Level
2
Task
0
Opcode
0
Keywords
0x8000000000000000
TimeCreated
[ SystemTime]
2014-01-21T08:15:55.932006100Z
EventRecordID
50446
Correlation
Execution
[ ProcessID]
4
[ ThreadID]
52
Channel
System
Computer
FT-WL25662.FTROOT.com
Security
[ UserID]
S-1-5-18
EventData
ErrorCode
0xc0280018
Volume
C:
WritePhase
0x0
VolumeGUID
{43C5A384-AC50-4017-9B84-DB1B1448041C}
OptionalGUID
{00000000-0000-0000-0000-000000000000}
Flags
0x1500300
I can't find any useful information regarding these error logs so hoping someone here might be able to help me in find out the root cause of this issue.
ThanksHi,
Please update the BIOS to improve the stability for TPM.
I also would like to suggest you disable and enable BitLocker again to reset the settings, which may waste you a little time.
Andy Altmann
TechNet Community Support
Maybe you are looking for
-
How can I print with a wider left margin in Preview? (OSX 10.5)
How can I print with a wider left margin in Preview? (OSX 10.5) To punch Binder Holes. Should be easy ... Make a Custom page with a wider left margin ... easy to set up, but it does not actually work for any printer I am connected to. Info so far: Fo
-
My phone got locked even though i didnt put a passcode on it what can i do to unlock it?
-
Problems reinstalling Illustrator CS3
I was having issues with Illustrator CS3, it kept crashing, so in hopes of fixing the problem I uninstalled and am now trying to reinstall. When I put the install disc in, it starts to go through the process then asks for me to put in InDesign CS4 di
-
Migrate Data action hanging migrating from sql server to Oracle 10g
Hi, I am currently migrating a SQL Server 2005 db to Oracle 10g using SQL Developer 1.2.1. I have created the migration repository, captured the SQL Server db objects, and created the target schema. There are about 109 tables captured. During Data mi
-
Word 2008 Weirdness... Please help
It seems that Word is 1.5 or double spacing everything when I have single-space selected. Did not happen in Word 04. Anyone experience this? Thanks