Unable to get Bitlocker working

Discussion in 'Microsoft Surface Pro 4' started by Mastiff, Dec 29, 2015.

  1. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    I had to replace my Surface because of bad gluing of the screen to the rest, and I shure as heck wasn't going to set it all up again! Setting up a computer is something I only do once for each OS. So I simply took the latest TrueImage backup and restored that. Most of the stuff worked at once. I had a few problems with the IR camera for Hello, but fixed that by removing the latest firmware from Windows and installing it again. But I have one big problem. Bitlocker. I really need to get that working, it's too easy to get "Surface-lifted". So I went through the necessary stuff and rebooted to start the encryption. And before the actual boot I was to enter the recovery key as part of a test for a working system. So I input the numberical key from the file that Bitlocker had saved to my directory on the main house server (protected by a very good firewall). Nope. "The recovery key is incorrect, please enter it again". So I had to press escape to get out of the process and try again. I reset the TPM from Windows, in case it was the change of Surface (which would be equivalent to changing a motherboard) and tried again. New code, still same answer. Does anybody have any idea what this can be?
     
  2. jnjroach

    jnjroach Administrator Staff Member

    Joined:
    Nov 9, 2012
    Messages:
    7,105
    Likes Received:
    1,724
    Trophy Points:
    113
    Location:
    Seattle, WA USA
    My Device:
    Surface Book
  3. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    Local. I will never ever trust anything to cloud storage except for my cell phone pictures. ;)

    Edit: I do of course have my own "cloud" on the server, with VPN access, but that's something else.
     
  4. jnjroach

    jnjroach Administrator Staff Member

    Joined:
    Nov 9, 2012
    Messages:
    7,105
    Likes Received:
    1,724
    Trophy Points:
    113
    Location:
    Seattle, WA USA
    My Device:
    Surface Book
    Have you reset the TPM from the UEFI?
     
  5. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    No, only from Windows. I will try that, thanks!
     
  6. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    There was no way of resetting it from the UEFI. I rebooted, went into the BIOS (UEFI, but I'm old school...) and checked. The only options were to turn TPM on and off, and to accept 3rd party keys in addition to Microsoft's keys.
     
  7. jnjroach

    jnjroach Administrator Staff Member

    Joined:
    Nov 9, 2012
    Messages:
    7,105
    Likes Received:
    1,724
    Trophy Points:
    113
    Location:
    Seattle, WA USA
    My Device:
    Surface Book
    The only thing I can think if is that your old image has left the boot partition in a untrusted state with trying to use the old key. Did you wipe the GPT disk prior to applying the backup image?
     
  8. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    No, that would remove the recovery partition and all that. I just deleted the partition with Windows 10 on it and then recovered the image to parts of that (I use only 60 gig for Windows and have all my documents on a separate D drive). But should that make it impossible to get he recovery key to match? I can enter the key, it's just interpreted as wrong.
     
  9. jnjroach

    jnjroach Administrator Staff Member

    Joined:
    Nov 9, 2012
    Messages:
    7,105
    Likes Received:
    1,724
    Trophy Points:
    113
    Location:
    Seattle, WA USA
    My Device:
    Surface Book
    The Surface Devices (actually all Connected Standby Machines) come with their drives encrypted out of the box, the setup process is completed through the setup if using a Microsoft Account (transparent to the user). Using a local account the process most be completed manually, using your key from the previous install won't work, it needs to be a new key.

    Do you still have the 300MB Boot Partition? Did you clear and recreate that one as well? If it is a single partition you can try:

    1. Shrink your C (assuming that is your root partition) drive, give it 500MB

    2. Format the new volume and call it E:\ (at least for this example)

    3. From an elevated command prompt, run Robocopy.exe C:\Windows\System32\Recovery\ E:\Recovery\WindowsRE\Winre.

    4. reagentc /setreimage /path e:\Recovery\WindowsRE\Winre.

    5. reagentc /enable

    Reboot and try to enable BitLocker

    Use the above cautiously and be ready to restore if anything runs awry :)
     
  10. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    Thanks! I will try this during the weekend, it seems like I will need a bit of time on that one. :) As for restore, I'm totally anal. I don't do anything to my computer before I have at least two working image backups, and all my files are at the "personal cloud" on my server.
     
  11. ramiss

    ramiss Member

    Joined:
    Jul 24, 2015
    Messages:
    48
    Likes Received:
    2
    Trophy Points:
    8
    My Device:
    SPro3
    You do realize that using a Microsoft account does not actually store anything on the cloud by default. It simply uses Microsoft to authenticate logging into your pc.
     
  12. Mastiff

    Mastiff Member

    Joined:
    Nov 25, 2015
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Norway
    My Device:
    SPro4
    My password for the pc is of the "40 000 years to crack on a desktop" type, and I don't trust my main password to Microsoft. Or Google. Or anybody else. My wife's the only other person in the world who knows it. I am one step removed from tin foil hat.... :D
     

Share This Page

Search tags for this page

bitlocker tpm unable to get key

,

unable to get bitlocker key surface