none
BitLocker Device Encryption.

    Question

  • Hey there. I'm having trouble unlocking my external flash drive which was encrypted by me a few months back. It was encrypted using my desktop PC which is not working anymore. I'm trying to unlock it using my laptop.
    The problem is, I am entering the correct password but it's marking it as incorrect. I am sure about the password because I had stored it in my phone.

    I have a .pfx certificate as well but I really don't know how will it be helpful in unlocking the device. I had saved this .pfx file because while the process of encryption, windows had advised me to save it. Any help will be appreciated. I really need to unlock this device as the data it contains is irreplaceable.

    Regards,
    Hannan.

    Saturday, January 23, 2016 10:21 AM

Answers

  • Hi,

    I quite understand your issue. Since you have changed the motherboard and other device, you need to use recovery key to decrypt the drive which is locked by BitLocker. If you haven't try to type recovery key to enter, you could give it a try.

    If the recovery key doesn't work, you need to use BitLocker repair tool to recover the drive. Please follow the steps in the link below.

    https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Good luck to fix it.

    Best Regards,

    Simon

       


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, January 25, 2016 2:09 AM
    Moderator

All replies

  • Hi,

    I quite understand your issue. Since you have changed the motherboard and other device, you need to use recovery key to decrypt the drive which is locked by BitLocker. If you haven't try to type recovery key to enter, you could give it a try.

    If the recovery key doesn't work, you need to use BitLocker repair tool to recover the drive. Please follow the steps in the link below.

    https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Good luck to fix it.

    Best Regards,

    Simon

       


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, January 25, 2016 2:09 AM
    Moderator
  • Thank you for replying Mr Wang.

    Unfortunately, I'm still a bit confused about the whole procedure. The password is not working though I know it is the correct one. And about the recovery key, I used the option "Store the recovery key in a file" and thus, that .pfx file was created. I don't really know how to extract the recovery key from it. Can you please write the steps through which I can extract the password from the .pfx file so that I'll be able to unlock the drive.
    Moreover, I visited the link you shared for my guidance. Is the recovery password written over there some specific command or is it an exemplary value instead of which I need to put something? Because I don't have any data in that form. I just had stored the password and this .pfx file. That's all I have. Please reply back whenever possible.
    P.s. If it is possible for you to help me via Skype then that would be great.

    Thanking in advance.

    -HA
    Tuesday, January 26, 2016 12:31 PM
  • Hi,

    Thank you for your reply.

    It seems that you need to use data recovery agent to unlock the drive which is encrypted by BitLocker.

    http://blogs.technet.com/b/askcore/archive/2010/10/11/how-to-use-bitlocker-data-recovery-agent-to-unlock-bitlocker-protected-drives.aspx

    Wish you have a nice day.

    Best Regards,

    Simon


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, January 27, 2016 1:36 AM
    Moderator
  • Hello,
    Okay, so I have followed instructions up till;

    "Under the Certificate Templates, select Bitlocker DRA certificate template.

    If you do not have the bitlocker DRA template, you can copy the Key Recovery Agent template and then add Bitlocker Drive Encryption and Bitlocker Drive Recovery Agent from the application policies."

    When I click on "Request New Certificate" I don't see any tab with the name Certificate Templates. What do I do?
    What is the "Key Recovery Agent template" and how do I copy it? And where are the application policies located?
    I'm sorry but I just have the basic knowledge of the O.S. I don't know these things. 

    Wednesday, January 27, 2016 12:59 PM
  • Hi Hannan.

    A certificate is no recovery key. Where is your recovery key? It was created when you encrypted the drive. It would be a text file if you had saved it as file, called bitlocker-recoverykeyXXXsomeIdentifierXXX.txt

    Thursday, January 28, 2016 6:47 PM
  • Hi Ronald,

    It looks like Hannan is using BitLocker Data Recovery Agent which is different from that in your post.

    I am doing test for Hannan and will continue to follow.

    Wish you have a nice day.

    Best Regards,

    Simon


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 29, 2016 2:37 AM
    Moderator
  • Hi Hannan,

    Thank you for your reply.

    It looks like you do not have the "BitLocker DRA certificate template". We suppose it is caused by you change another PC to unlock it.

    How about double click the ".pfx" certificate, with log on as local built-in administrator? Then see the picture below and type the private key and click "Next". That will help you to install the certificate.

    After you install the certificate, run the command as administrator below.

    manage-bde –protectors –get <drive letter>

    Then you will see a dialog like image below.

    Please pay attention to that Thumbprint in the picture above. Then run the command to unlock it.

    manage-bde –unlock <Drive Letter>: -Certificate –ct <Certificate Thumbprint>
    
     

    Hope it will be helpful to you.

    Best Regards,

    Simon


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, January 29, 2016 2:48 AM
    Moderator