Here's the scenario. We'got a Dell PE T110 (I know, I know), that we've enabled Bitlocker via TPM. On reboots, it asks to re-enter the bitlocker key, and we have no idea why it's not auto-unlocking. On the drive that's supposed to auto-unlock, we have the OEM parition, RECOVERY (with system,active,primary), and the OS (boot,pagefile,crash dump,primary partition) (Bitlocker encrypted). I've been reading that the OS needs to be the active partition for the autounlock to function. If not, any ideas where I should look next?
Asked
Active
Viewed 795 times
1 Answers
1
I've been reading that the OS needs to be the active partition for the autounlock to function
That isn't accurate.
This can be due to the recovery key being regenerated but not saved to TPM. By far the most likely cause is the C: drive not being first in the boot order. The next most likely cause is something in the hardware/firmware changed, which would basically mean it needs to be redone.
Here is a sample of what the manage-bde diskmgmt output should look like:
C:\>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OSDisk]
[OS Volume]
Size: 232.56 GB
BitLocker Version: Windows 7
Conversion Status: Fully Encrypted
Percentage Encrypted: 100%
Encryption Method: AES 128 with Diffuser
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Some description
Key Protectors:
Numerical Password
TPM
Suffice it to say if there is not a TPM protector listed, the drive was not encrypted correctly/as you expected.
Greg Askew
- 35,880
- 5
- 54
- 82
-
Hey Greg, thanks for the quick reply. Yup, checked the boot order and C: looks to be the first boot. The -status was identical to yours. Any further ideas prior to us redoing the encryption? – user208160 Jan 24 '18 at 19:08
-
@user208160: No that sounds like what you need to do. – Greg Askew Jan 24 '18 at 19:20