BitLocker Startup

Applies To: Windows Server 2008

When a computer protected with BitLocker Drive Encryption is restarted, the early startup components perform a series of integrity checks and, if the system passes, attempts to retrieve the needed key information to unlock any BitLocker-protected volumes. Success depends on the availability of configured key protectors, such as the TPM or a user-supplied PIN, and the existence of volume metadata stored within the encrypted drive.

If Windows cannot unlock the Windows operating system volume, BitLocker enters recovery mode. If the user can supply a recovery password or insert a USB flash drive with a recovery key, BitLocker will unlock the volume.

After the Windows operating system volume has been successfully unlocked, BitLocker uses encrypted information stored in the volume metadata and Windows registry to unlock any data volumes configured for automatic unlocking.

Events

Event ID	Source	Message
24585	Microsoft-Windows-BitLocker-Driver	Auto-unlock enabled for volume %2.
24587	Microsoft-Windows-BitLocker-Driver	Auto-unlock disabled for volume %2.
24589	Microsoft-Windows-BitLocker-Driver	Failed to enable auto-unlock for volume %2.
24590	Microsoft-Windows-BitLocker-Driver	Failed to disable auto-unlock for volume %2.
24591	Microsoft-Windows-BitLocker-Driver	Auto-unlocking failed for volume %2.
24596	Microsoft-Windows-BitLocker-Driver	No key file was found for Volume %2 during restart.
24597	Microsoft-Windows-BitLocker-Driver	A corrupt key file was encountered for Volume %2 during restart.
24598	Microsoft-Windows-BitLocker-Driver	No volume master key was retrieved in a key file during restart.
24599	Microsoft-Windows-BitLocker-Driver	The TPM was not enabled during restart.
24600	Microsoft-Windows-BitLocker-Driver	The SRK was found to be invalid during restart.
24601	Microsoft-Windows-BitLocker-Driver	The PCRs did not match during restart.
24602	Microsoft-Windows-BitLocker-Driver	No volume master key was retrieved from a key file during restart.
24603	Microsoft-Windows-BitLocker-Driver	A boot application hash did not match expected value during restart.
24604	Microsoft-Windows-BitLocker-Driver	The boot configuration options did not match expected values during restart.
24605	Microsoft-Windows-BitLocker-Driver	No volume master key was retrieved from a PIN during restart.
24606	Microsoft-Windows-BitLocker-Driver	No volume master key was retrieved from a recovery password during restart.
24607	Microsoft-Windows-BitLocker-Driver	A valid key was found during the last restart.
24608	Microsoft-Windows-BitLocker-Driver	An unexpected error was encountered attempting to retrieve the volume master key during restart.
24609	Microsoft-Windows-BitLocker-Driver	A key was not available from required sources during restart.
24620	Microsoft-Windows-BitLocker-Driver	Encrypted volume check: Volume information on %2 cannot be read.
24625	Microsoft-Windows-BitLocker-Driver	A valid key was found during the last restart.

Related Management Information

BitLocker Filter Driver

Core Security