none
Bitlocker kills Windows partition at beginning of encryption RRS feed

  • Question

  • Configuration:

    Triple boot computer with BIOS, TPM 1.2 and following drives / partitions:

    SSD 0:

    • system reserved, active, 500 MB
    • Windows 10 Pro, 80 GB
    • Ubuntu 16.04 LTS, 28 GB
    • data partition, 110 GB

    HD 1:

    • Windows 10 Pro (Bitlocker testing), 75 GB
    • system reserved (Windows 10 recovery), 464 MB
    • data partition, 157 GB

     

    Over the last years both Windows 10 Pro partitions have been migrated at the given time to the released Windows 10 versions.

    The Windows 10 Pro partition on hard disk 1 had been encrypted with Bitlocker and later on been migrated to Windows 10 version 1511 and again some months later to version 1607 without any problems. A couple of weeks after updating this partition to Windows 10 14393.67, booting this partition suddenly requested the Bitlocker recovery key, because supposedly TPM could not be accessed. However, the appropriate Bitlocker recovery key wasn't accepted. Hence, I had to build this partition including the assigned system reserved partition on HD 1 again from scratch.

    Unfortunately, since then I couldn't encrypt this Windows 10 partition with Bitlocker again. Operation of the Windows partition is okay, TPM is available and ready to use.

    Even during set-up of Bitlocker for this Windows 10 partition no error message occurs. Just after the required reboot to start the encryption, the process stops with a blue screen and the error message "unmountable boot volume". If I now try to boot this partition again, Windows is asking for the Bitlocker recovery key, but will not accept the correct key.

     

    The behaviour is the same, if I configure Bitlocker to use a PIN instead of the TPM. If I try to access this "corrupted" Windows 10 partition from the other Windows 10 partition on the SSD, I will be asked for the Bitlocker recovery key, which again will not be accepted.

     

    Conclusion: While above mentioned partition set-up may be incompatible with Bitlocker (even if it worked up to several months ago), Bitlocker should never screw up a system partition in such an encryption process.

     

    Anybody got an idea, how I could start to solve this strange Bitlocker problem? Many thanks in advance.
    Monday, June 19, 2017 7:57 PM

All replies

  • Hi ,

    Please ensure enter the recovert key to unlock the drive on the exact same version of Windows that you used to encrypted before. For example, if you turn on Bitlocker on Windows 10 version 1511 before, you need to unlock it on Windows 10 version 1511 now. Because, as far as I know, there is a new algorithms (XTS-AES ) included in Windows 10 10586 and it won`t be accessable for the previous Windows version. If you are using Windows 10 10586 to enable the bitlocker and now you are using a previous system to access the bitlocker. You will get the similar issue.

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, June 20, 2017 7:19 AM
    Moderator
  • Rick_Li,

    Thanks for your reply. I am aware of your mentioned changes in Bitlocker. However, this is not the point at my case. My trouble starts with the encryption of a fresh Windows 10 system partition, which Bitlocker is screwing up even before the "real" encryption will start, because the required re-boot fails (bluescreen; definitely a bug).

    The second problem then is, that Bitlocker is asking for the recovery key at reboot after the bluescreen, but will not accept this key. I can ensure, that I use the correct recovery key.

    I can reproduce these 2 Bitlocker errors anytime. As mentioned, it might be related to my partition configuration. However, if this isn't compatible for Bitlocker, Bitlocker should provide an error message and never start the encryption process.

    Bitlocker encryption of a data partition, external drive, VHD from the same Windows 10 system is absolutely correct. Just encryption of the system partition itself does no longer work.

    Regards,

    Kurt

    Tuesday, June 20, 2017 9:21 AM
  • Hi ,

    Your thinking is resonable, it might be related to your partition configuration. Formatte your hard drive, then rebuild Windows 10 again. That is the only thing comes into my mind.

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 20, 2017 9:52 AM
    Moderator
  • Rick,

    Thanks for your advice. Meanwhile I found out that others have pretty much the same strange experience with Bitlocker.

    My conclusion so far is, I would not recommend to use Bitlocker on mulit-boot systems with 2 Windows 10 partitions. There is definitely a strange bug in Bitlocker set-up, probably in the pre-verification of the partition configuration.

    Regards,

    Kurt

    Wednesday, June 21, 2017 9:26 PM
  • Hi ,

    I am not sure if it is a BUG. If you have any concern about it, you could use the built-in Feedback Hub to submit on your side. We appreciate your taking time to provide your feedback and thank you for the collected data. We will be investigating this issue further.

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 23, 2017 8:45 AM
    Moderator
  • Rick,

    Thanks for your advice. Meanwhile I found out that others have pretty much the same strange experience with Bitlocker.

    My conclusion so far is, I would not recommend to use Bitlocker on mulit-boot systems with 2 Windows 10 partitions. There is definitely a strange bug in Bitlocker set-up, probably in the pre-verification of the partition configuration.

    Regards,

    Kurt

    I can confirm this too. With Windows 10 build 14393.67 (fresh HPs out of the box) when we enabled Bitlocker, after restart all three laptops were immediately greeted with "Unmountable boot volume error" and Bitlocker failing to unlock with correct key. Only way to recover the laptops were to force factory reset through HP recovery software.

