Can't delete bitlocker recovery keys from microsoft account

Behdad 126

Hi,

I have been using my microsoft account for several years to store my bitlocker keys everytime I encrypt my C: and D: drives.
As part of the process every time I do the new encryption I first go to my microsoft account and delete the old keys.

However, suddenly today, I was not able to delete them. When I click and check the checkbox that I already have a copy of the keys and
click continue the dialog just sits there with the waiting feedback loop and never comes back. I looked in the browser console, it seems that
I get a 403/forbidden response back.

I have tried different browsers, clearing cache, logging out and in even tried it from my mobile and I still have the same problem.

Any Ideas as to why this happens? I appreciate your thoughts.

Thank you.

EDIT: 17/Jul/2022 : As of today, the issue is fixed for me. I managed to delete the old keys. I also saved my current keys and deleted them again successfully and have no further problems with this. Thanks Microsoft.

Kane S 156 Reputation points

2022-06-02T05:14:57.783+00:00

I'm having exactly the same issue, I've re-enabled Bitlocker on both my C and D Drives. When I go to my account to remove the old keys, nothing. It's just spinning with "Deleting this recovery key now..." I've tried from both Microsoft Edge, and Google Chrome, on two different computers, one with Windows 10, and the other with Windows 11.

Thanks in advance.
Behdad 126 Reputation points

2022-06-02T06:37:52.36+00:00

Thanks for your reply. Hopefully someone from MS will have some solution for us.
Kacyk-9417 6 Reputation points

2022-06-17T07:38:31.787+00:00

Same here. Nothing is deleting. It is a little more than annoying situation.

Flagship functionality and right now we have spinning dots...

Edit:

One more thing. After few days (during I tried to get some help from Microsoft to delete old keyes by them through https://widget.rave.office.net/chat?partner=SMC2&requestid= and THEY FAILED ** to give me any clue or hint what to do - except some really ridicules things from the script that could not work - because the problem is on their end, on their servers! ) I decided to make some tests on my own and had made encrypted system partition with option to save recovery key to my Microsoft account (https://account.microsoft.com/devices/recoverykey?refd=account.microsoft.com).
Then I had entered that website with backuped Bitlocker recovery keyes, to try one more time to delete that old unneeded anymore recovery keyes - still - can't do that.
**But more disturbing thing - ** like red flashing warning light** - is that already NEW FRESH RECOVERY KEY IS VISIBLE WITH -> **INVALID DATE !!!** Also - unable to delete that NEW ONE!
It like some part of the backup data of the recovery key is already corrupted! And it is done entirely in some weird way BY MICROSOFT SOFTWARE -> BITLOCKER and the way they store it (?) on their servers?!
Right now we can't relay on the security and validity of the backup information regarding Biltocker recovery keyes. THIS IS SERIOUS!
Patrick Armstrong 41 Reputation points

2022-06-20T17:02:21.103+00:00

Oh boy. Gheez. I just got off a support chat with tech support. I am shocked at the response I received...

The rep said, "Thank you for that information, Patrick. I just checked with our Microsoft Software engineers and I was able to get helpful data from them. Our Microsoft Accounts is currently having system upgrades to ensure a better user experience which affects the Bitlocker Recovery Key that cannot be deleted. Rest assured that our tech and engineering team are working hand in hand to get this done within the day. In the meantime, we need to make sure that the Bitlocker is turned off on your computer to make sure that you will not be prompt by it just in case you do majer changes on your computer. I'm truly sorry for the inconvenience that this may have caused you today, Patirck. Hoping for your kind consideration and understanding on this."

Um, pay attention there.
Turn off bitlocker on your computers
You might have to enter your bitlocker keys
WHAT???

I'm sure the rep must have been mis-speaking and I told them so. How major upgrades to the microsoft account system will negatively impact my personal computer experience.

Good luck everyone, let's hope we all get through this upgrade process unscathed.
Kacyk-9417 6 Reputation points

2022-06-20T18:16:15.01+00:00

Can't help myself...

