Bitlocker Shenanigans

firstborn

firstborn

firstborn

Soldato
Joined
18 Oct 2002
Posts
3,590
Location
Nottingham
Hi,

Just set up a new PC all well and good - moved all my external (USB) drives to it (all BitLocked) and can access using password. However my old PC is now prompting for recovery key on boot and of course I don't have the key (only password) and the boot drive is the only one not listed in my MS account. I pulled the drive hoping I could just use the password to access in new PC, but it only asks for key.

Any tricks or is all lost?

Cheers
 
The only drives I removed were ext USB drive after powering off the old . Which I'd done many a time anyhow. Then when powered back up it was asking for a key after searching for a boot drive, then searching network for same. All a bit odd. Old PC is now as it was and still the same.
 
I stopped using bitlocker a while ago
Had both password and the key backed up
Still it locked me out
Luckily had loads of image backups so I recovered from it
Encryption works great on mobile devices
Typical of Microsoft to screw stuff up i guess
I don't use a laptop
So less of a worry when only got a desktop
That someone could get access to it
I have some Samsung shield external ssds
Those have a fingerprint reader which so far has been 100% reliable
 
It sounds like you were probably using a PIN rather than a password. The PIN relies on the TPM to unlock the drive, but the TPM won't release the keys while your system is in this boot integrity failed state.

I'd suggest putting everything back exactly as it was, and it may set the boot integrity back into a good state. But if you're saying you've done that then you're probably out of luck without the recovery key.

If you did actually have a password protector on the drive (this is something you would have had to have gone out of your way to do on a system drive), then you should be able to mount it via another system or using recovery disc and unlock it with that password: https://learn.microsoft.com/en-us/p...er/unlock-bitlocker?view=windowsserver2022-ps
 
andshrew said:
It sounds like you were probably using a PIN rather than a password. The PIN relies on the TPM to unlock the drive, but the TPM won't release the keys while your system is in this boot integrity failed state.

I'd suggest putting everything back exactly as it was, and it may set the boot integrity back into a good state. But if you're saying you've done that then you're probably out of luck without the recovery key.

If you did actually have a password protector on the drive (this is something you would have had to have gone out of your way to do on a system drive), then you should be able to mount it via another system or using recovery disc and unlock it with that password: https://learn.microsoft.com/en-us/p...er/unlock-bitlocker?view=windowsserver2022-ps
Click to expand...
Thanks - that seemed sensible but no go. A reinstall it is then, at least it's just the OS and Apps and not data. :-)
 
Once everything is up and running make sure to do a backup of the keys.

I have mine saved for work else where as I do not want the hassle of getting the code from IT if it ever asks for it
 
ED209 said:
Once everything is up and running make sure to do a backup of the keys.

I have mine saved for work else where as I do not want the hassle of getting the code from IT if it ever asks for it
Click to expand...
Yupp, as I said all my others are in my MS account, so not sure what happened here. Live and learn! Cheers.
 
firstborn said:
Yupp, as I said all my others are in my MS account, so not sure what happened here. Live and learn! Cheers.
Click to expand...
Yeah, its always the way.

Even with them all on your Microsoft account I would still have a local copy saved somewhere as if you cannot get in to your account or have no internet you would be in the same situation.
 
I needed to do a win11 reinstall. After figuring out how to do it, the blue screen told me I needed by bitlocker key. I had no idea about this. I don't use a microsoft account, but logging into the 3 accounts that I historically had, there was no sign of the key. The formal MS help said look at Ms acount, or perhaps an old USB key. didn't have it anywhere on a USB or file.

I was suprised that non of the microsoft official help pages talked about the command you can run from a cmd box, which simply tells you the key.

I used that and was able to do the reinstall.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom