- Local time
- 4:03 AM
- Posts
- 9,268
- Location
- The Lone Star State of Texas
- OS
- Windows 11 Pro 24H2 26100.3775
Yesterday I encountered a device that was giving me fits with being in a perpetual bitlocker recovery loop despite me entering the correct bitlocker key. Since what I knew about bitlocker would fit into a thimble, I resorted to extensive reading. I still don't know much but more than I did. I thought I'd share some things I found for anyone interested.
Included are : things that can trigger bitlocker recovery and how to get out of a bitlocker recovery loop.
COMMON BUT NOT ALL INCLUSIVE LIST OF THINGS THAT CAN TRIGGER BITLOCKER RECOVERY - Some apply to all devices, some only apply to certain devices dependent on the manufacturer.
1. With TPM 1.2 (NOT TPM 2.0), changing boot order in UEFI bios.
2. Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD.
3.Failing to boot from a network drive before booting from the hard drive.1.Docking or undocking a portable computer. (Dependant on manufacturer and bios) If a portable computer is connected to its docking station when BitLocker is turned on, then it might also need to be connected to the docking station when it's unlocked. Conversely, if a portable computer isn't connected to its docking station when BitLocker is turned on, then it might need to be disconnected from the docking station when it's unlocked.
4. Creating, deleting, or resizing a primary NTFS partition.
5. Entering incorrect PIN too many times.
6. Turning off, disabling, deactivating, or clearing the TPM
7. BIOS or UEFI firmware upgrade
8. Forgetting the PIN when PIN authentication has been enabled
9. Upgrading TPM firmware
10. Adding or removing hardware
11. Removing, inserting, or completely depleting the charge on a smart battery on a portable computer.
12. Changes to the master boot record on the disk
13. Changes to the boot manager on the disk
14. Moving the BitLocker-protected drive into a new computer
15. Upgrading the motherboard to a new one with a new TPM
16. Losing the USB flash drive containing the startup key when startup key authentication has been enabled
17. Failing the TPM self-test
18. Pressing the F8 or F10 key during the boot process
BITLOCKER RECOVERY GOES INTO CONTINUOUS REBOOT LOOP
Symptoms - Even after correctly entering a recovery key, the system reboots to Bitlocker recovery again.
I believe Point # 11 above was my culprit.
Workaround – In BL recovery press Esc for more BitLocker recovery options. Click 'skip this drive'. Advanced Options. Select Troubleshoot>Advanced Options>Command Prompt. Type manage-bde -status c:
If the status is returned as locked, you’ll need to use the following command to unlock it using your recovery password: manage-bde -unlock c: -rp <your 48-digit recovery password>
Once the drive is unlocked you'll need to use the following command to suspend protection. manage-bde -protectors -disable c:
Exit and reboot. The computer should now successfully boot Windows. Once there, use the BitLocker control panel to resume BitLocker protection.
Using bitlocker is a personal choice but I strongly suggest you become familiar with the situations that might arise and be prepared for it. Others may have bitlocker turned on even though the user never even chose to use it. Some computers come preset from the factory to turn it on. You can check bitlocker status by opening a command prompt as administrator and typing manage-bde -status
Included are : things that can trigger bitlocker recovery and how to get out of a bitlocker recovery loop.
COMMON BUT NOT ALL INCLUSIVE LIST OF THINGS THAT CAN TRIGGER BITLOCKER RECOVERY - Some apply to all devices, some only apply to certain devices dependent on the manufacturer.
1. With TPM 1.2 (NOT TPM 2.0), changing boot order in UEFI bios.
2. Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD.
3.Failing to boot from a network drive before booting from the hard drive.1.Docking or undocking a portable computer. (Dependant on manufacturer and bios) If a portable computer is connected to its docking station when BitLocker is turned on, then it might also need to be connected to the docking station when it's unlocked. Conversely, if a portable computer isn't connected to its docking station when BitLocker is turned on, then it might need to be disconnected from the docking station when it's unlocked.
4. Creating, deleting, or resizing a primary NTFS partition.
5. Entering incorrect PIN too many times.
6. Turning off, disabling, deactivating, or clearing the TPM
7. BIOS or UEFI firmware upgrade
8. Forgetting the PIN when PIN authentication has been enabled
9. Upgrading TPM firmware
10. Adding or removing hardware
11. Removing, inserting, or completely depleting the charge on a smart battery on a portable computer.
12. Changes to the master boot record on the disk
13. Changes to the boot manager on the disk
14. Moving the BitLocker-protected drive into a new computer
15. Upgrading the motherboard to a new one with a new TPM
16. Losing the USB flash drive containing the startup key when startup key authentication has been enabled
17. Failing the TPM self-test
18. Pressing the F8 or F10 key during the boot process
BITLOCKER RECOVERY GOES INTO CONTINUOUS REBOOT LOOP
Symptoms - Even after correctly entering a recovery key, the system reboots to Bitlocker recovery again.
I believe Point # 11 above was my culprit.
Workaround – In BL recovery press Esc for more BitLocker recovery options. Click 'skip this drive'. Advanced Options. Select Troubleshoot>Advanced Options>Command Prompt. Type manage-bde -status c:
If the status is returned as locked, you’ll need to use the following command to unlock it using your recovery password: manage-bde -unlock c: -rp <your 48-digit recovery password>
Once the drive is unlocked you'll need to use the following command to suspend protection. manage-bde -protectors -disable c:
Exit and reboot. The computer should now successfully boot Windows. Once there, use the BitLocker control panel to resume BitLocker protection.
Using bitlocker is a personal choice but I strongly suggest you become familiar with the situations that might arise and be prepared for it. Others may have bitlocker turned on even though the user never even chose to use it. Some computers come preset from the factory to turn it on. You can check bitlocker status by opening a command prompt as administrator and typing manage-bde -status
My Computers
System One System Two
-
- OS
- Windows 11 Pro 24H2 26100.3775
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell Optiplex 7080
- CPU
- i9-10900 10 core 20 threads
- Motherboard
- DELL 0J37VM
- Memory
- 32 gb
- Graphics Card(s)
- none-Intel UHD Graphics 630
- Sound Card
- Integrated Realtek
- Monitor(s) Displays
- Benq 27
- Screen Resolution
- 2560x1440
- Hard Drives
- 1tb Solidigm m.2 nvme+256gb SKHynix m.2 nvme /External drives 512gb Samsung m.2 sata+1tb Kingston m2.nvme+ 4gb Solidigm nvme
- PSU
- 500w
- Case
- MT
- Cooling
- Dell Premium
- Keyboard
- Logitech wired
- Mouse
- Logitech wireless
- Internet Speed
- so slow I'm too embarrassed to tell
- Browser
- #1 Edge #2 Firefox
- Antivirus
- Defender+MWB Premium
-
- Operating System
- Windows 10 Pro 22H2 19045.3930
- Computer type
- PC/Desktop
- Manufacturer/Model
- Dell Optiplex 9020
- CPU
- i7-4770
- Memory
- 24 gb
- Monitor(s) Displays
- Benq 27
- Screen Resolution
- 2560x1440
- Hard Drives
- 256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
- PSU
- 500w
- Case
- MT
- Cooling
- Dell factory
- Mouse
- Logitech wireless
- Keyboard
- Logitech wired
- Internet Speed
- still not telling
- Browser
- Firefox
- Antivirus
- Defender+MWB Premium