One more time -> "Have You Tried Turning It Off And On Again?" ;)
Sakhr Al-Hendawi 1 Reputation point

2022-06-21T17:08:50.72+00:00

Might sound stupid, but where can you access support chat? I’ve been searching everywhere it only leads to the ‘Search Help’
Kacyk-9417 6 Reputation points

2022-06-21T18:19:38.527+00:00

You could try there -> https://support.microsoft.com/en-us/home/contact?SourceApp=smc2&ContactUsExperienceEntryPointAssetId=
Іван Пазенко 1 Reputation point

2022-06-29T03:36:27.47+00:00

Jun 28nd - still not working. Keys can’t be added and deleted
Guy Dye 1 Reputation point

2022-07-02T17:55:02.397+00:00

I'm glad I found this thread. And I'm extremely uncomfortable that the issue is still a thing after more than a week. If we were talking about anything other than BitLocker encryption keys, I wouldn't be as concerned. But, uh...mismanagement of BitLocker keys could be the difference between a working computer and a useless $2000 brick. So, what gives? Why is this so hard?
Cy 'kkm' K'Nelson 11 Reputation points

2022-07-08T22:42:07.85+00:00

Hi 244, if you don't mind my asking, are you positively certain that the keys cannot be added too? Another comment down below says they can. That makes a difference.
Cy 'kkm' K'Nelson 11 Reputation points

2022-07-08T23:09:28.273+00:00
I would save the recovery key on a USB stick or the numeric password into a password manager in addition to Account if I were you. I in fact do both. If you do not want unencrypted recovery material to ever be on an unencrypted USB storage, you can see the numeric password using elevated command line and copy it from there:

C:\> manage-bde -protectors -get C: . . . . Numerical password: ID: {1234CDEF-xxxx-xxxx-xxxx-xxxxxxxxxxxxx} Password: NNNNNN-....-NNNNNN

The first 8 of the ID, 1234CDEF in this example, is the same number as the Key ID on the Account website, and NNNNNN-....-NNNNNN is the 48-digit unlock password. Copy both from console into your password manager secure note or something, repeat for every encrypted drive letter, and then close command prompt window.

A recovery key is saved to USB stick as a hidden system file with the .BEK extension (the above command will display its name as "External key"). Use 'X:\> attrib -H -S *.BEK' in a command prompt on the USB drive (X: here) root to make them visible if you want. You can have as many saved on the same drive, they have GUID names, and Windows will pick the one it needs to decrypt a drive (the key protector GUID is stored unencrypted). The numeric password is saved as a normal text file.

For an ultimate security, a keypad-secured USB stick from a reputable vendor goes a long way. Whether you need one is your call based on the value of the BitLocker-encrypted data to the malicious party.
Patrick Armstrong 41 Reputation points

2022-07-13T20:04:39.41+00:00
TO EVERYONE, THIS IS A RESPONSE TO SakhrHendawi and NOT related to the BitLocker key issue.

Sorry SkahrAlHendawi, I only just saw your question. Getting chat to open is tricky. You have to select the topic of your trouble and dig down until chat finally appears. Sometimes you even have to select a topic unrelated to your issue to get the chat to open. As an example, there is no support chat option for any BitLocker issue.

On multiple occasions, Microsoft support told me the same thing to get a chat window to open for ANY issue:

Go to Outlook

Click on Help (?)

type in "cannot send/receive email"

Go to the VERY bottom of all the suggestions

Say Yes to "Still need help?"

Now you can open the Chat option and type in your true issue

Do not be surprised if you go to the wrong support team in the beginning. I often did.
Sakhr Al-Hendawi 1 Reputation point

2022-07-13T20:11:53.437+00:00

Thanks, that would be useful in the future

23 answers

Damián Barberón 11 Reputation points

2022-06-22T16:50:49.037+00:00

Just contacted Microsoft Chat Support today. They told me they are still working on it. Jun 22nd.
Please sign in to rate this answer.

2 people found this answer helpful.
Kane S 156 Reputation points

2022-06-23T03:45:52.74+00:00

Thanks for following up and asking for an update.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Patrick Armstrong 41 Reputation points

2022-07-08T23:37:46.107+00:00

Ok. So. I just got off of ANOTHER support call with Microsoft. FINALLY, all of my tickets are consolidated into one issue.
FINALLY, Engineering and Accounts are paying attention and Engineering has agreed to escalation and managing a joint project to fix this issue.
FINALLY, Microsoft has acknowledged this is GLOBAL.
It took so long because the escalation team finally took time to scour all cases and SURPRISE, they found a lot.
They asked me to pass along, there is no ETA when the issue will be fixed.
I was told there is a possibility they might try fixing my account and, once successful, they would roll the fix out globally.

They are humbled and quite apologetic for ignoring us for so long.
Please sign in to rate this answer.

2 people found this answer helpful.
George R 6 Reputation points

2022-07-09T01:08:46.967+00:00

Thanks for hanging in there Patrick. I guess this time more comments did help the situation.

Cy 'kkm' K'Nelson 11 Reputation points

2022-07-09T01:21:02.827+00:00

Thank you, Patrick! I had a chat with support a couple hours ago too, they promised a priority to the issue. Referred to this thread.

