Bitlocker Locked & Won't Accept USB or Correct Recovery Key

Crunchy_Solo 1 Reputation point
2020-12-10T06:20:38.45+00:00

I'm on a first generation Surface Book, Windows 10 pro, installed all latest updates just prior to issue arising. So, long story short, yesterday I flipped on Bitlocker for the first time. I went through all the prompts, choosing my key to be stored on a USB drive and choosing to "print a paper copy) of recovery key, which I did and which I have right here. After a couple more prompts, a message popped up telling me to restart to encrypt, so I did... and my computer has been completely locked with Bitlocker ever since. When I first start computer, it first comes to a blue screen that says "Bitlocker - Plug in USB drive that has Bitlocker key", but no matter how many times I plug in my usb (the same one I used when Bitlocker was being initially setup yesterday), Bitlocker doesn't recognize that action or respond in any way. I've tried to reboot and try again several times, always the same result. Next, I hit my only other option: "Press Esc or Windows key for recovery", and I'm taken to another blue screen that gives me the option to unlock using either the recovery key or usb AGAIN. Now when I attempt to unlock using usb, Bitlocker says that no key file exists on device. Then, when I try to open it using the correct recovery key, and trust me, I'm putting that in correctly, it will likewise decline me access, saying my recovery key doesn't work either... but I'm entering the correct key!! I'm 100% sure of it! Interestingly, if I access command prompt and check the bitlocker status for each drive, it says "locked", but almost every other field is listed as "unknown" on my main C: drive, whereas the other two unaffected drives are unlocked with every field full of info. Lastly, when using command prompt to reveal the applicable "key protectors", it spits out an "External Key", an "External Key File Name", and a "Numerical Password ID", but no 48-digit recovery key listed anywhere. It's almost as if there is no key somehow. Idk, I just want this bitlocker unlocked so that I can turn it off and never see it again. Can someone please help me figure this out? Thanks in advance. P.S., if you're interested in seeing this in action, here's a link to a short, 8-minute video where I run through all the steps right there on screen to show what it looks like: https://photos.app.goo.gl/rC3ke9qZkfxuX13a7

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
{count} votes

5 answers

Sort by: Most helpful
  1. AliceYang-MSFT 2,106 Reputation points
    2020-12-14T07:46:32.62+00:00

    Hi,

    I’m writing to follow up with you on this post. Have you tried repair-bde? Does your system boot successfully?

    I found a new solution which might help: What can I do if the recovery key on my USB flash drive cannot be read?

    • In advanced options, look through startup settings and UEFI firmware settings. Because of the difference of machines, I couldn’t tell which options should be enabled on your laptop. You need to enable something like legacy support to enable use of USB devices in pre-boot environment. If you couldn’t determine, you can put your screenshot here.
    • Connect your laptop to another device. On the device, mount OS drive of your laptop as a data drive. Retry read the recovery key from the USB drive on the device.

  2. AliceYang-MSFT 2,106 Reputation points
    2020-12-16T02:06:23.767+00:00

    Hi,

    I'm here again. New finding: After you install UEFI or TPM firmware updates on Surface, BitLocker prompts for the recovery password. The updates you installed may include UEFI or TPM firmware updates. You can follow the instruction to troubleshoot and prevent the issue from recurring.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. AliceYang-MSFT 2,106 Reputation points
    2020-12-18T10:11:14.987+00:00

    Hi,

    Thank you for your willingness to do the troubleshooting.

    Repair-bde is the first solution we should try when encountering BitLocker-related issues. And it will help a lot.

    If 32GB is not enough, you have to prepare an external drive which is larger than your OS drive. And it’s better that there’re no files on the drive because when repair-bde recover your data, this operation might overwrite your files on the drive.

    When you have the drive, use a data cable to connect the drive to your Surface Book and follow the steps. I haven’t performed repair-bde before because my BitLocker needs no recovery. So if there are anything unusual during your operation, please let me know.

    As to your question that why there’s no key in your USB, there are indeed situations that disabling written operation to removable data drives (including USB). But if it’s forbidden, your system will send you a notice. And in your video, there is a key protector for external key. So I suppose that it might be deleted by some anti-virus apps or something.


  4. AliceYang-MSFT 2,106 Reputation points
    2020-12-22T02:35:12.63+00:00

    Hi,

    Sorry for repair-bde doesn’t work. The screenshot shows that recovery information might be wrong. So I have to make sure that your Recovery Key ID is E17F6D7A-CB83-4056-B588-3BE88410277C in your printout.

    The paper should look like this
    50311-key-id.png

    And I noticed that your laptop already has D drive and E drive. When you connect the external drive to it, it will have a new drive, F drive. But I suppose this is not the main reason why it failed.

    We can reinstall your operating system but you will lose your data in C drive and it’s unrecoverable. If you want to solve this problem as fast as you can and there is no valuable data in your C drive, please go to Download Windows 10 to create an installation media. USB is recommended but you need another computer which has internet connection to get a USB installation media. And you may need to change your boot order so that your Surface could boot from a USB.

    But I insist that you should try to recover your data because the issue happened to your Surface is a known issue: After you install UEFI or TPM firmware updates on Surface, BitLocker prompts for the recovery password and we do have a resolution for this.

    Sorry again for what a trouble BitLocker is. And thank you for your patience.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  5. Steve1622 0 Reputation points
    2023-11-30T11:32:23.6233333+00:00

    Client called with the issue where the machine got into the bitlocker key loop. It would ask for the key on boot. We'd put it in, it would appear to boot, then the key requester would appear again. On the repeat cycle, an "advanced options" button appears which allowed a command prompt, where we used manage-bde to suspend bitlocker, but then the machine still wouldn't boot, and went into Windows 10 recovery. We had them deliver the machine to the shop.

    We would have saved ourselves a lot of trouble if the client had disclosed that the BIOS initial setup screen appeared when they first booted. Once we got the machine, we discovered the BIOS battery was dead, and had been reset to defaults, turning off the TPM chip and changing the booth method to "Raid" on this old Dell. They probably had an extended power outage while the office was empty that drained the UPS. We replaced the BIOS battery, reset BIOS as it should be, and the machine booted. We were able to reactivate Bitlocker and deliver to the client without major surgery on the OS.

    So, if you unexpectedly see the Bitlocker warning, check the BIOS battery first and make sure TPM is on.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.