locked
Bitlocker boots without key RRS feed

  • Question

  • Hi,

    Thanks in advance for your help.

    We have a 2012 R2 Standard server.  Bitlocker was installed and configured and keys were generated and copied to USB drives.  The server would not boot with a key inserted as is expected.  This was a few months ago.

    Today I was at the customer location and rebooted the server and it came up without a USB key inserted.

    I checked Bitlocker and it says it is on and active on both the boot and the data drive.  I am their IT support and I have changed nothing.  No one onsite would have the expertise nor the will to knowingly change anything.

    Does anyone know how this 2012 R2 Standard Server could boot without a key when Bitlocker is installed and active?Thanx,

    Mel


    M

    Thursday, January 7, 2016 11:33 PM

Answers

  • Hi Amy,

    Actually, it was the server that was booting without a key.  We have not encrypted the workstations.  The server locked up on an SSD drive was home for a Virtual Terminal Server.  Once that drive was taken off-line it again required a key to boot.   Yeah, I know, it's gotta be totally unrelated.  Still, one followed the other. 

    Things appear to be as they should be, still....

    M


    M

    • Proposed as answer by Amy Wang_ Thursday, January 21, 2016 3:04 AM
    • Marked as answer by Amy Wang_ Monday, January 25, 2016 6:58 AM
    Wednesday, January 20, 2016 4:24 PM

All replies

  • Hi Mel,

    Seems like Network Unlock has been enabled for me, which enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network.

    Please run GPresult.exe on the server to verify whether group policy setting Allow network unlock at startup is enabled.

    More information for you:

    BitLocker: How to enable Network Unlock

    https://technet.microsoft.com/en-us/library/jj574173.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Monday, January 11, 2016 7:42 AM
    • Proposed as answer by Amy Wang_ Wednesday, January 20, 2016 5:26 AM
    • Unproposed as answer by Amy Wang_ Monday, January 25, 2016 6:58 AM
    Monday, January 11, 2016 7:39 AM
  • Hi Mel,

    Are there any updates at the moment?

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 20, 2016 5:26 AM
  • Hi Amy,

    Actually, it was the server that was booting without a key.  We have not encrypted the workstations.  The server locked up on an SSD drive was home for a Virtual Terminal Server.  Once that drive was taken off-line it again required a key to boot.   Yeah, I know, it's gotta be totally unrelated.  Still, one followed the other. 

    Things appear to be as they should be, still....

    M


    M

    • Proposed as answer by Amy Wang_ Thursday, January 21, 2016 3:04 AM
    • Marked as answer by Amy Wang_ Monday, January 25, 2016 6:58 AM
    Wednesday, January 20, 2016 4:24 PM