Patrick Armstrong 41 Reputation points

2022-07-12T23:22:57.797+00:00

As of July 12, 2022 at 04:12pm (UTC-7), I am able to delete BitLocker keys from my Microsoft account.
I have not yet been able to test it on other accounts.
I was not notified by Microsoft in any way that they had fixed the issue. I do hope they fixed it for everyone at once.
Remember what I said on July 9 that the Engineers said they might try fixing my account first, so if you don't see it fixed yet, check every day, it will be very quickly.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Paul-1357 10 Reputation points

2023-09-10T02:59:26.4933333+00:00

I know this is a year old thread but now, one year later, the same problem is happening again. Is there anyone else with the same problem?
Please sign in to rate this answer.

2 people found this answer helpful.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Johannes Kingma 26 Reputation points

2022-07-06T10:25:39.377+00:00

Response to https://account.microsoft.com/devices/recoverykey/deleterecoverykey?keyId=1500B52BA59A441B!198366
Request method DELETE
Is {"statusCode":403,"message":""}

Perhaps Microsoft account is struggling with DDoS or other attacks?
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Cy 'kkm' K'Nelson 11

For MS SWE: Full diags from the latest desktop Edge. "[REDACTED_STRING_N]" each represents the same string, "[REDACTED]" a unique string. Not redacting FVE ids as they are expired anyway.

### Backtrace ###  
DELETE https://account.microsoft.com/devices/recoverykey/deleterecoverykey?keyId=E8B2D54E79B180E6!3217&X-Requested-With=XMLHttpRequest 403 (Forbidden)  
send		@ jquery-1.11.1.min.js:4  
ajax		@ jquery-1.11.1.min.js:4  
m		@ bradbury?v=[REDACTED_STRING_1]:1  
makeRequest	@ bradbury?v=[REDACTED_STRING_1]:1  
delImpl		@ bradbury?v=[REDACTED_STRING_1]:1  
sendRequest	@ bradbury?v=[REDACTED_STRING_1]:1  
ajaxDelete	@ bradbury?v=[REDACTED_STRING_1]:1  
t.sendDeleteKeyCommand	@ get-recovery-key?v=[REDACTED_STRING_2]:1  
onclick		@ get-recovery-key?v=[REDACTED_STRING_2]:1  
dispatch	@ jquery-1.11.1.min.js:3  
r.handle	@ jquery-1.11.1.min.js:3  
  
### General ###  
Request URL: https://account.microsoft.com/devices/recoverykey/deleterecoverykey?keyId=E8B2D54E79B180E6!3217&X-Requested-With=XMLHttpRequest  
Request Method: DELETE  
Status Code: 403 Forbidden  
Remote Address: 23.205.201.81:443  
Referrer Policy: strict-origin-when-cross-origin  
  
### Request Headers ###  
Accept: text/plain, */*; q=0.01  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Connection: keep-alive  
Content-Length: 19  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Cookie: [REDACTED]  
Correlation-Context: v=1,ms.b.tel.market=en-US,ms.b.tel.scenario=ust.amc.devices.deleterecoverykey,ms.c.ust.scenarioStep=ClickedDeleteRecoveryKey  
DNT: 1  
Host: account.microsoft.com  
MS-CV: [REDACTED_STRING_3].3.36  
Origin: https://account.microsoft.com  
Referer: https://account.microsoft.com/devices/recoverykey?refd=onedrive.live.com  
sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="103", "Chromium";v="103"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Windows"  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36 Edg/103.0.1264.49  
  
### Request Body ###  
undefined=undefined  
  
### Response Headers ###  
Cache-Control: no-cache, no-store  
Connection: keep-alive  
Content-Language: en-US  
Content-Length: 31  
Content-Type: application/json; charset=utf-8  
Date: Fri, 08 Jul 2022 21:43:25 GMT  
Expires: -1  
MS-CV: [REDACTED_STRING_3].3.36.11  
P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR  
Pragma: no-cache  
Set-Cookie: market=US; domain=microsoft.com; path=/; secure; HttpOnly  
Set-Cookie: bm_sv=[REDACTED]~1; Domain=.microsoft.com; Path=/; Expires=Fri, 08 Jul 2022 22:05:38 GMT; Max-Age=1333; Secure  
Strict-Transport-Security: max-age=31536000  
X-Content-Type-Options: nosniff  
X-Frame-Options: SAMEORIGIN  
X-Served-By: [REDACTED]  
X-UA-Compatible: IE=Edge  
X-XSS-Protection: 1; mode=block  
  
### Response Body ###  
{"statusCode":403,"message":""}

Share via

Can't delete bitlocker recovery keys from microsoft account

23 answers

Your answer