none
Two external Bitlocker encrypted drives simultaneously failed...what's going on? RRS feed

  • Question

  • I'm crossposting this from the 'regular' non-technet forums as a MS Support Engineer suggested asking here too.  Not 100% sure if Bitlocker questions would fit this category, but it is Windows 10, and obviously Bitlocker is a security features, so seems about right...  Here's the original post.  Also, in addition to what I wrote here, I HAVE already tried unlocking the drives using their keys instead of their passwords, and it leaves the drives in the exact same state as when I use the password-supposedly unlocked, but without Windows actually able to access any data.  Here's the post:

    I've got two 4TB backup drives I've used regularly for a few years, both Bitlocker encrypted.  Never a single issue.

    Just today I plug one in, and Windows asks me to unlock it (a bit odd since it should have the password saved).  I do so, it shows up with its correct drive letter, but otherwise Windows can't access the drive at all, and even the drive name doesn't show up.

    Disk Management shows the drive as "xxxx.xx GB Unknown (BitLocker Encrypted)

    Healthy (Primary Partition) 

    Trying to run "Error Checking" through the GUI generates the error "The disk check could not be performed because Windows can't access the disk".

    chkdsk from a command prompt (regardless of options) gives:

    "The type of the file system is NTFS.

    Unable to determine volume version and state. CHKDSK aborted."

    The EXACT same thing happens on my second drive.  

    Seagate's Seatools claim the drive is just fine, and I seriously doubt two drives failed simultaneously with zero warnings.  I mean it's POSSIBLE, but...

    I'm almost certain this must be Bitlocker failing, and I don't know how or why it happened.

    One new element-I DID just hook a new external SilverStone enclosure,  stick two drives in, and encrypt both of them.  When I plugged in one of my 4TB older drives, I had the enclosure connected at the same time (since the point is I need to love data from one to the other).  I don't know if somehow the SilverStone enclosure could be buggy and have somehow caused Windows to screw up or something, but that shouldn't be possible.

    Any ideas?  I'd like to recover the drive, but even more importantly, I need to know that my encrypted drives aren't just going to spontaneously fail on me.

    Also, anyone have experience with Apple's equivalent encryption?  If Bitlocker is buggy, and Apple's equivalent isn't, for example, I'd be willing to switch to OS X as my "main/serious" OS and leave Windows for games unencrypted, even though I like Windows a lot more than OS X...but encryption needs to be there and needs to work 100% reliably. 

    Right now I've got ALL my personal drives encrypted with Bitlocker, something like 9 drives across multiple systems...

    -Forgot to mention this was hooked up through a USB hub (a Tripp Lite 3.0 model).  I've since tried plugging one of the drives into a different PC, directly into the PC, and even tried both a 2.0 and 3.0 port.  Everything exhibits the same behavior.  Something's corrupted it, which is really creepy...


    Wednesday, May 4, 2016 4:37 AM

Answers

All replies

  • what does 

    manage-bde -status x:

    reveal? (x: being the drive letter)

    Wednesday, May 4, 2016 2:46 PM
  • Hi Wolfpup3,

    Have you connected the external SilverStone enclosure support?

    If not, then please take a try to conenct them and see if they could offer any further assistance.

    In addition, how about your other Bitlocker enabled drive, could they be managed well?

    If the SilverStone enclosure support is not helpful, try the manage-bde forcerecovery command:

    manage-bde -forcerecovery<Volume>

    Reference:

    https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-recovery-guide-plan

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, May 5, 2016 7:11 AM
    Moderator
  • I'll have to double check what manage-bde -status x: gives me later today (etc.)

    Regarding the Silverstone enclosure-to be clear, the drives in it are NOT corrupted.  The only reason I mentioned it is this did happen (or at least I didn't notice it until) I added two new drives in a new enclosure-but those new drives ARE working so far.  

    It's my two older external drives that both simultaneously don't work, which always have.  Seagate's tools claim they're physically/mechanically fine-not that I'd always trust those tools to know, but I'm doubtful two drives would fail exactly simultaneously like that.

    Also in case this is worth mentioning, the 1511 Windows 10 November Update last year added a newer, supposedly more secure XTS-AES encryption method.  After upgrading to 1511, I decrypted my existing drives and reencrypted using XTS-AES 256-bit. 

    The November update broke support for hardware encryption, which wasn't that big a deal to me (as I kind of figure Bitlocker does a better job of it than a drive might) but now I'm wondering if there are other things broken in Bitlocker too...

    Friday, May 6, 2016 4:22 PM
  • Okay, here's what the status shows.  The first is before unlocking, the second is after unlocking:

    C:\WINDOWS\system32>manage-bde -status y:
    BitLocker Drive Encryption: Configuration Tool version 10.0.10011
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.
    
    Volume Y: [Label Unknown]
    [Data Volume]
    
        Size:                 Unknown GB
        BitLocker Version:    2.0
        Conversion Status:    Unknown
        Percentage Encrypted: Unknown%
        Encryption Method:    XTS-AES 256
        Protection Status:    Unknown
        Lock Status:          Locked
        Identification Field: Unknown
        Automatic Unlock:     Disabled
        Key Protectors:
            Password
            Numerical Password
    
    
    C:\WINDOWS\system32>manage-bde -status y:
    BitLocker Drive Encryption: Configuration Tool version 10.0.10011
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.
    
    Volume Y: []
    [Data Volume]
    
        Size:                 Unknown GB
        BitLocker Version:    2.0
        Conversion Status:    Fully Encrypted
        Percentage Encrypted: 100.0%
        Encryption Method:    XTS-AES 256
        Protection Status:    Protection On
        Lock Status:          Unlocked
        Identification Field: Unknown
        Automatic Unlock:     Disabled
        Key Protectors:
            Password
            Numerical Password
    


    Friday, May 6, 2016 10:17 PM
  • Here's what the forcerecover options shows:

    C:\WINDOWS\system32>manage-bde -forcerecovery y:
    BitLocker Drive Encryption: Configuration Tool version 10.0.10011
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    No changes needed to force recovery for volume Y:.

    Only a recovery password or recovery key can unlock volume Y:.

    Friday, May 6, 2016 10:24 PM
  • Unless you have a backup: Now I would use clonezilla to make a sector copy of your drive before you continue.

    Afterwards, try repair-bde

    Monday, May 9, 2016 9:31 AM