none
Win 10 HBit locker mismatch RRS feed

  • Question

  • I just upgraded a new Surface Pro from Win 10 Home to Win 10 Pro before installing anything else.  My purpose was to use BitLocker.  When I printed the recovery key the output stated that the "...start of the following identifier" should match the start of the identifier displayed by my PC.  It does not match.  I cold booted the laptop and I still have the same issue.

    I do not want to depend on BitLocker until this is resolved.  What do I need to do?

    Tuesday, January 28, 2020 3:42 PM

All replies

  • That is an OS-internal mechanism with nothing to go wrong.

    Please verify that the printout matches what you see on the command line. Do as follows:

    Right-click cmd.exe and select "run as administrator". A command prompt appears. There, launch:

    manage-bde -protectors -get c:

    Tuesday, January 28, 2020 4:00 PM
  • I followed your instructions above and here is the output:

    Volume C: [OS]
    All Key Protectors

    ERROR: No key protectors found.

    I have no idea what this means?  What was the purpose of the manage-bde -protectors -get c: command?

    Tuesday, January 28, 2020 4:29 PM
  • Hm, that could mean 2 things - either the drive is not encrypted at all or something is seriously wrong. The command ought to list all protectors like TPM and recoverypassword and also list the recovery password ID.

    Please launch

    manage-bde -status c:

    Tuesday, January 28, 2020 5:21 PM
  • I do not believe that the drive has been encrypted.  I just upgraded from Win 10 Home to Win 10 Pro to gain the BitLocker functionality.  If it had encrypted the entire drive I would have expected the upgrade to take longer than about 10 - 15 minutes that it took.  My issue is that the identifiers did not match and that was called out as an issue when I printed the BitLocker Drive Encryption recovery key.
    Tuesday, January 28, 2020 5:31 PM
  • Using that comnand

    manage-bde -status c: 

    would help to see if it's encrypted after all. Yes, probably not encrypted.

    So retry to encrypt and then offer a screenshot of the error message.

     
    Tuesday, January 28, 2020 6:14 PM
  • It appears that the drive is encrypted with a numerical password that I did not create.  I still do not understand why the beginning of the Identifier (which is a mixture of numbers and letters on both the printed version and the flash drive backup) is not similar to the beginning of the Recovery Key (which is all numbers).

    I added two screen shots however this application would not allow me to include them until after my account is verified which is was earlier today.

    Thank both of you for trying to assist me.

    Tuesday, January 28, 2020 9:24 PM
  • Hi, 

     

    The two numbers are different. 

     

    Bitlocker recovery key ID is Bitlocker recovery key identifier, if it matches the Bitlocker recovery key ID displayed by your PC, you can use the right recovery key to unlock your Bitlocker drive. 

     

    The identifier of the drive is generated when the drive is encrypted. This allows you, the end user, to identify which recovery key goes to which encrypted. 

     

    The following link may help you: 

    Note: This is a third-party link and we do not have any guarantees on this website. And Microsoft does not make any guarantees about the content. 

     

    Hope above information can help you. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 29, 2020 4:43 AM
  • The ID is like a name.

    "Give me the recovery password with ID ..." would make you aware (in case you have printouts for several drives and are confused which one to use) which password to use.

    It's alright and expected behavior.

    Wednesday, January 29, 2020 8:45 AM