0

I have a couple machines I want to roll out BitLocker on the system drive, idealy I'd have the machines write the recovery key to AD. I've got all this set up and this seems to work fine, the machines are encrypted and the recovery passwords are available in AD. However for recovery purposes it would be useful if I were able to unlock the drive if attached to a different machine, this is where I run into some problems. When trying to unlock the drive both in explorer and with cmd (manage-bde.exe -unlock F: -recoverypassword xxxxxx-....)I get "ERROR: The password failed to unlock volume F:". The recovery keys I get while encrypting and the ones provided in AD are the same and so are the ID's.

I've tried this on both a Windows 8 and Windows 10 machine and both with and without BitLocker gpo's set. The machines have a TPM chip onboard

The error I'm getting while using explorer to unlock the drive, translated in english "The key doesn't this drive": https://i.sstatic.net/M8HY7.png

Any help with this issue would be appreciated

Regards

Improve this question
5
  • If you do this same function through explorer what happens?
    – Ramhound
    Commented Jun 29, 2017 at 14:27
  • So you are getting the same error regardless. What happens if you unlock the drive on the same machine the drive came in. Please note, I will need an exact translation of the message to English, in order to properly research this problem. I cannot do my research based on Non-English error messages, which means I won't be able to submit an answer, without them.
    – Ramhound
    Commented Jun 29, 2017 at 14:32
  • Have you tried any of the other keys. Do any of these machines use Trusted Platform Module? We are talking about FDE of the system drive instead of an external drive that is encrypted by Bitlocker?
    – Ramhound
    Commented Jun 29, 2017 at 14:39
  • Yes they have TPM chips and correct, this is a system drive. I found a thread where they have a similar problem, unlocking was only possible with a fully patched w10, I'll try to get my hands on another fully patched w10 since our WSUS is caught up yet. social.technet.microsoft.com/Forums/en-US/…
    – Joshua T
    Commented Jun 29, 2017 at 14:42
  • Please condense some of this information into your question so the comments can be deleted. Provide screenshots of the error, and you should provide, a translation within the screenshot in the case of non-English error messages
    – Ramhound
    Commented Jun 29, 2017 at 14:45

1 Answer 1

Reset to default
1

I managed to unlock the drive with the same build of Windows 10 that I encrypted the drive with (15063.10), earlier builds of W10 and W8 are unable to unlock the drive.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .