Bitlocker and reading key from USB device at startup
I have a problem reading the key in many computers in my company. I make all the solutions proposed by Microsoft but still couldn't find a solution - Make sure that the USB device is connected to one of the computer's USB ports. For example, do not connect the USB device to an external USB hub. - I use the USB port connected directly to the motherboard but couldn't read the key in the startup - Store the BitLocker key on a different USB device. The original USB device may not be compatible with BitLocker. - BecauseI have many computers I use different USE drive with different size some of them works with some computers but I still have aroundseven computers witch can't read the key at startup - Disconnect other USB devices from the computer. The computer's BIOS may not able to read the data on the USB device if other USB devices are present. - When I try to read a key at the startup generally I use just one USB drive at a time. I had the USB keyboard and mouse connected in the same time but I disconnect them before testing but the key couldn't be read. - Contact the manufacturer of your computer or your motherboard to make sure that the computer's BIOS can read data from a USB device when the computer starts. You may be able to update the computer's BIOS to a newer version that supports BitLocker. - I create a bootable USB drive and could start the computer from it, that's mean the computer can read data from the USB devices. I update the BIOS with the last update but I didn't feel any change. - USB Devices that are used to start Windows PE or other operating systems may not work with BitLocker. Reformat the USB device so that it is not used as a startup device. -I reformat all the USBflash drive that I have in the Windows Vista Ultimate system in order to be sure that the file system is reconized by BitLocker but still can't read the "BEK" file during startup. After checking all the solution in order to make my computers working, i still waiting for alternative solution because entring the recover password each time I restart the computers is not a good or easy solutions. The systems need to be restartedtime to time in order to update or installing programs. Hope you'll find a solution. Thanks. Sincerely, Gabriel Rabbaa System Administrator
February 6th, 2008 3:30pm

Hi Gabriel, Let's refer to the following steps to re-enable the Bitlocker on this Vista machine to see how it goes:1. In Control Panel, navigate to the BitLocker icon in the Security item. 2. Click the Disable BitLocker link to disable BitLocker. 3. After BitLocker is disabled, navigate to the Control Panel BitLocker item to enable BitLocker. 4. Reboot the machine and then test the issue again. If thisdoesn't help, I'm afraid the hardware is not compatible enough for Bitlocker running. You can also contact the hardware vendor for further information. Thanks. Sincerely, Yog Li Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2008 1:45pm

I already try to create a bootable USB flash drive and I could boot from it. I think it's mean that the machine can read data from USB during the boot.Now, I would like to know why BitLocker can't read data from USB during the boot if the system can boot from it?
February 21st, 2008 6:31pm

I have a USB startup key that works correctly on my nonTPM computer. Therefore, it is obvious that my BIOS and hardware are compatible with Bitlocker. The problem I have is that I have been unable to make a duplicate startup key. I have followed the instructions exactly. Someone suggested that my USB drive might not be compatible so I tried various USB drives from various manufacturers, all without success. I spent many hours on the telephone speaking with Microsoft technical support. The guys I spoke with were no help whatsoever. I have thoroughly researched the issue on the Microsoft website and on various other sites. It is clear that many Vista users have encountered this problem. To date, Microsoft has not posted a solution. In my case and for most users, the problem is not with hardware. It is a problem with the Bitlocker application in Vista. It is high time for Microsoft to post a solution.
Free Windows Admin Tool Kit Click here and download it now
February 27th, 2008 11:44pm

Hi, The problem is fixed if we install Service Pack 1 of Vista, but the system accept USB Flash drive which capasity is equal to 512Mbytes or less. All the USB Flash drive which capasity is more then 512Mbytes are not accepted by the system. (Windows Can't read them during startup). Strange!!! (maybe should be fixed by Microsoft hotfix)
April 9th, 2008 6:44pm

Hi I have spent probably 100's of hours on this with many systems and 4 different types of mainboard... First of all, you must set the boot order so that the Hard Disk is booted to before any USB key. Secondly, in Vista RTM, the recovery key will not be read if the USB flash drive is bootable. On Vista SP1 it does not matter. This was a bug I reported to MS and they said 'we know' - yet they did not publish it anywhere! If I simply reformat the key using the utility that came with my flash memory stick when using Vista RTM, I can easily prove this - format it as non-bootable and BitLocker check works, format the same stick as a USB-ZIP bootable drive and BitLocker will not enable. On SP1 there is no problem. Thirdly, if you see the message that the system boot files have 'changed' when it attempts to reboot just after enabling BitLocker, don't worry. I have found that you need to go back into Vista and re-try to enable BitLocker up to FOUR TIMES (!!!) before it will work. This is through days of experimenting with a system and making changes to the BIOS, etc. Vista SP1 seems to be more fussy than the RTM version though I haven't proved this yet. I will say it again - you MUST try up to 4 times before you can conclude that BitLocker really will not enable! If you do not do this then you can easily conclude that changing a certain BIOS setting made it work, but this is usually not the case - it is just that you did not allow BitLocker/TPM to register the 'changes' that it has detected and re-set the TPM PCR registers with the correct values - even if you did not make that BIOS change, it would have worked on the next boot. So always try up to 4 times before you change any BIOS (or other) setting in order to try to get BitLocker enabled. Other issues I have found are: 1. On Intel DQ35JO, you must disable XD Technology in the BIOS or it will always report boot changes and you can never enable BitLocker Encryption. 2. The Winbond TMP driver for Intel DQ35JO does not work - install the Vista TPM driver instead or your system will not recognise that a TPM exists. HTH Steve
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2008 1:55am

P.S. Forgot to say that I would recommend that you set the boot order to Hard Disk first. This is because if you accidentally have a bootable CD/DVD in the drive, BitLocker/TPM will see a change to your boot configuration and you will have to use the recovery pasword/key, decrypt the volume and the re-encrypt the volume again! A real pain! Also, never set the option to boot from USB devices first in the BIOS. It won't enable if you set this. Legacy USB support must be enabled, of course. S
May 15th, 2008 2:17am

I would like to emphasise that you must set the HardDrive to boot prior to the USB drive in your system BIOS, or you will get a "Disk Error" message upon boot, and the check and encryption will fail. After I pushed the USB boot order down the list in the BIOS and started the BitLocker check test again, the check completed successfully and the BitLocker encryption process began.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2010 11:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics