Must I know the recovery code, not just the password to unlock a BitLocker drive? RRS feed

  • Question

  • I had enabled Bitlocker on a bootdrive without TPM. It said encryption would begin at the next startup. At the next start, it asked for the Bitlocker password. It seemed to be unlocked and Windows logo appeared. But then it rebooted. Then the same thing happened 2 or 3 more times. Maybe it is a bug of Windows 10 (1809)?

    Now, when I type the Bitlocker password, it goes to system recovery mode. Then it asks me the recovery key, not the Bitlocker password. Since I thought I do not have to remember the rocovery key if I know the password (which I will not forget), I did not save the recovery key. DO I HAVE TO KNOW RECOVERY KEY, WHEN I KNOW THE BITLOCKER PASSWORD?

    I plugged the drive into another Windows, and typed the Bitlocker password to unlock the drive. It said "wrong password." This is strange. At boot time, when I typed the same password, at least it moved to the recovery mode. To make sure, I intentionally typed a wrong password at boot time, and it did not move to the recovery mode and said "wrong password." So, I rememver the Bitlocker password correctly. But then why couldn't I unlock that drive with that password on another Windows?

    Wednesday, October 24, 2018 9:16 AM

All replies

  • 1st: don't worry.

    The boot problems in windows lead to windows recovery booting. When the windows recovery boots, it requests the bitlocker recovery key - that is normal and expected. You cannot use the password here, although the password would be able to unlock the drive. It is simply not usable here.

    To get the recovery key, you will need to start windows setup, mount the drive on the command line using wbadmin.exe -unlock c: -pw

    (it will ask for the password)

    and afterwards, you can retrieve the recovery key using the command

    manage-bde -protectors -get c:

    Armed with that key, you can start windows recovery again - but be aware that windows recovery often fails.

    So i could be that you need to backup your data and reinstall. Data backup can be performed from the setup disk as well - let me know if you need help with that.

    Wednesday, October 24, 2018 12:00 PM
  • First, thank you for your reply.

    >  wbadmin.exe -unlock c: -pw

    I think you meant manage-bde, as wbadmin did not seemed to have that arguments.

    Anyways, I booted from the drive, typed the Bitlocker password, and then went to the Automatic Recovery, chose advanced and started Command Prompt. Then I typed the command, but it said the drive could not be unlocked with that password. But that password is correct, right? Otherwise, I would not be able to even pass that initial blue Bitlocker screen. It even shows the Windows logo with rotating dots for a second and then the computer just restarts.

    When I typed the "status", I got

    BitLocker version : 2.0
    Conversion Status: Unknown
    Percentage Encrypted: Unknown%
    Encrption Method: XTS-AES 128
    Protection Status: Unknown
    Identification Field: Unknown
    Key Protectors: Password, Numerical Password

    If this is of any help to find out the cause, it was like this. When I enabled the Bitlocker on C drive (let's call this disk1), Windows said encryption will be started at the next startup. I had another physical drive that has a previous Windows (let's call this disk2). And at the next startup, I booted into disk2, not into disk1. Right after the startup, I opened Explorer and saw that disk1 (drive D here) had a Bitlocker open-lock icon. I did not write anything to disk1, or even opened it. I then immediately rebooted the computer to start encryption on disk1. That is when this problem happened. Maybe the previous Windows chagned something (some metadata, maybe) on drive1 without my knowledge.


    PS: I gave it up and reinstalled Windows.

    The boot failure message was BOOT DISK NOT MOUNTABLE or something similar. I have searched the web and found (on this same Technot Forum) that others have complaint similar things (cannot unlock with correct password/recovery code). A person had written that he could recover files using Easeus tool, but that thing cost $80. I downloaded TestDisk which is an open-source freeware instead, and scanned the disk (first chose Intel/PC at the top, then scanned for the outer partition or something, then chose the top thing, and at the end of the disk, there was a backup NTFS file table or something). I could see the complete original directory/file structure and could recover almost all files. Not weird names or anything but when I tried to open some of the recovered files, they seemed to have been corrupted. But it was not a big problem for me, as I had backups from 1~2 months ago. I only have small number of new files, and I think I got most of them.

    The funny thing is that even the recovery code did not work. I had my recovery code file saved on the desktop. I got the file with TestDisk, and get the correct recovery code. And I booted into that disk and started Command Prompt and typed the exact recovery code, and it still said the disk is unlockable with that recovery code. I am 100% sure I typed the code correctly. Obviously, there is some sort of bug with BitLocker.

    I then formatted the disk and reinstalled Windows, and then set BitLocker. This time, I rebooted straight and encryption succededed. I did not lose much except my time, but now I do not trust BitLocker any more. This is not the first time that I lost my entire disk due to BitLocker's fault (not that I forgot the password). Next time when I enable BitLocker on a drive with my files, I will back them up first.

    Wednesday, October 24, 2018 6:22 PM
  • Test disk could find the file with the recovery key? So the disk must have been unlocked before. Since test disk does not offer to unlock disks, it was not even (fully) encrypted, it seems. Can you confirm that the encryption had ended successfully before?
    Thursday, October 25, 2018 6:28 AM