none
Win 10 update gone wrong and now stuck in boot loop with Bitlocker full drive encryption lost recovery key

    Question

  • I have a Win 10 computer stuck in a boot loop after upgrading. the problem is the drive is bitlockered with TPM and Active Directory did not save the recovery key as it was supposed to. It will not go to the automatic recovery screen. is there any way to recover or force the recovery screen without booting from another source? If I boot from another source the drive is locked and I dont have the key to unlock it. an I out of luck or is there some recovery methodology?

    Brent

    Thursday, April 13, 2017 8:11 PM

All replies

  • Is there a way to get to  safe mode in Win 10 without first booting to win 10 since F8 no longer works?

    Brent

    Thursday, April 13, 2017 8:41 PM
  • Recently I had multiple boot loops.  I was using windows driver verifier and windows defender offline on windows 10 version 1607.  This WDO blue screen boot loop was reproduced multiple times on another computer to find methods to break the boot loop.  All methods to get to windows advanced troubleshooting on the computer were overcome by a WDO load and quick scan.  It was never possible to get to the computers windows advanced troubleshooting menu. 

    A bootable windows 10 iso was used with its windows advanced troubleshooting options.  There were no startup options on the bootable iso.  So there was no safe mode with command prompt.  There was just command prompt.

    On the windows 10 iso there was an option for reset with save files and that displayed the drive is locked.  Please unlock the drive and try again.  And there was an option for reset with remove everything and that displayed a problem with the drive partition.

    Each computer manufacture has a F key to choose the boot order.  So for HP it was the F9 key.

    The WDO blue screen boot loop is now history if you upgrade to windows 10 version 1703.  I tried many time to produce the WDO blue screen boot loop and was no longer able to reproduce it with the new version of windows 10.

    In all of the cases of blue screen boot loop I had to have the files saved.  The drive was then formatted.  One time I sanitized the drive using the bios. 

    During the times that I attempted to reproduce the blue screen boot loops and explore methods to get out of them or get data as to why they occur I no longer had any files that needed to be saved.  In these cases I used the windows 10 bootable iso to delete partitions and make the drive unallocated.  Then the OS was reinstalled and updated.  The process was then repeated, creating the WDO boot loop and attempting to get data and fix the blue screen boot loop.

    Thursday, April 13, 2017 9:33 PM
  • i was hoping to be able to recover the files. I dont think I have a problem wiping and reinstalling but thank you. im kind of in a catch 22 since I dont have the recovery key for this machine. If I can get out of the boot loop it will boot into the system and I can use powershell to store the recovery key in AD. If I cant get out of the loop the drive is unrecoverable it seems.

    Brent


    • Edited by Keepnudown Thursday, April 13, 2017 9:49 PM
    Thursday, April 13, 2017 9:47 PM
  • If the recovery key wasn't saved to AD, bitlocker setup wizard would have stopped and told you, so you will have chosen a different method (save to a file or print). Just find that key or you are in trouble.
    Friday, April 14, 2017 12:21 PM
  • that's what it was supposed to do but that didn't happen. I have scoured the deleted attributes in Active Directory and have found no deleted key. Group policy requiring storage of the key before enabling bitlocker was set up and in place well before we implemented bitlocker so there isn't a paper or USB version of the key either.

    Brent

    Friday, April 14, 2017 2:19 PM
  • The windows 10 bootable iso was always able to interrupt the boot loop.

    The F keys that opened the bios was always a way to avoid the boot loop.

    These were the two "backdoor" approaches.

    Unfortunately all of the recovery options failed.

    There was command prompt for X drive but that did not have the same syntax as the administrator command prompt.  Many of the commands were not recognized.

    https://support.microsoft.com/en-us/help/17133/windows-8-bitlocker-recovery-keys-frequently-asked-questions

    Friday, April 14, 2017 6:04 PM
  • Yes but you need the DISK or usb stick 

    go through the steps like your installing a fresh new OS when you get to the screen that ask you if you want to install DRIVERS first click  that  then you can worm your way into the OS to find your KEY you can open it using NOTEPAD to jot down the KEy

    Friday, April 14, 2017 7:57 PM
  • "find your key" - what on earth...? He cannot access the drive, there's nothing to find from the setup environment while it's locked by bitlocker.

    If you have no rtecovery key nor a saved bitlocker key (.bek file), then there is no way in in this situation. Or what type of "upgrade" have you been doing?

    About deletions in AD: bitlocker recovery keys are never deleted, no matter what. If there is none, there never was one.

    Saturday, April 15, 2017 8:49 AM
  • I was doing an in place upgrade of win 7 to win 10 which we have done without incident the the entire domain in the recent past. This machine was a straggler in the upgrade. We use MDT to automate the upgrade. it seems that this win 7 machine somehow failed to store its bitlocker key in AD. I checked all other machines in the domain after this failure and all others have stored their keys properly. Just bad luck on this machine I guess. Looks like it is hosed.

    Brent

    Monday, April 17, 2017 2:55 PM