    Thursday, August 10, 2017 3:36 PM
  • I can confirm that same BUG exists even in Windows 10 with Creators Update. It also existed before. And it is a BUG, because windows does not warn you that after you start with the encryption procedure it will kill your partition and you will not manage to boot again. If something is wrong with the partition configuration, it should detect and prevent from going further in the process.



    Wednesday, August 16, 2017 10:12 AM
  • Hello.

    I have exactly the same problem.

    When Windows prompt me to reboot to encrypt the second Win10Pro OS I had a blue screen and I can't boot this partition.

    I have tried with USB and put directly the code but it didn't work.

    Whay can I do to recover this partition?

    If not, is possible to format only this partition and install again? The other is very important for me and I couldn't do it.

    Thanks in advance for your comments.

    Friday, January 26, 2018 8:20 PM
  • So far, I haven't come across any other solution as formating the "broken" Bitlocker-Partition. Usually, this should not impact any of your other partitions.

    Just for curiosity, what Windows version are you using on your partitions and which TPM version?

    Friday, January 26, 2018 9:55 PM
  • Friday I had almost the same issue with bitlocker. Enabled bitlocker, it asked to restart agreed and restarted the computer.

    Filled in the password and an unhappy face showed up "Unmountable boot volume"my heart stopped....., maybe the password is wrong? Could it be, no, but lets try to recovery key. (it was printed out) also the recovery key was accepted, but again the unhappy face came with "Unmountable boot volume"..., What could I do? Lets go to the safe mode, its asking for the recovery key "INCORRECT recovery key" filled it in 15 times (correct but said incorrect). Trying to find answers @google doesn't really help. There is not a real solution for this except formatting the drive. (This was the last thing I could do, pictures of my baby on that hard drive and backup was 1 month old)

    Removed the hard drive from the PC into an HD enclosure, connecting it to my notebook. A windows shows up asking for the password. Filling in the correct password..., "INCORRECT PASSWORD" lets try the recovery key... INVALID RECOVERY KEY'...



    What else I could do? Lets use the support chat of Microsoft... First of all, dont even bother to contact them. They have no clue about solving problems. My grandfather knows more about computers.  

    - Spoke with 7 agents, every time I had to explain the story. Boot from USB/DVD and reinstall Windows. (Ahum, that doesnt work when bitlocker is enabled.., the agent says "IT WORKS, this is what we do here". Lets try it, and indeed it does NOT work. The last agent was terrible and told me to go to a shop (im fixing PC's my whole life and its my full time job). After telling him that thats not the solution, he became aggressive and closed the chat.

    After connecting it via an USB enclose again, the same question; passwords/recovery key not accepted. Decided to use a data recovery program. 
    - Recuva (Piriform) doesnt find anything. (Stopped after 7 hours)
    - GetDataBack, did find some files but most of the files changed name. But I kept it, you never know.
    - Last I used easeUS Data Recovery Wizard. This was able to recover all the files without any problems. It shows only 30 minutes (actually it took 3.5 hours)

    It seems bitlocker did something with the MBR (or encrypted only the first few MB)...

    Hope you can use this answer to get your data back if this happens to you!!!!
    Saturday, May 19, 2018 6:06 PM
  • Had this happen to two laptops at the same time last week.  We configured them to encrypt on next startup using TPM.  When the users rebooted, there were pending updates and not sure if that's what broke it but after starting back up it asked for the recovery key immediately.  Entering the correct key brought it to the next step where it asked for the key again to get started.  When entering it again with TPM still enabled, it came back with wrong key (though  the disk ID matched exactly).  After fully disabling TPM, the error message was slightly different and came back with inaccessible volume.

    I tried a lot of different recovery programs (Remo Recovery, M3 Data Recovery/Bitlocker Recovery, EaseUS, Reclaime) -- none worked.  Finally stumbled upon the freeware program Testdisk.  I was able to go in and just copy out their files and folders -- structure and filenames were still intact and took about 2 minutes.

    Still not sure what caused this issue, going to attempt to pull out the event logs and peek around to see what happened.  We put all Bitlocker policies on hold for the time being.

    Tuesday, August 28, 2018 5:10 AM
  • All,

    had same issue and I found out that the culprit was this testing feature where Windows asks you to test Keys etc. by rebootimg first and then do the actual encryption.

    Did a second attempt and did not chose this function but directly went into encryption and -et voila- the thing just encrypted and both systems are now working as designed.

    Zaphod

    • Proposed as answer by puravida76 Wednesday, December 18, 2019 3:02 AM
    Monday, April 8, 2019 11:07 AM
  • Scenario: Using Bitlocker To Go on a Windows To Go bootable USB drive. Lenovo 710 laptop w/ native UEFI firmware.

    Since nobody else had marked the prior comment as a possible answer, I put a lower priority on testing it.

    However, after several more hours of testing; I found that this was the key in my case as well. When the "Run system check" dialog appears, uncheck to skip and begin encryption right away. Otherwise, the test will reboot into the primary Win10 OS installed on the machine, which seems to corrupt the boot loader when BitLocker begins encrypting the entire USB drive. 

    Don't worry about skipping the test, because the boot order change will automatically trigger BitLocker to require the full recovery key on the first boot (which will tell you whether it works or not).


    • Edited by puravida76 Wednesday, December 18, 2019 3:24 AM
    Wednesday, December 18, 2019 3:22 AM