disc encrypted with bit locker - no recovery key RRS feed

  • Question

  • Hey,

    I have a problem with bit locker service. One of the notebooks in our company got damaged and it turned out that the bitlocker service is enabled by default on them. It is Dell Inspiron 7570. 

    I don't have the recovery key - it should available either:

    • here (but it isn't because I use and office365 company account not a Microsoft account)
    • here (same as above - not a microsoft account)
    • or here (I'm receiving "This functionality is not enabled or not available." error after login)

    Do you have any ideas how can either start the system or decrypt the date from the hd?

    Thursday, May 24, 2018 11:40 AM

All replies

  • "the bitlocker service is enabled " - this does not equal "the machine is encrypted". That service called "BitLocker Drive Encryption Service" is enabled on all devices, even on windows editions that don't allow to encrypt your drive, simply since those OS' allow reading bitlocker encrypted removable drives (aka "bitlocker to go").

    So be clear: do you see a prompt asking for the recovery key?

    Thursday, May 24, 2018 1:07 PM
  • In Settings > System I can see "The machine is encrypted".

    Right now if I put the HD in encrypted (I've checked on different device). If I try to start the system from the disk I see a prompt for the recovery key.

    Thursday, May 24, 2018 1:22 PM
  • Again: be clear: is the system bootable or not?

    "In Settings > System I can see "The machine is encrypted"" suggests, it is bootable, while the rest suggests, it is not.

    Thursday, May 24, 2018 2:52 PM
  • The machine in not bootable and also the HD is encrypted.
    Friday, May 25, 2018 6:24 AM
  • Without the recovery key, there is nothing you can do.

    What makes you think the notebook got damaged? Sometimes, windows enters recovery mode after making changes to bios/boot settings or after updating the firmware - would that possibly apply?

    Next question: was the machine encrypted by you or by someone else? Bitlocker will ask to print or the save the recovery key (that was mandatory) and normally, people remember what they did.

    Friday, May 25, 2018 8:13 AM
  • The machine is definitely damaged - it was run over but a small forklift :)

    I was setting up the machine by myself and I have not received any prompt that the drive will be encrypted. I have got a second identical notebook so I have double checked if there is any info about encryption. 

    Normally on all of our  devices I create a local admin user to have an access to it and the a personal user using the online account from the Office365 service. 

    First after setting up the administrator user (local user - not an online Microsoft account) in "Settings > System > Device encryption" I see "To finish the encryption of this device you need a Microsoft account. Login using the Microsoft account.".

    After adding the second user using Office365 account in the same place I see - "This machine is encrypted."

    I wouldn't knew that the device is encrypted if I wouldn't have looked into the settings - there is no prompt during the whole process.

    My OS is in polish so it might not the the same exact text that you can see in English version.

    I think the idea here is that in situation like mine I should receive the recovery key by logging onto my Microsoft account but it is not working for me.

    Friday, May 25, 2018 8:34 AM
  • No idea why the recovery key is not there. The message "To finish the encryption of this device you need a Microsoft account. Login using the Microsoft account." suggests, that the encryption protectors are not "armed", that the protection is still disabled, so you should be able to access the harddrive - that you cannot is bad, but I guess there is nothing you can do.
    Friday, May 25, 2018 8:54 AM
  • I was trying to replicate the start up process on the other / identical machine and during so I was checking what is the status in the "Settings > System > Device encryption". When the whole process is over (machine has 2 users setup: 1 local and 1 using Office account) the status is  "This machine is encrypted."

    On the damaged computer the probably status was the same -  "This machine is encrypted."

    Friday, May 25, 2018 10:14 AM
  • Hello Ronald,

    I have a similar problem, but in my case it was because of a change in the BIOS. Now the Surface Book 2 doesn't use the TPM to discover the BitLocker Key anymore. Is there anything I can do in this case? (I already checked all my accounts, but I can't find the uploaded key).

    Monday, July 16, 2018 2:52 PM
  • Just undo the bios change, that's all.
    Monday, July 16, 2018 4:14 PM
  • How do you undo the bio change?  I have a surface book 2 which was doing an update and landed me in Bitlocker hell.  I am at the blue screen where I am prompted for a recovery key that I do not have.  My surface book 2's device name appears on the "Overview".  It says "Bitlocker ON" and when you select "Get BitLocker recovery keys" the device does not appear on the list of devices.  While trying all of the options on the "Choose an option" blue screen you obtain after selecting "skip this drive" on the "Bitlocker Recovery screen" I managed to find a "Recovery key ID" which consists of 32 letters and numbers.  Can this somehow help me to get back into my computer?
    Wednesday, August 8, 2018 2:10 AM
  • It shouldn't happen after an update and I never saw it happen after an update (in 10 years on hundreds of machines) - sorry, no idea. Since you have not done a bios change, you cannot undo one.

    Nevertheless, check the bios settings and see that secure boot is on and boot from hard drive is selected.

    About your idea to find the recovery key: the ID is just a name. If you cannot find the recovery key (it would be saved to a file or printed or saved to the microsoft account recovery ID section of the guy who started the encryption), you will need to resort to your latest image backup or reinstall.

    Wednesday, August 8, 2018 6:24 AM
  • Yes, this has been frustrating.  I purchased a Surface Book 2 and then had to return it and obtained the replacement one.  the ID is listed as I said on the Microsoft devices list first page but not on the second one which lists all of the devices.  The ID and recovery code for the original surface book 2 are however listed there:(  It seems odd that the ID for the new machine appears on my account but that the recovery key does not.

    Would disabling TMP in the bios do anything for me.  I don't have an image backup.  I called the Microsoft store and their tech insisted that they don't keep recovery IDs so I am frustrated.  Microsoft escalated tech support had suggested, too, that the guy who set it up should have a back up copy.  

    If you have any other ideas I will happily try them!  I truly appreciate your help.

    Wednesday, August 8, 2018 12:21 PM
  • There's nothing you can do with the tpm that would do any good. You need to ask the people who setup the replacement laptop if they enabled bitlocker. if so, they are obliged to supply the key.
    Wednesday, August 8, 2018 12:32 PM