none
Issues with Bitlocker which encrypts the drive, but on reboot it asks every time recovery key RRS feed

  • Question

  • Hi,

    I have dual boot machine:

    - windows 10 Pro 1903

    - centos 7.6

    When I purchased my new laptop, I deleted windows home 10 and installed new Windows Pro 10 and activated it.

    My UEFI/BIOS was set to legacy, secure mode enabled and TPM 2.0 as well.

    Since I did not follow this very carefully I found out after installing Windows that disk is set as MBR, so what I did is try to convert mbr to gpt. With mbr2gpt /verify allowFullOS I first made verification, and since there were no errors I proceed with mbr2gpt /convert allowFullOS. It did made conversion to GPT but it gave an error: "Conversion to GPT layout succeeded, but some boot configuration data entries could not be restored.

    since, it booted OS correctly I did not payed attention. I noticed when PC is set with UEFI, CentOS did not wanted to be installed, in fact it halts operation on boot process. To fix that I changed from UEFI to legacy. I proceed to install CentOS, and I made a custom partition. 1. partition for / and second partition for /boot. I have encrypted CentOS with LUKS and it is working perfectly. I turned attention to Windows and wanted to encrypt Windows System partition, so both OS are encrypted, but when I set allow Bitlocker to unlock automatically and set my password and ticked checkbox saying "Run Bitlocker System Check", but after reboot I get that it could not encrypt the disk that it cannot find recovery file.

    Now I can bypass this by not selecting checkbox "Run Bitlocker System Check", and it encrypts the disk, but when I reboot machine and insert my password, it keeps asking me for a recovery key...

    what went wrong? why is it asking me each time for recovery key instead of allowing me to access my OS?

    P.S I noticed that I am missing wim file in Recovery folder?


    • Edited by Prometheus091 Wednesday, August 7, 2019 4:03 PM fixing title
    Wednesday, August 7, 2019 4:02 PM

All replies

  • Have you tried to decrypt the drive and then encrypt it again?

    You can also verify the boot order in BIOS.
    Thursday, August 8, 2019 8:01 AM
  • Hi,

    How do you insert your password? We need recovery password to decrypte the disk and make sure your recovery password is correct. 

    Please check the following document for more details about bilocker recovery: 

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan

    Best regards,

    Yilia 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 8, 2019 8:12 AM
    Moderator
  • When you use a TPM as protector, secure boot being on while adding the TPM protector, bitlocker will go to recovery mode, whenever the boot options change. These changes include:

    -turning off secure boot

    -using legacy mode (MBR booting)

    So it could be that dual booting with CentOS won't work with bitlocker+TPM. You could try and remove the TPM protector and add a password protector instead. Else, you could move CentOS into a VM.

    Thursday, August 8, 2019 8:19 AM
  • Hi,

    Is there anything I can do for you?

    If you have any problems or concerns, please feel free to post here. 

    Best regards,

    Yilia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 14, 2019 7:10 AM
    Moderator