Bitlocker Locked & Won't Accept USB or Correct Recovery Key

Question

Bitlocker Locked & Won't Accept USB or Correct Recovery Key

Crunchy_Solo 1

I'm on a first generation Surface Book, Windows 10 pro, installed all latest updates just prior to issue arising. So, long story short, yesterday I flipped on Bitlocker for the first time. I went through all the prompts, choosing my key to be stored on a USB drive and choosing to "print a paper copy) of recovery key, which I did and which I have right here. After a couple more prompts, a message popped up telling me to restart to encrypt, so I did... and my computer has been completely locked with Bitlocker ever since. When I first start computer, it first comes to a blue screen that says "Bitlocker - Plug in USB drive that has Bitlocker key", but no matter how many times I plug in my usb (the same one I used when Bitlocker was being initially setup yesterday), Bitlocker doesn't recognize that action or respond in any way. I've tried to reboot and try again several times, always the same result. Next, I hit my only other option: "Press Esc or Windows key for recovery", and I'm taken to another blue screen that gives me the option to unlock using either the recovery key or usb AGAIN. Now when I attempt to unlock using usb, Bitlocker says that no key file exists on device. Then, when I try to open it using the correct recovery key, and trust me, I'm putting that in correctly, it will likewise decline me access, saying my recovery key doesn't work either... but I'm entering the correct key!! I'm 100% sure of it! Interestingly, if I access command prompt and check the bitlocker status for each drive, it says "locked", but almost every other field is listed as "unknown" on my main C: drive, whereas the other two unaffected drives are unlocked with every field full of info. Lastly, when using command prompt to reveal the applicable "key protectors", it spits out an "External Key", an "External Key File Name", and a "Numerical Password ID", but no 48-digit recovery key listed anywhere. It's almost as if there is no key somehow. Idk, I just want this bitlocker unlocked so that I can turn it off and never see it again. Can someone please help me figure this out? Thanks in advance. P.S., if you're interested in seeing this in action, here's a link to a short, 8-minute video where I run through all the steps right there on screen to show what it looks like: https://photos.app.goo.gl/rC3ke9qZkfxuX13a7

AliceYang-MSFT 2,106 Reputation points

2020-12-29T03:04:12.517+00:00

Hi,

Was the problem resolved? Did you get your laptop unlocked?

If there is just no way to unlock it, please choose Reset this PC.
AliceYang-MSFT 2,106 Reputation points

2020-12-29T03:10:59.887+00:00

Here is what will reset this PC do.

5 answers

Your answer

AliceYang-MSFT 2,106 Reputation points

2020-12-29T03:04:12.517+00:00

Hi,

Was the problem resolved? Did you get your laptop unlocked?

If there is just no way to unlock it, please choose Reset this PC.
AliceYang-MSFT 2,106 Reputation points

2020-12-29T03:10:59.887+00:00

Here is what will reset this PC do.

Answer 1

AliceYang-MSFT 2,106

Hi,

I’m writing to follow up with you on this post. Have you tried repair-bde? Does your system boot successfully?

I found a new solution which might help: What can I do if the recovery key on my USB flash drive cannot be read?

In advanced options, look through startup settings and UEFI firmware settings. Because of the difference of machines, I couldn’t tell which options should be enabled on your laptop. You need to enable something like legacy support to enable use of USB devices in pre-boot environment. If you couldn’t determine, you can put your screenshot here.
Connect your laptop to another device. On the device, mount OS drive of your laptop as a data drive. Retry read the recovery key from the USB drive on the device.

Crunchy_Solo 1 Reputation point

2020-12-17T23:43:01.927+00:00

Question: If I plug my USB into my desktop and open it in File Explorer to view the files that are saved to it, should I see the file there that supposedly contains the bitlocker key? Because when I do that, the USB appears to have no files of any kind saved to it. Does this mean that my Surface Book never saved the key to the USB during Bitlocker set-up as it was allegedly supposed to do? I'm sorry if these are basic questions. I'm very comfortable as a user and doing simple maintenance on the machine, but I simply don't have any technical expertise unfortunately.

Answer 2

AliceYang-MSFT 2,106

Hi,

I'm here again. New finding: After you install UEFI or TPM firmware updates on Surface, BitLocker prompts for the recovery password. The updates you installed may include UEFI or TPM firmware updates. You can follow the instruction to troubleshoot and prevent the issue from recurring.

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Crunchy_Solo 1 Reputation point

2020-12-17T23:31:07.513+00:00

Thanks for the feedback and the suggestions! I don't see your first reply here for some reason with the repair-bde instructions, but it's in my email, so I can reference that. In that answer, you say to "prepare an external hard drive and connect it to your surface book"... What do you mean by that exactly? How do I prepare an external hard drive properly for this task? I have a Mophie Powerstation with 32GB of free space, but that's not enough to cover the current size of my C: drive that's locked. What do I need to do this properly and to give me the best chance of success? Thanks in advance.

Answer 3

AliceYang-MSFT 2,106

Hi,

Thank you for your willingness to do the troubleshooting.

