question

DerekGibson-1546 avatar image
0 Votes"
DerekGibson-1546 asked PhilippeVerdy-4042 answered

Bitlocker bug from Win10 home feature update locked me out completely


Any idea how to retrieve keys for Bitlocker on a 1TB ssd? Due to a bug in a win10 home update, my main win 10 laptop has been accidentally bitlocked and none of my MS accounts show any keys. Just reporting that bitlocker is suspended, when it's not even supposed to be on there! If the system generates the TPM ID & Numerical password, MS engineers should be able to match that to my keys. It's been a week and I've gotten ZERO support via phone & chat from microsoft. My quickbooks, tax info, health, unemployment, kids schools, EVERYTHING hangs in the balance. GRATEFUL for any steps in the right direction.

Here’s your case number: ***as your reference for our chat session.

Acer Swift 3, SF315-52 series - Model N17P6 1TB SSD from Crucial, 9thgen P-7, 24GB RAM

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JoyQiao-MSFT avatar image
0 Votes"
JoyQiao-MSFT answered JoyQiao-MSFT commented

Hi,

Thank you for coming Microsoft Q&A forum.
I noticed you posted case number in this public forum, as it has risk to leak your personal data, so we hide the case number for a better data protection.

I noticed you are using Windows 10 Home edition, so it is a non domain joined computer for personal usage, right?

What's the computer model?
Did you log computer with Microsoft account?
Is it available to login system or not?

As I know, some device manufacturer such as Dell, Lenovo and others will enable bitlocker encryption automatically if your device hardware meet encrypted requirement and you have logon with Microsoft account.
Here is a description for this function, please check if it is same with your scenario.

Automatic Windows Device Encryption/BitLocker on Dell Systems

If yes, please refer to the recommend action and check if it useful for you.


Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Bests,

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Personal use. Acer Swift 3, SF315-52 series - Model N17P6 1TB SSD from Crucial, 9thgen P-7, 24GB RAM. Non-domain. Used local account but I have 2 MS accounts which show it as suspended. Not same scenario as Dell.

Where are the MS engineer-moderated forums?

0 Votes 0 ·

Hi,

Thank you for your reply.
This Microsoft Q&A forum is a public forum which both allow customers to participate in the discussion, and Microsoft engineers to provide support.

I noticed you have 2 Microsoft accounts, did you checked Bitlocker recovery key on both accounts? Try to access the following link with both Microsoft accounts to check if any recovery key was reserved.

https://account.microsoft.com/devices/recoverykey

I understand you can't login system with LIVEID, neither with 2 Microsoft accounts. Does the following error occur?

Bitlocker needs your recovery key to unlock your device because Secure Boot has been disabled. Either Secure Boot must be re-enabled, or Bitlocker must be suspended for Windows to start normally.

If yes, I am afraid you need to try your best to find recovery key, if not, we can't login system unless we clean the disk and reinstall system to login again.

Bests,

0 Votes 0 ·
MTG-6756 avatar image
0 Votes"
MTG-6756 answered DerekGibson-1546 commented

"Just reporting that bitlocker is suspended" - let's start with that. Are you saying that windows is still bootable and giving you this message? Or where do you see it?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It boots straight to Bitlocker prompt. I can opt for more recovery options but it only lets me reset & not keep my files or CMD prompt.

Where are the MS engineer forums?

0 Votes 0 ·

Now I've used a different LIVEID sign in and it shows bitlocker ON, but says "You have no recovery keys uploaded".

0 Votes 0 ·
Bagitman-1090 avatar image
0 Votes"
Bagitman-1090 answered JoyQiao-MSFT commented

Please see if you can answer my question as well: "where did you see 'bitlocker is suspended'?"
Knowing that would help to better understand your situation.

You might be aware that although Windows home edition does not support bitlocker, it does support device encryption, which is the same encryption technology and ends up at the same recovery screen, eventually.
You might not be aware that you may be able to leave recovery mode if you could undo the changes that led to it - sometimes people do automated bios updates and forget to suspend encryption, for example.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

--I see it is active in one MS account as of 8-7-20 and suspended in another account as of March 7-20. Bitlocker isnt designed for win 10 home.

0 Votes 0 ·

So did you do any system changes that could lead to bitlocker recovery such as:
-change the boot order
-change the secure boot status
-update the uefi firmware
Those can possibly be undone to get out of recovery mode.

0 Votes 0 ·

I disabled/ re-enabled UEFI
Only 1 option in boot order
cleared UEFI settings
System defaults

Paid 1-time fee to microsoft 'Assure' support who passed the buck to Acer saying they probably encrypted it at the factory and to call them. Since it's out of warranty, I had to call their 3rd party tech 'AnswersBy' who flatly denied encryption at the factory and refused to ponder.

Really horrible that Microsucks can't be held responsible for this, but yet Apple will bend (with a fight) to unencrypt their iphones. Best way to continue to ruin their rep.

0 Votes 0 ·
Show more comments
PhilippeVerdy-4042 avatar image
0 Votes"
PhilippeVerdy-4042 answered

I had the same problem with Windwos silently deciding to encrypt ALL my other disks, notably those containing ALL my personal files, ALL my backups, and other non-windows systems, including virtual disks for virtual machines.

I was never asked the permission to encrypt those drives: Windows started to encrypt ALL these disks in parallel (it would take many hours to complete, more probably several days as they were started all in parallel, with HUGE I/O amounts).
I could not interrupt this encryption. But then there was a Windows Update forcing the system to reboot with a time limit of 10 minutes.
There was NO way to interrupt the reboot.

After this reboot, ALL partly encrypoted drives became unmountable. The recovery keys were correctly backed up, but were still not usable: Bitlocker had already encrypted most metadata on these drives, but not all. There was NO current state saved on the encryption in progress.
When using the recovery keys (which were accepted): these volumes came back as "RAW partition": NTFS metadata was partly corrupted.
All recovery tools have failed. There may remain some unencypted data spread over the disk, but WITHOUT any of their metadata (notably file attributes, names, security ACLS, parent directory; allmost all directories hwoever were already encrypted (but were now pointing to incorrect positions on disk).

Forcing in Windows to use Biotlocker on ALL drives without permission is a MALWARE behavior.
Encrypting/decrypting multiple volumes in parallel is a SEVERE DEFECT, that should never be done: doing them one by one at least preserves other volumes containing backups.

Those volumes are NOT exclusive for use by the current instance of Windows 11 only. Those volumes are OUR data, not yours. Connecting or mounting a drive should NEVER instantly initiate their encryption (using an encyption system that is also VERY specific to the current instance of Windows and NOT compatible with other versions!)

So BITLOCKER has DESTROYED (and very fast) TERABYTES of personal data. And this is definitive, NOT recoverable at all.

BITLOCKER is completely unable to SAFELY suspend its encryption progress and resume it only later. IT will NOT suspend itself during an OS reboot. It will crash definitely if there's a Windows Update in the middle of the next reboot.

BITLOCKER IS A MALWARE !!! THIS IS A VERY CRITICAL BUG. Bitlocker does NOT help use prevent damages by malwares, BITLOCKER IS THE MALWARE itself, even worse than every ransomware seen (you can't even pay a ransom to Microsoft to recover).

There are other competiing disk encryption systems that are MUCH safer (and even FASTER, and that are stable and usable across multiple OSes). BITLOCKER is just a crap. TOO DANGEROUS to keep in Windows.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.