Repair-bde is the first solution we should try when encountering BitLocker-related issues. And it will help a lot.

If 32GB is not enough, you have to prepare an external drive which is larger than your OS drive. And it’s better that there’re no files on the drive because when repair-bde recover your data, this operation might overwrite your files on the drive.

When you have the drive, use a data cable to connect the drive to your Surface Book and follow the steps. I haven’t performed repair-bde before because my BitLocker needs no recovery. So if there are anything unusual during your operation, please let me know.

As to your question that why there’s no key in your USB, there are indeed situations that disabling written operation to removable data drives (including USB). But if it’s forbidden, your system will send you a notice. And in your video, there is a key protector for external key. So I suppose that it might be deleted by some anti-virus apps or something.

Crunchy_Solo 1 Reputation point

2020-12-21T09:21:21.247+00:00

Hello again! So, I purchased a brand new, 300GB external hard drive and ran the repair-bde in command prompt as you instructed. Unfortunately, it didn't work. Here is a link to a screenshot of everything that happened in that session for your review: https://photos.app.goo.gl/hYXrG4cAnK8UrD7EA

It seems to be behaving as if the 48 digit recovery key that it definitely produced and gave to me has somehow just vanished. It's like the machine is running all of it's checks against the correct recovery key when entered, however, even though it's the correct key, it doesn't recognize it or have any record of it anywhere. Is there a way that we can "force" the machine to reveal the recovery key through command prompt? Or possibly a method by which we can simply make it generate and respond to a new, different recovery key? There has to be a backdoor around this somehow. Thanks again in advance. I look forward to hearing back and receiving further instruction.
Crunchy_Solo 1 Reputation point

2020-12-21T09:27:33.62+00:00

At the end of the day though, if there's just no way to unlock it "as is", then I at least need to do whatever is necessary to wipe the machine clean and just reinstall Windows 10 Pro from scratch so that I can use my machine again. I'm an attorney and with all this COVID lunacy and everything being done remotely, this is a huge problem. Thanks again.

Answer 4

Hi,

Sorry for repair-bde doesn’t work. The screenshot shows that recovery information might be wrong. So I have to make sure that your Recovery Key ID is E17F6D7A-CB83-4056-B588-3BE88410277C in your printout.

The paper should look like this

And I noticed that your laptop already has D drive and E drive. When you connect the external drive to it, it will have a new drive, F drive. But I suppose this is not the main reason why it failed.

We can reinstall your operating system but you will lose your data in C drive and it’s unrecoverable. If you want to solve this problem as fast as you can and there is no valuable data in your C drive, please go to Download Windows 10 to create an installation media. USB is recommended but you need another computer which has internet connection to get a USB installation media. And you may need to change your boot order so that your Surface could boot from a USB.

But I insist that you should try to recover your data because the issue happened to your Surface is a known issue: After you install UEFI or TPM firmware updates on Surface, BitLocker prompts for the recovery password and we do have a resolution for this.

Sorry again for what a trouble BitLocker is. And thank you for your patience.

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Crunchy_Solo 1 Reputation point

2020-12-22T05:11:17.6+00:00

Thanks again for sticking with me on this and for continuing to help me out. So, in the previous video showing that my computer already had a D: and E: drive, the D: was the USB that was supposed to contain my bitlocker recovery key and the E: drive it showed was my ssd memory card that stays in at all times. But for the purpose of running the "repair-bde" in command prompt, I had removed the USB prior to powering up my Surface Book and plugged in my new external hard drive into the same USB port and the computer labeled my new external hard drive as D: after doing that, so I believe it was done correctly. Let me know if you think that's a mistake or if I need to attempt "repair-bde" again following an alternative procedure.

With that being said, I'll go ahead and go through the steps found at the link you provided above regarding firmware updates and will let you know how it goes. Thanks again!
Crunchy_Solo 1 Reputation point

2020-12-22T05:41:20.273+00:00

Oh, I almost forgot... Yes, the Recovery Key ID you listed is correct and matches the one on my printout containing the 48 digit recovery key that won't work.

Answer 5

Client called with the issue where the machine got into the bitlocker key loop. It would ask for the key on boot. We'd put it in, it would appear to boot, then the key requester would appear again. On the repeat cycle, an "advanced options" button appears which allowed a command prompt, where we used manage-bde to suspend bitlocker, but then the machine still wouldn't boot, and went into Windows 10 recovery. We had them deliver the machine to the shop.

We would have saved ourselves a lot of trouble if the client had disclosed that the BIOS initial setup screen appeared when they first booted. Once we got the machine, we discovered the BIOS battery was dead, and had been reset to defaults, turning off the TPM chip and changing the booth method to "Raid" on this old Dell. They probably had an extended power outage while the office was empty that drained the UPS. We replaced the BIOS battery, reset BIOS as it should be, and the machine booted. We were able to reactivate Bitlocker and deliver to the client without major surgery on the OS.

So, if you unexpectedly see the Bitlocker warning, check the BIOS battery first and make sure TPM is on.

Share via

Bitlocker Locked & Won't Accept USB or Correct Recovery Key

5 answers

Your answer